Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Malwarebytes Anti-Malware and now can't open IE?


  • Please log in to reply
13 replies to this topic

#1 Seve88

Seve88

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 July 2011 - 08:48 AM

I had the Anti-Malware Doctor virus and could not download and anti virus programs because it was blocking them from being downloaded. I tried changing the name and downloading it from another computer using a thumb drive but each time it tried to install it was denied access by the virus. I finally installed Avast and it somehow was able to download and Run. I did a scan and removed over 100 threats. After this I was finally able to get the Malwarebytes Anti-Malware program loaded. Before running this, however I ran the rkill scan plus a TDSSKiller scan. After all of this I finally ran a complete Malwarebytes Anti-Malware scan in safe Mode. Then I ran it again in regular mode. This seemed to remove the virus but now I cannot use Internet Explorer? Its tells me that "IE cannot display the webpage". I think it must have removed one of the vital registry keys in IE or something. Please Advise.

BC AdBot (Login to Remove)

 


#2 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,036 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:05:23 AM

Posted 11 July 2011 - 09:03 AM

Some forms of malware will enable a proxy server, and here are Microsoft's instructions for editing the settings in Internet Explorer. You want to make sure the Use a proxy server for your LAN box is unchecked.
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:23 PM

Posted 11 July 2011 - 09:57 AM

Can you post the logs created by rkill, tdsskiller, and malware bytes?

#4 Seve88

Seve88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 July 2011 - 11:08 AM

Can you post the logs created by rkill, tdsskiller, and malware bytes?


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/10/2011 8:39:07 PM
mbam-log-2011-07-10 (20-39-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 273519
Time elapsed: 1 hour(s), 20 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 10
Registry Data Items Infected: 8
Folders Infected: 7
Files Infected: 50

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9ef8d7fb-a5d2-4050-97f8-dc3458153128} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EF8D7FB-A5D2-4050-97F8-DC3458153128} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EF8D7FB-A5D2-4050-97F8-DC3458153128} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.FakeVLC) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ACommander (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC Player (Trojan.FakeVLC) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adShotHlpr.adShotHlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adShotHlpr.adShotHlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\pragma (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus (Rogue.PaladinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} (Trojan.Ertfor) -> Value: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142C.exe (Trojan.FakeAlert) -> Value: newupdate1142C.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YVIBBBHA8C (Trojan.FakeAlert) -> Value: YVIBBBHA8C -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Value: hsf87efjhdsf87f3jfsdi7fhsujfd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> Value: ewrgetuj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kuloridivo (Trojan.Vundo) -> Value: kuloridivo -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\mary\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.184,93.188.166.146) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0373B0F5-9151-43F2-9053-B253EEE77E59}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.184,93.188.166.146) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A4548EA-76A3-47D7-A6AA-CBCADF8C549A}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.184,93.188.166.146) Good: () -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\mary\application data\acommander (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\program files\akm antivirus 2010 pro (Rogue.Agent) -> Quarantined and deleted successfully.
c:\program files\scdata (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmaxobvpeseme (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\mokejudu.dll (IPH.GenericBHO) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\Desktop\setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\temporary internet files\Content.IE5\3Z6DS1CC\setup[1].exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\uninstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\mary\local settings\temporary internet files\Content.IE5\M4G6H588\pc_protect[1].exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
c:\program files\VlcPlus\uninstall.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\pragmamfeklnmal.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\mary\Desktop\acommander.lnk (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\all users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\mary\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\mary\local settings\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\pragmamainqt.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nupikufo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\settings.ini (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\guide.html (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images\05.png (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images\06.png (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images\07.png (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images\08.png (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images\09.png (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\documents and settings\mary\application data\acommander\faq\images\10.png (Rogue.ACommander) -> Quarantined and deleted successfully.
c:\program files\scdata\wispex.html (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\i1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\i2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\i3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\j1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\j2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\j3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\jj1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\jj2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\jj3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\l1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\l2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\l3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\pix.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\t1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\t2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\Thumbs.db (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\up1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\up2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\w1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\w11.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\w2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\w3.jpg (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\word.doc (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\wt1.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\wt2.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\scdata\images\wt3.gif (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\pragmaxobvpeseme\pragmacfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.

And this

#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x1300255a, pid=1284, tid=424
#
# Java VM: Java HotSpot™ Client VM (1.5.0_06-b05 mixed mode)
# Problematic frame:
# C 0x1300255a
#

--------------- T H R E A D ---------------

Current thread (0x0b615008): JavaThread "thread applet-vmain.class" [_thread_in_native, id=424]

siginfo: ExceptionCode=0xc0000005, writing address 0x00000000

Registers:
EAX=0x00000000, EBX=0x216262d0, ECX=0x068a0ff0, EDX=0x00000000
ESP=0x1204fa00, EBP=0x255a255a, ESI=0x216262d0, EDI=0x0b615008
EIP=0x1300255a, EFLAGS=0x00210246

Top of Stack: (sp=0x1204fa00)
0x1204fa00: 1204fa00 216262d0 1204fa30 21626b78
0x1204fa10: 00000000 216262d0 1204fa2c 1204fa54
0x1204fa20: 13d729a4 00000000 13d76449 1b110fa8
0x1204fa30: 1b128b38 1b128b38 1204fa38 21626247
0x1204fa40: 1204fa64 21626b78 00000000 21626268
0x1204fa50: 1204fa60 1204fa84 13d72923 1b13adb0
0x1204fa60: 1b110fa8 1b128b38 1204fa68 21625929
0x1204fa70: 1204fa9c 21626b78 00000000 21625938

Instructions: (pc=0x1300255a)
0x1300254a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1300255a: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00


Stack: [0x11f50000,0x12050000), sp=0x1204fa00, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x1300255a

[error occurred during error reporting, step 120, id 0xc0000005]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
j vmain.init()V+88
j sun.applet.AppletPanel.run()V+197
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0acaeda0 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3128]
0x0b5fb008 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=400]
0x0abed8f8 JavaThread "AWT-EventQueue-3" [_thread_blocked, id=3304]
=>0x0b615008 JavaThread "thread applet-vmain.class" [_thread_in_native, id=424]
0x0abf9be0 JavaThread "thread applet-vmain.class" [_thread_blocked, id=2956]
0x0b5ab3d8 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=4044]
0x0abbfe58 JavaThread "AWT-Shutdown" [_thread_blocked, id=1588]
0x0ac5ea38 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2648]
0x0b5aabe0 JavaThread "AWT-Windows" daemon [_thread_in_native, id=324]
0x03a85980 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=248]
0x06844130 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1136]
0x003dd598 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2152]
0x06822068 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=416]
0x0ac26858 JavaThread "Finalizer" daemon [_thread_blocked, id=364]
0x068c65d8 JavaThread "Reference Handler" daemon [_thread_blocked, id=936]
0x03a2e3c8 JavaThread "main" [_thread_in_native, id=3720]

