Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log: Please help diagnose


  • This topic is locked This topic is locked
20 replies to this topic

#1 Nebowski

Nebowski

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 27 February 2012 - 03:17 PM

My laptop has become very slow! It's quite old and I suppose that could be the reason why, but I would like to make sure that it's not infected with malware.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:10:42, on 2012-02-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\DOCUME~1\KJELLS~1\LOKALA~1\Temp\RtkBtMnt.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kjell Samuelson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
C:\Program\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program\Trend Micro\HiJackThis\Hjt.exe.exe
C:\Program\F-Secure\Common\FSLAUNCH.EXE
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [Battery Optimizer] C:\Program\ReviverSoft\Battery Optimizer\BatteryOptimizer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Registry Reviver] C:\Program\Reviversoft\Registry Reviver\RegistryReviver.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kjell Samuelson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

--
End of file - 7436 bytes

Hope you can help, thanks! :)

/Nick

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 28 February 2012 - 01:39 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 02 March 2012 - 12:11 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Nebowski

Nebowski
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 02 March 2012 - 11:54 AM

Sorry, I've been away for a few days. Now I'm back :)

dds log:


.
DDS (Ver_2011-08-26.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Kjell Samuelson at 18:08:45 on 2012-03-02
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1014.464 [GMT 1:00]
.
AV: F-Secure Client Security 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.01 *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure\Common\FSMA32.EXE
C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\acer\epm\epm-dm.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program\F-Secure\Anti-Virus\fssm32.exe
C:\USBStorage\USBDetector.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kjell Samuelson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\KJELLS~1\LOKALA~1\Temp\RtkBtMnt.EXE
C:\Program\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kjell Samuelson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kjell Samuelson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kjell Samuelson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Program\F-Secure\Common\FSLAUNCH.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
{dbc80044-a445-435b-bc74-9c25c1c588a9}
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Registry Reviver] c:\program\reviversoft\registry reviver\RegistryReviver.exe
uRun: [Google Update] "c:\documents and settings\kjell samuelson\lokala inställningar\application data\google\update\GoogleUpdate.exe" /c
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] c:\program\cyberlink\powerdvd\PDVDServ.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [USBDetector] c:\usbstorage\USBDetector.exe
mRun