Other Threads:
0x0693fe60 VMThread [id=1036]
0x03a876c8 WatcherThread [id=2296]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 6400K, used 1197K [0x1b010000, 0x1b700000, 0x1b770000)
eden space 5696K, 21% used [0x1b010000, 0x1b13b600, 0x1b5a0000)
from space 704K, 0% used [0x1b5a0000, 0x1b5a0000, 0x1b650000)
to space 704K, 0% used [0x1b650000, 0x1b650000, 0x1b700000)
tenured generation total 84596K, used 50755K [0x1b770000, 0x20a0d000, 0x21010000)
the space 84596K, 59% used [0x1b770000, 0x1e900ff0, 0x1e901000, 0x20a0d000)
compacting perm gen total 8192K, used 6376K [0x21010000, 0x21810000, 0x25010000)
the space 8192K, 77% used [0x21010000, 0x2164a1d8, 0x2164a200, 0x21810000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x0049c000 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x78130000 - 0x78258000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3dfd0000 - 0x3e015000 C:\WINDOWS\system32\iertutil.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x629c0000 - 0x629c9000 C:\WINDOWS\system32\LPK.DLL
0x74d90000 - 0x74dfb000 C:\WINDOWS\system32\USP10.dll
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 - 0x5d12a000 C:\WINDOWS\system32\comctl32.dll
0x3e1c0000 - 0x3e78d000 C:\WINDOWS\system32\IEFRAME.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\UxTheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x00c80000 - 0x00f45000 C:\WINDOWS\system32\xpsp2res.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x5dff0000 - 0x5e01f000 C:\WINDOWS\system32\IEUI.dll
0x76380000 - 0x76385000 C:\WINDOWS\system32\MSIMG32.dll
0x4ec50000 - 0x4edfb000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll
0x47060000 - 0x47081000 C:\WINDOWS\system32\xmllite.dll
0x76fd0000 - 0x7704f000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x746f0000 - 0x7471a000 C:\WINDOWS\system32\msimtf.dll
0x77a20000 - 0x77a74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661d000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77a13000 C:\WINDOWS\system32\SETUPAPI.dll
0x61930000 - 0x6197a000 C:\Program Files\Internet Explorer\ieproxy.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x7e720000 - 0x7e7d0000 C:\WINDOWS\system32\SXS.DLL
0x3d930000 - 0x3da01000 C:\WINDOWS\system32\WININET.dll
0x01db0000 - 0x01db9000 C:\WINDOWS\system32\Normaliz.dll
0x75cf0000 - 0x75d81000 C:\WINDOWS\system32\MLANG.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\ws2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x10000000 - 0x10050000 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x02a20000 - 0x02e19000 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_78F32466E61F1EEC.dll
0x74c80000 - 0x74cac000 C:\WINDOWS\system32\OLEACC.dll
0x76080000 - 0x760e5000 C:\WINDOWS\system32\MSVCP60.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\NETAPI32.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\IPHLPAPI.DLL
0x7d9a0000 - 0x7db05000 C:\WINDOWS\system32\query.dll
0x02f60000 - 0x03032000 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll
0x59a60000 - 0x59b01000 C:\WINDOWS\system32\dbghelp.dll
0x76990000 - 0x769b5000 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 - 0x76b31000 C:\WINDOWS\system32\ATL.DLL
0x71b20000 - 0x71b32000 C:\WINDOWS\system32\MPR.dll
0x75f60000 - 0x75f67000 C:\WINDOWS\System32\drprov.dll
0x71c10000 - 0x71c1e000 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 - 0x71ce7000 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 - 0x71cd0000 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 - 0x71c87000 C:\WINDOWS\System32\NETRAP.dll
0x71bf0000 - 0x71c03000 C:\WINDOWS\System32\SAMLIB.dll
0x75f70000 - 0x75f7a000 C:\WINDOWS\System32\davclnt.dll
0x01c90000 - 0x01ca4000 C:\WINDOWS\system32\LMIRfsClientNP.dll
0x75970000 - 0x75a68000 C:\WINDOWS\system32\MSGINA.dll
0x74320000 - 0x7435d000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 - 0x763f9000 C:\WINDOWS\system32\comdlg32.dll
0x76360000 - 0x76370000 C:\WINDOWS\system32\WINSTA.dll
0x03490000 - 0x034a7000 C:\WINDOWS\system32\odbcint.dll
0x708f0000 - 0x70903000 C:\WINDOWS\system32\asycfilt.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x73ba0000 - 0x73bb3000 C:\WINDOWS\system32\sti.dll
0x74ae0000 - 0x74ae7000 C:\WINDOWS\system32\CFGMGR32.dll
0x03f10000 - 0x03f47000 C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
0x7c120000 - 0x7c139000 C:\WINDOWS\system32\ATL71.DLL
0x7c3a0000 - 0x7c41b000 C:\WINDOWS\system32\MSVCP71.dll
0x7c340000 - 0x7c396000 C:\WINDOWS\system32\MSVCR71.dll
0x03f70000 - 0x03f7e000 C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x6d600000 - 0x6d62d000 C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
0x5edd0000 - 0x5ede7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x03fc0000 - 0x0408a000 C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x77c70000 - 0x77c95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679c000 C:\WINDOWS\system32\cryptdll.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x16080000 - 0x160a5000 C:\Program Files\Bonjour\mdnsNSP.dll
0x71d40000 - 0x71d5b000 C:\WINDOWS\system32\actxprxy.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x3da20000 - 0x3dd95000 C:\WINDOWS\system32\mshtml.dll
0x746c0000 - 0x746e9000 C:\WINDOWS\system32\msls31.dll
0x42f90000 - 0x42ff0000 C:\WINDOWS\system32\ieapfltr.dll
0x77690000 - 0x776b1000 C:\WINDOWS\system32\NTMARTA.DLL
0x75c50000 - 0x75ccd000 C:\WINDOWS\system32\jscript.dll
0x42070000 - 0x420a2000 C:\WINDOWS\system32\iepeers.dll
0x74980000 - 0x74aa3000 C:\WINDOWS\system32\msxml3.dll
0x420c0000 - 0x420f9000 C:\WINDOWS\system32\Dxtrans.dll
0x6d430000 - 0x6d43a000 C:\WINDOWS\system32\ddrawex.dll
0x73760000 - 0x737ab000 C:\WINDOWS\system32\DDRAW.dll
0x73bc0000 - 0x73bc6000 C:\WINDOWS\system32\DCIMAN32.dll
0x42010000 - 0x42067000 C:\WINDOWS\system32\Dxtmsft.dll
0x42b90000 - 0x42c07000 C:\WINDOWS\system32\mshtmled.dll
0x5f4b0000 - 0x5f4d0000 C:\WINDOWS\system32\nlhtml.dll
0x1b000000 - 0x1b00c000 C:\WINDOWS\system32\ImgUtil.dll
0x41e30000 - 0x41e3e000 C:\WINDOWS\system32\pngfilt.dll
0x18000000 - 0x180ac000 C:\Program Files\Google\Update\1.2.183.23\goopdate.dll
0x767f0000 - 0x76818000 C:\WINDOWS\system32\schannel.dll
0x68100000 - 0x68126000 C:\WINDOWS\system32\dssenh.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~1.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~1.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~1.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~1.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>
Launcher Type: generic

Environment Variables:
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
PATH=C:\PROGRA~1\Java\JRE15~1.0_0\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;.
USERNAME=mary
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 1 family 6, cmov, cx8, fxsr, mmx, sse, sse2

Memory: 4k page, physical 514480k(43464k free), swap 1255476k(549456k free)

vm_info: Java HotSpot™ Client VM (1.5.0_06-b05) for windows-x86, built on Nov 10 2005 11:12:14 by "java_re" with MS VC++ 6.0

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:23 PM

Posted 11 July 2011 - 11:15 AM

What did TDSSKiller show?

#6 Seve88

Seve88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 July 2011 - 07:04 PM

What did TDSSKiller show?


This is what came up when I first ran TDSSKiller:

2011/07/08 13:02:12.0593 1164 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/08 13:02:13.0515 1164 ================================================================================
2011/07/08 13:02:13.0515 1164 SystemInfo:
2011/07/08 13:02:13.0515 1164
2011/07/08 13:02:13.0515 1164 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/08 13:02:13.0515 1164 Product type: Workstation
2011/07/08 13:02:14.0062 1164 ComputerName: YOUR-4105E587B6
2011/07/08 13:02:14.0078 1164 UserName: mary
2011/07/08 13:02:14.0078 1164 Windows directory: C:\WINDOWS
2011/07/08 13:02:14.0078 1164 System windows directory: C:\WINDOWS
2011/07/08 13:02:14.0078 1164 Processor architecture: Intel x86
2011/07/08 13:02:14.0078 1164 Number of processors: 1
2011/07/08 13:02:14.0078 1164 Page size: 0x1000
2011/07/08 13:02:14.0078 1164 Boot type: Normal boot
2011/07/08 13:02:14.0078 1164 ================================================================================
2011/07/08 13:02:22.0187 1164 Initialize success
2011/07/08 13:02:26.0859 4212 ================================================================================
2011/07/08 13:02:26.0859 4212 Scan started
2011/07/08 13:02:26.0859 4212 Mode: Manual;
2011/07/08 13:02:26.0859 4212 ================================================================================
2011/07/08 13:02:30.0671 4212 ACGPRS (d71b0548dda09625f0bf19abde4fe35e) C:\WINDOWS\system32\DRIVERS\acgprs.sys
2011/07/08 13:02:30.0859 4212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/08 13:02:31.0093 4212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/08 13:02:31.0531 4212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/08 13:02:31.0640 4212 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/08 13:02:33.0546 4212 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/08 13:02:37.0296 4212 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/08 13:02:39.0515 4212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/08 13:02:39.0984 4212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/08 13:02:40.0437 4212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/08 13:02:40.0656 4212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/08 13:02:40.0984 4212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/08 13:02:41.0468 4212 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/07/08 13:02:42.0046 4212 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/07/08 13:02:42.0546 4212 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/07/08 13:02:43.0031 4212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/08 13:02:43.0921 4212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/08 13:02:45.0031 4212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/08 13:02:47.0156 4212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/08 13:02:49.0406 4212 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/08 13:02:50.0093 4212 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/08 13:02:51.0453 4212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/08 13:02:52.0375 4212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/08 13:02:53.0421 4212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/08 13:02:54.0046 4212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/08 13:02:54.0437 4212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/08 13:02:55.0453 4212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/08 13:02:55.0859 4212 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/07/08 13:02:55.0968 4212 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/07/08 13:02:56.0109 4212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/08 13:02:56.0265 4212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/08 13:02:57.0109 4212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/08 13:02:57.0437 4212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/08 13:02:58.0265 4212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/08 13:02:58.0375 4212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/08 13:02:58.0765 4212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/08 13:02:58.0953 4212 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/08 13:02:59.0062 4212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/08 13:02:59.0968 4212 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/08 13:03:00.0390 4212 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/08 13:03:00.0640 4212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/08 13:03:03.0109 4212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/08 13:03:03.0312 4212 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/08 13:03:03.0406 4212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/08 13:03:03.0593 4212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/08 13:03:03.0640 4212 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/08 13:03:03.0781 4212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/08 13:03:03.0875 4212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/08 13:03:04.0062 4212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/08 13:03:04.0203 4212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/08 13:03:04.0265 4212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/08 13:03:04.0375 4212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/08 13:03:04.0437 4212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/08 13:03:04.0734 4212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/08 13:03:04.0859 4212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/08 13:03:04.0921 4212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/08 13:03:05.0140 4212 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/08 13:03:05.0406 4212 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/08 13:03:05.0828 4212 LMIInfo (cb82947f34084110c6f4ab7f6fe56921) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/07/08 13:03:06.0046 4212 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/07/08 13:03:06.0125 4212 LMIRfsDriver (74701f9e50292543e7c2867cdbf4c4a5) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/07/08 13:03:06.0171 4212 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/08 13:03:06.0265 4212 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/07/08 13:03:06.0328 4212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/08 13:03:06.0468 4212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/08 13:03:06.0656 4212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/08 13:03:06.0718 4212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/08 13:03:06.0734 4212 Suspicious service (NoAccess): mphvqao
2011/07/08 13:03:06.0828 4212 mphvqao (80c6af4f948d4168fc90da1a6f4b6924) C:\WINDOWS\system32\drivers\mphvqao.sys
2011/07/08 13:03:06.0828 4212 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\mphvqao.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924
2011/07/08 13:03:06.0843 4212 mphvqao - detected LockedService.Multi.Generic (1)
2011/07/08 13:03:06.0937 4212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/08 13:03:07.0031 4212 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/08 13:03:07.0078 4212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/08 13:03:07.0156 4212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/08 13:03:07.0328 4212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/08 13:03:07.0468 4212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/08 13:03:07.0593 4212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/08 13:03:07.0703 4212 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/08 13:03:08.0218 4212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/08 13:03:08.0843 4212 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/08 13:03:09.0031 4212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/08 13:03:09.0250 4212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/08 13:03:09.0906 4212 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/08 13:03:10.0359 4212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/08 13:03:10.0968 4212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/08 13:03:11.0250 4212 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/08 13:03:11.0437 4212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/08 13:03:11.0531 4212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/08 13:03:11.0671 4212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/08 13:03:11.0734 4212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/08 13:03:11.0781 4212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/08 13:03:11.0843 4212 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/08 13:03:12.0015 4212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/08 13:03:12.0062 4212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/08 13:03:12.0125 4212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/08 13:03:12.0156 4212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/08 13:03:12.0296 4212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/08 13:03:12.0343 4212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/08 13:03:12.0875 4212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/08 13:03:12.0937 4212 Suspicious service (Hidden): PRAGMAxobvpeseme
2011/07/08 13:03:13.0000 4212 PRAGMAxobvpeseme (b340e1812529295494f86f80fe65d66c) C:\WINDOWS\PRAGMAxobvpeseme\PRAGMAd.sys
2011/07/08 13:03:13.0000 4212 Suspicious file (Hidden): C:\WINDOWS\PRAGMAxobvpeseme\PRAGMAd.sys. md5: b340e1812529295494f86f80fe65d66c
2011/07/08 13:03:13.0031 4212 PRAGMAxobvpeseme - detected Rootkit.Win32.TDSS.tdl2 (0)
2011/07/08 13:03:13.0171 4212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/08 13:03:13.0234 4212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/08 13:03:13.0296 4212 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/08 13:03:13.0671 4212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/08 13:03:13.0734 4212 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/08 13:03:13.0812 4212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/08 13:03:13.0937 4212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/08 13:03:13.0984 4212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/08 13:03:14.0078 4212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/08 13:03:14.0234 4212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/08 13:03:14.0343 4212 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/08 13:03:14.0484 4212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/08 13:03:14.0609 4212 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/08 13:03:14.0703 4212 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/08 13:03:14.0812 4212 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/07/08 13:03:15.0062 4212 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/08 13:03:15.0171 4212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/08 13:03:15.0328 4212 SEMWModem (9d06827395b38c489bc3cd81664326d6) C:\WINDOWS\system32\DRIVERS\GCXX.sys
2011/07/08 13:03:15.0515 4212 SEMWWNIC (2d02e441e3e3f3e85f97a5c87634f4b9) C:\WINDOWS\system32\DRIVERS\GCXXNet.sys
2011/07/08 13:03:15.0609 4212 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/08 13:03:15.0671 4212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/08 13:03:15.0781 4212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/08 13:03:15.0890 4212 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/07/08 13:03:16.0093 4212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/08 13:03:16.0171 4212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/08 13:03:16.0312 4212 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/08 13:03:16.0437 4212 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/08 13:03:16.0843 4212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/08 13:03:17.0140 4212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/08 13:03:18.0437 4212 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/08 13:03:18.0578 4212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/08 13:03:19.0078 4212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/08 13:03:19.0265 4212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/08 13:03:19.0484 4212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/08 13:03:19.0703 4212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/08 13:03:19.0843 4212 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/07/08 13:03:19.0984 4212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/08 13:03:20.0265 4212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/08 13:03:20.0453 4212 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/08 13:03:20.0671 4212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/08 13:03:20.0812 4212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/08 13:03:20.0937 4212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/08 13:03:20.0984 4212 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/08 13:03:21.0093 4212 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/08 13:03:21.0140 4212 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/08 13:03:21.0171 4212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/08 13:03:21.0218 4212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/08 13:03:21.0250 4212 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/08 13:03:21.0281 4212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/08 13:03:21.0546 4212 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/07/08 13:03:21.0812 4212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/08 13:03:21.0953 4212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/08 13:03:22.0093 4212 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/08 13:03:22.0203 4212 WmiAcpi (54035571da70d813570e54a758243980) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/08 13:03:22.0203 4212 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\wmiacpi.sys. Real md5: 54035571da70d813570e54a758243980, Fake md5: c42584fd66ce9e17403aebca199f7bdb
2011/07/08 13:03:22.0234 4212 WmiAcpi - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/08 13:03:22.0328 4212 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/08 13:03:22.0515 4212 MBR (0x1B8) (81a54cdf8594870d5a1628bc9455fe84) \Device\Harddisk0\DR0
2011/07/08 13:03:22.0546 4212 Boot (0x1200) (8ffd04c05d98011bafdc09fb7ff7e69d) \Device\Harddisk0\DR0\Partition0
2011/07/08 13:03:22.0593 4212 Boot (0x1200) (5ccdd1114c261952c72b9bbe966d0eb1) \Device\Harddisk0\DR0\Partition1
2011/07/08 13:03:22.0609 4212 ================================================================================
2011/07/08 13:03:22.0609 4212 Scan finished
2011/07/08 13:03:22.0609 4212 ================================================================================
2011/07/08 13:03:22.0640 3284 Detected object count: 3
2011/07/08 13:03:22.0640 3284 Actual detected object count: 3
2011/07/08 13:06:06.0531 3284 LockedService.Multi.Generic(mphvqao) - User select action: Skip
2011/07/08 13:06:06.0531 3284 C:\WINDOWS\PRAGMAxobvpeseme\PRAGMAd.sys - will be deleted after reboot
2011/07/08 13:06:06.0531 3284 C:\WINDOWS\PRAGMAxobvpeseme\PRAGMAc.dll - will be deleted after reboot
2011/07/08 13:06:06.0531 3284 C:\WINDOWS\system32\PRAGMAsrcr.dat - will be deleted after reboot
2011/07/08 13:06:06.0531 3284 C:\WINDOWS\system32\pragmaserf.dll - will be deleted after reboot
2011/07/08 13:06:06.0531 3284 C:\WINDOWS\system32\pragmabbr.dll - will be deleted after reboot
2011/07/08 13:06:06.0531 3284 HKLM\SYSTEM\ControlSet001\services\PRAGMAxobvpeseme - will be deleted after reboot
2011/07/08 13:06:06.0593 3284 HKLM\SYSTEM\ControlSet003\services\PRAGMAxobvpeseme - will be deleted after reboot
2011/07/08 13:06:06.0625 3284 C:\WINDOWS\PRAGMAxobvpeseme\PRAGMAd.sys - will be deleted after reboot
2011/07/08 13:06:06.0625 3284 Rootkit.Win32.TDSS.tdl2(PRAGMAxobvpeseme) - User select action: Delete
2011/07/08 13:06:06.0828 3284 WmiAcpi (54035571da70d813570e54a758243980) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/08 13:06:06.0828 3284 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\wmiacpi.sys. Real md5: 54035571da70d813570e54a758243980, Fake md5: c42584fd66ce9e17403aebca199f7bdb
2011/07/08 13:06:09.0140 3284 Backup copy found, using it..
2011/07/08 13:06:09.0625 3284 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys - will be cured after reboot
2011/07/08 13:06:09.0625 3284 Rootkit.Win32.TDSS.tdl3(WmiAcpi) - User select action: Cure
2011/07/08 13:06:30.0234 6104 Deinitialize success

This is the next day's scan:
2011/07/09 09:06:48.0281 1952 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/09 09:06:48.0859 1952 ================================================================================
2011/07/09 09:06:48.0859 1952 SystemInfo:
2011/07/09 09:06:48.0859 1952
2011/07/09 09:06:48.0859 1952 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/09 09:06:48.0859 1952 Product type: Workstation
2011/07/09 09:06:48.0859 1952 ComputerName: YOUR-4105E587B6
2011/07/09 09:06:48.0859 1952 UserName: mary
2011/07/09 09:06:48.0859 1952 Windows directory: C:\WINDOWS
2011/07/09 09:06:48.0859 1952 System windows directory: C:\WINDOWS
2011/07/09 09:06:48.0859 1952 Processor architecture: Intel x86
2011/07/09 09:06:48.0859 1952 Number of processors: 1
2011/07/09 09:06:48.0859 1952 Page size: 0x1000
2011/07/09 09:06:48.0859 1952 Boot type: Safe boot with network
2011/07/09 09:06:48.0859 1952 ================================================================================
2011/07/09 09:06:51.0890 1952 Initialize success
2011/07/09 09:06:54.0078 0824 ================================================================================
2011/07/09 09:06:54.0078 0824 Scan started
2011/07/09 09:06:54.0078 0824 Mode: Manual;
2011/07/09 09:06:54.0078 0824 ================================================================================
2011/07/09 09:06:56.0406 0824 ACGPRS (d71b0548dda09625f0bf19abde4fe35e) C:\WINDOWS\system32\DRIVERS\acgprs.sys
2011/07/09 09:06:56.0531 0824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/09 09:06:56.0640 0824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/09 09:06:57.0031 0824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/09 09:06:57.0343 0824 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/09 09:06:58.0609 0824 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/09 09:06:58.0812 0824 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/09 09:06:58.0968 0824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/09 09:06:59.0046 0824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/09 09:06:59.0156 0824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/09 09:06:59.0234 0824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/09 09:06:59.0281 0824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/09 09:06:59.0453 0824 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/07/09 09:06:59.0687 0824 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/07/09 09:06:59.0796 0824 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/07/09 09:06:59.0906 0824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/09 09:07:00.0093 0824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/09 09:07:00.0281 0824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/09 09:07:00.0343 0824 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/09 09:07:00.0453 0824 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/09 09:07:00.0593 0824 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/09 09:07:00.0781 0824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/09 09:07:00.0875 0824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/09 09:07:01.0000 0824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/09 09:07:01.0125 0824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/09 09:07:01.0218 0824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/09 09:07:01.0312 0824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/09 09:07:01.0390 0824 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/07/09 09:07:01.0468 0824 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/07/09 09:07:01.0625 0824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/09 09:07:01.0687 0824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/09 09:07:01.0828 0824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/09 09:07:01.0875 0824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/09 09:07:01.0921 0824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/09 09:07:02.0015 0824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/09 09:07:02.0046 0824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/09 09:07:02.0140 0824 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/09 09:07:02.0234 0824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/09 09:07:02.0500 0824 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/09 09:07:02.0578 0824 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/09 09:07:02.0687 0824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/09 09:07:02.0921 0824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/09 09:07:03.0062 0824 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/09 09:07:03.0203 0824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/09 09:07:03.0312 0824 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/09 09:07:03.0375 0824 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/09 09:07:03.0421 0824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/09 09:07:03.0484 0824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/09 09:07:03.0640 0824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/09 09:07:03.0687 0824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/09 09:07:03.0921 0824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/09 09:07:04.0500 0824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/09 09:07:04.0703 0824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/09 09:07:05.0078 0824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/09 09:07:05.0312 0824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/09 09:07:05.0375 0824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/09 09:07:06.0015 0824 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/09 09:07:06.0437 0824 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/09 09:07:06.0828 0824 LMIInfo (cb82947f34084110c6f4ab7f6fe56921) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/07/09 09:07:07.0156 0824 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/07/09 09:07:07.0421 0824 LMIRfsDriver (74701f9e50292543e7c2867cdbf4c4a5) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/07/09 09:07:07.0593 0824 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/09 09:07:07.0750 0824 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/07/09 09:07:07.0906 0824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/09 09:07:07.0968 0824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/09 09:07:08.0015 0824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/09 09:07:08.0062 0824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/09 09:07:08.0093 0824 Suspicious service (NoAccess): mphvqao
2011/07/09 09:07:08.0187 0824 mphvqao (80c6af4f948d4168fc90da1a6f4b6924) C:\WINDOWS\system32\drivers\mphvqao.sys
2011/07/09 09:07:08.0187 0824 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\mphvqao.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924
2011/07/09 09:07:08.0218 0824 mphvqao - detected LockedService.Multi.Generic (1)
2011/07/09 09:07:08.0281 0824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/09 09:07:08.0406 0824 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/09 09:07:08.0500 0824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/09 09:07:08.0562 0824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/09 09:07:08.0625 0824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/09 09:07:08.0734 0824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/09 09:07:08.0796 0824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/09 09:07:08.0843 0824 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/09 09:07:08.0937 0824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/09 09:07:09.0000 0824 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/09 09:07:09.0062 0824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/09 09:07:09.0109 0824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/09 09:07:09.0156 0824 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/09 09:07:09.0187 0824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/09 09:07:09.0250 0824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/09 09:07:09.0359 0824 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/09 09:07:09.0500 0824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/09 09:07:09.0640 0824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/09 09:07:09.0781 0824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/09 09:07:09.0875 0824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/09 09:07:09.0937 0824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/09 09:07:10.0000 0824 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/09 09:07:10.0062 0824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/09 09:07:10.0109 0824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/09 09:07:10.0171 0824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/09 09:07:10.0296 0824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/09 09:07:10.0453 0824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/09 09:07:10.0500 0824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/09 09:07:10.0578 0824 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/07/09 09:07:11.0015 0824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/09 09:07:11.0093 0824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/09 09:07:11.0125 0824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/09 09:07:11.0187 0824 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/09 09:07:11.0562 0824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/09 09:07:11.0625 0824 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/09 09:07:11.0687 0824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/09 09:07:11.0765 0824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/09 09:07:11.0796 0824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/09 09:07:11.0843 0824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/09 09:07:11.0890 0824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/09 09:07:12.0015 0824 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/09 09:07:12.0125 0824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/09 09:07:12.0218 0824 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/09 09:07:12.0312 0824 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/09 09:07:12.0453 0824 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/07/09 09:07:12.0593 0824 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/09 09:07:12.0703 0824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/09 09:07:13.0031 0824 SEMWModem (9d06827395b38c489bc3cd81664326d6) C:\WINDOWS\system32\DRIVERS\GCXX.sys
2011/07/09 09:07:13.0078 0824 SEMWWNIC (2d02e441e3e3f3e85f97a5c87634f4b9) C:\WINDOWS\system32\DRIVERS\GCXXNet.sys
2011/07/09 09:07:13.0156 0824 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/09 09:07:13.0265 0824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/09 09:07:13.0375 0824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/09 09:07:13.0484 0824 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/07/09 09:07:13.0578 0824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/09 09:07:13.0640 0824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/09 09:07:13.0734 0824 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/09 09:07:13.0843 0824 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/09 09:07:13.0968 0824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/09 09:07:14.0078 0824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/09 09:07:14.0312 0824 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/09 09:07:14.0375 0824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/09 09:07:14.0515 0824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/09 09:07:14.0593 0824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/09 09:07:14.0625 0824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/09 09:07:14.0671 0824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/09 09:07:14.0796 0824 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/07/09 09:07:15.0062 0824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/09 09:07:15.0203 0824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/09 09:07:15.0328 0824 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/09 09:07:15.0437 0824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/09 09:07:15.0500 0824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/09 09:07:15.0562 0824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/09 09:07:15.0625 0824 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/09 09:07:15.0812 0824 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/09 09:07:15.0875 0824 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/09 09:07:15.0937 0824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/09 09:07:16.0000 0824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/09 09:07:16.0046 0824 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/09 09:07:16.0093 0824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/09 09:07:16.0343 0824 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/07/09 09:07:16.0500 0824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/09 09:07:16.0625 0824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/09 09:07:16.0750 0824 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/09 09:07:16.0875 0824 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/09 09:07:16.0968 0824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/09 09:07:17.0109 0824 MBR (0x1B8) (81a54cdf8594870d5a1628bc9455fe84) \Device\Harddisk0\DR0
2011/07/09 09:07:17.0156 0824 Boot (0x1200) (8ffd04c05d98011bafdc09fb7ff7e69d) \Device\Harddisk0\DR0\Partition0
2011/07/09 09:07:17.0203 0824 Boot (0x1200) (5ccdd1114c261952c72b9bbe966d0eb1) \Device\Harddisk0\DR0\Partition1
2011/07/09 09:07:17.0218 0824 ================================================================================
2011/07/09 09:07:17.0218 0824 Scan finished
2011/07/09 09:07:17.0218 0824 ================================================================================
2011/07/09 09:07:17.0250 1124 Detected object count: 1
2011/07/09 09:07:17.0250 1124 Actual detected object count: 1
2011/07/09 09:07:21.0812 1124 LockedService.Multi.Generic(mphvqao) - User select action: Skip
2011/07/09 09:07:25.0796 0256 Deinitialize success

This is the next day's scan:
2011/07/09 09:06:48.0281 1952 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/09 09:06:48.0859 1952 ================================================================================
2011/07/09 09:06:48.0859 1952 SystemInfo:
2011/07/09 09:06:48.0859 1952
2011/07/09 09:06:48.0859 1952 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/09 09:06:48.0859 1952 Product type: Workstation
2011/07/09 09:06:48.0859 1952 ComputerName: YOUR-4105E587B6
2011/07/09 09:06:48.0859 1952 UserName: mary
2011/07/09 09:06:48.0859 1952 Windows directory: C:\WINDOWS
2011/07/09 09:06:48.0859 1952 System windows directory: C:\WINDOWS
2011/07/09 09:06:48.0859 1952 Processor architecture: Intel x86
2011/07/09 09:06:48.0859 1952 Number of processors: 1
2011/07/09 09:06:48.0859 1952 Page size: 0x1000
2011/07/09 09:06:48.0859 1952 Boot type: Safe boot with network
2011/07/09 09:06:48.0859 1952 ================================================================================
2011/07/09 09:06:51.0890 1952 Initialize success
2011/07/09 09:06:54.0078 0824 ================================================================================
2011/07/09 09:06:54.0078 0824 Scan started
2011/07/09 09:06:54.0078 0824 Mode: Manual;
2011/07/09 09:06:54.0078 0824 ================================================================================
2011/07/09 09:06:56.0406 0824 ACGPRS (d71b0548dda09625f0bf19abde4fe35e) C:\WINDOWS\system32\DRIVERS\acgprs.sys
2011/07/09 09:06:56.0531 0824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/09 09:06:56.0640 0824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/09 09:06:57.0031 0824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/09 09:06:57.0343 0824 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/09 09:06:58.0609 0824 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/09 09:06:58.0812 0824 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/09 09:06:58.0968 0824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/09 09:06:59.0046 0824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/09 09:06:59.0156 0824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/09 09:06:59.0234 0824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/09 09:06:59.0281 0824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/09 09:06:59.0453 0824 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/07/09 09:06:59.0687 0824 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/07/09 09:06:59.0796 0824 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/07/09 09:06:59.0906 0824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/09 09:07:00.0093 0824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/09 09:07:00.0281 0824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/09 09:07:00.0343 0824 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/09 09:07:00.0453 0824 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/09 09:07:00.0593 0824 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/09 09:07:00.0781 0824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/09 09:07:00.0875 0824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/09 09:07:01.0000 0824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/09 09:07:01.0125 0824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/09 09:07:01.0218 0824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/09 09:07:01.0312 0824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/09 09:07:01.0390 0824 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/07/09 09:07:01.0468 0824 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/07/09 09:07:01.0625 0824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/09 09:07:01.0687 0824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/09 09:07:01.0828 0824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/09 09:07:01.0875 0824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/09 09:07:01.0921 0824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/09 09:07:02.0015 0824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/09 09:07:02.0046 0824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/09 09:07:02.0140 0824 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/09 09:07:02.0234 0824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/09 09:07:02.0500 0824 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/09 09:07:02.0578 0824 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/09 09:07:02.0687 0824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/09 09:07:02.0921 0824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/09 09:07:03.0062 0824 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/09 09:07:03.0203 0824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/09 09:07:03.0312 0824 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/09 09:07:03.0375 0824 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/09 09:07:03.0421 0824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/09 09:07:03.0484 0824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/09 09:07:03.0640 0824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/09 09:07:03.0687 0824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/09 09:07:03.0921 0824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/09 09:07:04.0500 0824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/09 09:07:04.0703 0824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/09 09:07:05.0078 0824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/09 09:07:05.0312 0824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/09 09:07:05.0375 0824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/09 09:07:06.0015 0824 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/09 09:07:06.0437 0824 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/09 09:07:06.0828 0824 LMIInfo (cb82947f34084110c6f4ab7f6fe56921) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/07/09 09:07:07.0156 0824 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/07/09 09:07:07.0421 0824 LMIRfsDriver (74701f9e50292543e7c2867cdbf4c4a5) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/07/09 09:07:07.0593 0824 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/09 09:07:07.0750 0824 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/07/09 09:07:07.0906 0824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/09 09:07:07.0968 0824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/09 09:07:08.0015 0824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/09 09:07:08.0062 0824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/09 09:07:08.0093 0824 Suspicious service (NoAccess): mphvqao
2011/07/09 09:07:08.0187 0824 mphvqao (80c6af4f948d4168fc90da1a6f4b6924) C:\WINDOWS\system32\drivers\mphvqao.sys
2011/07/09 09:07:08.0187 0824 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\mphvqao.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924
2011/07/09 09:07:08.0218 0824 mphvqao - detected LockedService.Multi.Generic (1)
2011/07/09 09:07:08.0281 0824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/09 09:07:08.0406 0824 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/09 09:07:08.0500 0824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/09 09:07:08.0562 0824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/09 09:07:08.0625 0824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/09 09:07:08.0734 0824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/09 09:07:08.0796 0824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/09 09:07:08.0843 0824 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/09 09:07:08.0937 0824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/09 09:07:09.0000 0824 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/09 09:07:09.0062 0824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/09 09:07:09.0109 0824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/09 09:07:09.0156 0824 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/09 09:07:09.0187 0824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/09 09:07:09.0250 0824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/09 09:07:09.0359 0824 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/09 09:07:09.0500 0824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/09 09:07:09.0640 0824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/09 09:07:09.0781 0824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/09 09:07:09.0875 0824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/09 09:07:09.0937 0824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/09 09:07:10.0000 0824 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/09 09:07:10.0062 0824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/09 09:07:10.0109 0824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/09 09:07:10.0171 0824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/09 09:07:10.0296 0824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/09 09:07:10.0453 0824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/09 09:07:10.0500 0824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/09 09:07:10.0578 0824 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/07/09 09:07:11.0015 0824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/09 09:07:11.0093 0824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/09 09:07:11.0125 0824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/09 09:07:11.0187 0824 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/09 09:07:11.0562 0824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/09 09:07:11.0625 0824 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/09 09:07:11.0687 0824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/09 09:07:11.0765 0824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/09 09:07:11.0796 0824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/09 09:07:11.0843 0824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/09 09:07:11.0890 0824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/09 09:07:12.0015 0824 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/09 09:07:12.0125 0824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/09 09:07:12.0218 0824 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/09 09:07:12.0312 0824 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/09 09:07:12.0453 0824 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/07/09 09:07:12.0593 0824 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/09 09:07:12.0703 0824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/09 09:07:13.0031 0824 SEMWModem (9d06827395b38c489bc3cd81664326d6) C:\WINDOWS\system32\DRIVERS\GCXX.sys
2011/07/09 09:07:13.0078 0824 SEMWWNIC (2d02e441e3e3f3e85f97a5c87634f4b9) C:\WINDOWS\system32\DRIVERS\GCXXNet.sys
2011/07/09 09:07:13.0156 0824 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/09 09:07:13.0265 0824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/09 09:07:13.0375 0824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/09 09:07:13.0484 0824 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/07/09 09:07:13.0578 0824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/09 09:07:13.0640 0824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/09 09:07:13.0734 0824 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/09 09:07:13.0843 0824 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/09 09:07:13.0968 0824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/09 09:07:14.0078 0824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/09 09:07:14.0312 0824 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/09 09:07:14.0375 0824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/09 09:07:14.0515 0824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/09 09:07:14.0593 0824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/09 09:07:14.0625 0824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/09 09:07:14.0671 0824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/09 09:07:14.0796 0824 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/07/09 09:07:15.0062 0824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/09 09:07:15.0203 0824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/09 09:07:15.0328 0824 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/09 09:07:15.0437 0824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/09 09:07:15.0500 0824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/09 09:07:15.0562 0824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/09 09:07:15.0625 0824 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/09 09:07:15.0812 0824 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/09 09:07:15.0875 0824 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/09 09:07:15.0937 0824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/09 09:07:16.0000 0824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/09 09:07:16.0046 0824 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/09 09:07:16.0093 0824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/09 09:07:16.0343 0824 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/07/09 09:07:16.0500 0824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/09 09:07:16.0625 0824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/09 09:07:16.0750 0824 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/09 09:07:16.0875 0824 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/09 09:07:16.0968 0824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/09 09:07:17.0109 0824 MBR (0x1B8) (81a54cdf8594870d5a1628bc9455fe84) \Device\Harddisk0\DR0
2011/07/09 09:07:17.0156 0824 Boot (0x1200) (8ffd04c05d98011bafdc09fb7ff7e69d) \Device\Harddisk0\DR0\Partition0
2011/07/09 09:07:17.0203 0824 Boot (0x1200) (5ccdd1114c261952c72b9bbe966d0eb1) \Device\Harddisk0\DR0\Partition1
2011/07/09 09:07:17.0218 0824 ================================================================================
2011/07/09 09:07:17.0218 0824 Scan finished
2011/07/09 09:07:17.0218 0824 ================================================================================
2011/07/09 09:07:17.0250 1124 Detected object count: 1
2011/07/09 09:07:17.0250 1124 Actual detected object count: 1
2011/07/09 09:07:21.0812 1124 LockedService.Multi.Generic(mphvqao) - User select action: Skip
2011/07/09 09:07:25.0796 0256 Deinitialize success

And finally today's scan:

2011/07/10 21:00:19.0562 1968 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/10 21:00:19.0640 1968 ================================================================================
2011/07/10 21:00:19.0640 1968 SystemInfo:
2011/07/10 21:00:19.0640 1968
2011/07/10 21:00:19.0640 1968 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/10 21:00:19.0640 1968 Product type: Workstation
2011/07/10 21:00:19.0640 1968 ComputerName: YOUR-4105E587B6
2011/07/10 21:00:19.0640 1968 UserName: mary
2011/07/10 21:00:19.0640 1968 Windows directory: C:\WINDOWS
2011/07/10 21:00:19.0640 1968 System windows directory: C:\WINDOWS
2011/07/10 21:00:19.0640 1968 Processor architecture: Intel x86
2011/07/10 21:00:19.0640 1968 Number of processors: 1
2011/07/10 21:00:19.0640 1968 Page size: 0x1000
2011/07/10 21:00:19.0640 1968 Boot type: Normal boot
2011/07/10 21:00:19.0640 1968 ================================================================================
2011/07/10 21:00:21.0468 1968 Initialize success
2011/07/10 21:00:27.0359 0420 ================================================================================
2011/07/10 21:00:27.0359 0420 Scan started
2011/07/10 21:00:27.0359 0420 Mode: Manual;
2011/07/10 21:00:27.0359 0420 ================================================================================
2011/07/10 21:00:29.0093 0420 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/07/10 21:00:29.0296 0420 ACGPRS (d71b0548dda09625f0bf19abde4fe35e) C:\WINDOWS\system32\DRIVERS\acgprs.sys
2011/07/10 21:00:29.0406 0420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/10 21:00:29.0546 0420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/10 21:00:29.0703 0420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/10 21:00:29.0812 0420 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/07/10 21:00:30.0093 0420 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/07/10 21:00:30.0250 0420 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/10 21:00:30.0437 0420 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/07/10 21:00:30.0468 0420 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/07/10 21:00:30.0515 0420 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/07/10 21:00:30.0578 0420 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/07/10 21:00:30.0750 0420 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/07/10 21:00:30.0812 0420 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/07/10 21:00:30.0921 0420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/10 21:00:30.0968 0420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/10 21:00:31.0078 0420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/10 21:00:31.0156 0420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/10 21:00:31.0203 0420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/10 21:00:31.0390 0420 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/07/10 21:00:31.0468 0420 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
2011/07/10 21:00:31.0562 0420 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
2011/07/10 21:00:31.0640 0420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/10 21:00:31.0718 0420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/10 21:00:31.0796 0420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/10 21:00:31.0843 0420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/10 21:00:32.0031 0420 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/10 21:00:32.0093 0420 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/10 21:00:32.0250 0420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/10 21:00:32.0343 0420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/10 21:00:32.0484 0420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/10 21:00:32.0562 0420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/10 21:00:32.0625 0420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/10 21:00:32.0750 0420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/10 21:00:32.0859 0420 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
2011/07/10 21:00:33.0000 0420 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
2011/07/10 21:00:33.0093 0420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/10 21:00:33.0203 0420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/10 21:00:33.0359 0420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/10 21:00:33.0406 0420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/10 21:00:33.0453 0420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/10 21:00:33.0500 0420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/10 21:00:33.0515 0420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/10 21:00:33.0593 0420 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/10 21:00:33.0640 0420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/10 21:00:33.0796 0420 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/07/10 21:00:33.0921 0420 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/10 21:00:34.0453 0420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/10 21:00:34.0671 0420 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/10 21:00:34.0796 0420 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/10 21:00:34.0968 0420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/10 21:00:35.0062 0420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/10 21:00:35.0093 0420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/10 21:00:35.0156 0420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/10 21:00:35.0234 0420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/10 21:00:35.0281 0420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/10 21:00:35.0406 0420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/10 21:00:35.0484 0420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/10 21:00:35.0546 0420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/10 21:00:35.0671 0420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/10 21:00:35.0718 0420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/10 21:00:35.0765 0420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/10 21:00:35.0828 0420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/10 21:00:35.0984 0420 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/10 21:00:36.0109 0420 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/07/10 21:00:36.0296 0420 LMIInfo (cb82947f34084110c6f4ab7f6fe56921) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/07/10 21:00:36.0359 0420 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/07/10 21:00:36.0484 0420 LMIRfsDriver (74701f9e50292543e7c2867cdbf4c4a5) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/07/10 21:00:36.0562 0420 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/10 21:00:36.0796 0420 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/10 21:00:36.0875 0420 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/10 21:00:36.0968 0420 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/07/10 21:00:37.0078 0420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/10 21:00:37.0250 0420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/10 21:00:37.0296 0420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/10 21:00:37.0390 0420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/10 21:00:37.0468 0420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/10 21:00:37.0562 0420 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/10 21:00:37.0781 0420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/10 21:00:37.0843 0420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/10 21:00:37.0921 0420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/10 21:00:37.0968 0420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/10 21:00:38.0015 0420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/10 21:00:38.0234 0420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/10 21:00:38.0375 0420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/10 21:00:38.0640 0420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/10 21:00:38.0703 0420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/10 21:00:38.0828 0420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/10 21:00:38.0906 0420 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/10 21:00:39.0015 0420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/10 21:00:39.0109 0420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/10 21:00:39.0250 0420 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/10 21:00:39.0296 0420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/10 21:00:39.0375 0420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/10 21:00:39.0734 0420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/10 21:00:40.0093 0420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/10 21:00:40.0140 0420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/10 21:00:40.0265 0420 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/10 21:00:40.0359 0420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/10 21:00:40.0406 0420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/10 21:00:40.0484 0420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/10 21:00:40.0531 0420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/10 21:00:40.0609 0420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/10 21:00:40.0640 0420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/07/10 21:00:40.0734 0420 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/07/10 21:00:41.0140 0420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/10 21:00:41.0218 0420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/10 21:00:41.0250 0420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/10 21:00:41.0343 0420 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/10 21:00:41.0562 0420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/10 21:00:41.0640 0420 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/10 21:00:41.0687 0420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/10 21:00:41.0734 0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/10 21:00:41.0750 0420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/10 21:00:41.0812 0420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/10 21:00:41.0937 0420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/10 21:00:42.0015 0420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/10 21:00:42.0109 0420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/10 21:00:42.0203 0420 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/07/10 21:00:42.0296 0420 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/07/10 21:00:42.0390 0420 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/07/10 21:00:42.0578 0420 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/07/10 21:00:42.0671 0420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/10 21:00:42.0765 0420 SEMWModem (9d06827395b38c489bc3cd81664326d6) C:\WINDOWS\system32\DRIVERS\GCXX.sys
2011/07/10 21:00:42.0859 0420 SEMWWNIC (2d02e441e3e3f3e85f97a5c87634f4b9) C:\WINDOWS\system32\DRIVERS\GCXXNet.sys
2011/07/10 21:00:42.0921 0420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/10 21:00:42.0984 0420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/10 21:00:43.0046 0420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/10 21:00:43.0218 0420 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/07/10 21:00:43.0312 0420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/10 21:00:43.0375 0420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/10 21:00:43.0468 0420 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/10 21:00:43.0593 0420 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/07/10 21:00:43.0671 0420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/10 21:00:43.0734 0420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/10 21:00:43.0937 0420 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/10 21:00:44.0062 0420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/10 21:00:44.0171 0420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/10 21:00:44.0234 0420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/10 21:00:44.0328 0420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/10 21:00:44.0406 0420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/10 21:00:44.0500 0420 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/07/10 21:00:44.0671 0420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/10 21:00:44.0796 0420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/10 21:00:44.0937 0420 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/10 21:00:45.0031 0420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/10 21:00:45.0234 0420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/10 21:00:45.0578 0420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/10 21:00:45.0687 0420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/10 21:00:45.0781 0420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/10 21:00:45.0843 0420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/10 21:00:45.0890 0420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/10 21:00:45.0937 0420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/10 21:00:45.0968 0420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/07/10 21:00:46.0031 0420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/10 21:00:46.0265 0420 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/07/10 21:00:46.0546 0420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/10 21:00:46.0671 0420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/10 21:00:46.0796 0420 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/10 21:00:46.0953 0420 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/10 21:00:47.0062 0420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/10 21:00:47.0156 0420 MBR (0x1B8) (81a54cdf8594870d5a1628bc9455fe84) \Device\Harddisk0\DR0
2011/07/10 21:00:47.0171 0420 Boot (0x1200) (8ffd04c05d98011bafdc09fb7ff7e69d) \Device\Harddisk0\DR0\Partition0
2011/07/10 21:00:47.0218 0420 Boot (0x1200) (5ccdd1114c261952c72b9bbe966d0eb1) \Device\Harddisk0\DR0\Partition1
2011/07/10 21:00:47.0234 0420 ================================================================================
2011/07/10 21:00:47.0234 0420 Scan finished
2011/07/10 21:00:47.0234 0420 ================================================================================
2011/07/10 21:00:47.0250 3856 Detected object count: 0
2011/07/10 21:00:47.0250 3856 Actual detected object count: 0
2011/07/10 21:00:53.0421 2968 Deinitialize success

#7 Seve88

Seve88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 July 2011 - 07:09 PM

It is also not allowing any updates to Malwarebytes' Anti-Malware or any program to do any updates. When I try I get the following message:

"An error has occured. Please report this error code to our support team.
PROGRAM_ERROR_UPDATING (11001, 0 Host not found)
No such host is known.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:23 PM

Posted 11 July 2011 - 08:07 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#9 Seve88

Seve88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 July 2011 - 09:19 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.


Will do Madman, thanks. One other thing I did which Im not sure I should have is after the TDDSKiller scan it had this:


2011/07/09 09:07:17.0250 1124 Detected object count: 1
2011/07/09 09:07:17.0250 1124 Actual detected object count: 1
2011/07/09 09:07:21.0812 1124 LockedService.Multi.Generic(mphvqao) - User select action: Skip
2011/07/09 09:07:25.0796 0256 Deinitialize success

I went into task manager and when I saw the (mphvqao) still there I ended the process. I know it says skip but it kept coming up and thought this might fix it.

It seems strange because the laptop shows that it is recieving my wireless routers internet signal but nothing is working properly?

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:23 PM

Posted 11 July 2011 - 09:26 PM

Post in the malware lag section.

#11 Seve88

Seve88
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 July 2011 - 10:47 PM

Mod Edit: Moved from MRL to existing AII topic...sent PM to OP specifying procedures to be followed and seeking confirmation of any inability to produce logs or otherwise follow the Preop Guide ~ Hamluis.
Ok first off I started trying to clean a virus and after running several scans and following the advice here I have now can't connect to internet.

Here is my previous posting: http://www.bleepingcomputer.com/forums/topic408924.html/page__pid__2330906#entry2330906

I am at a point now where I have used a thumb drive to try to download the Secunia PSI to the laptop. But since I cannot connect to the internet the program won't install. This is what comes up,
" Unable to retrieve PSI user from Secunia.
Please verify that you are able to connect to https://psi.secunia.com/ and then restart the PSI

Please help

Another strange issue is that when I right click on the internet icon and open the Network Connections to check the Wireless Network Connection it shows it but it says "Disconnected"? Every other folder says its connected? I think my internet settings are messed up somehow.

I did a Network Diagnostic of my internet connection and it looks like there might be several issues. Is there a way to corren=ct this easily or might this still be virus related? Please any help greatly appreciated.

Last diagnostic run time: 07/11/11 08:58:18 DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): no
warn Unrecognized WinSock NSP: mdnsNSP
No DNS servers

action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info Redirecting user to support call



Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
action Automated repair: Reset network connection
action Disabling the network adapter
action Enabling the network adapter
info Network adapter successfully enabled
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
action Manual repair: Reboot modem
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue
info Waiting some time for the modem/router to stabilize
action Automated repair: Renew IP address
action Releasing the current IP address...
action Successfully released the current IP address
action Renewing the IP address...
action Successfully renewed the current IP address
info This computer has the following default gateway entry(ies): 192.168.1.1
info This computer has the following IP address(es): 192.168.1.101
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
warn Hostname www.microsoft.com could not be resolved (Error code 0x2afc). Could be either gateway or DNS issue



IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed



IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 192.168.1.101



Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

action User input required: Specify network name or SSID
Wireless - First time setup

info The Wireless Network name (SSID) to which the user would like to connect = linksys.
Wireless - Radio off

info Valid IP address detected: 192.168.1.101
Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR




WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Realtek RTL8139/810x Family Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection, Device=Intel® PRO/Wireless 2200BG Network Connection, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Wireless connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

Edited by hamluis, 12 July 2011 - 09:35 AM.


#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:23 PM

Posted 12 July 2011 - 09:44 AM

Can you please follow the below instructions and create the required DDS Logs as requested by me. You did not follow the directions in the guide the following information points you to.

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 19 July 2011 - 07:36 PM

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:


netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns
(The space between g and / is needed)
Exit

Restart the computer.

Let me know if able to connect. If you don't, are you connecting via a router? If you do, reset the router to factory settings and try again.

Edited by JSntgRvr, 19 July 2011 - 07:38 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 11 September 2011 - 11:54 PM

Due to the lack of feedback My subscription is no longer active. If you need this topic attended, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Edited by JSntgRvr, 11 September 2011 - 11:56 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users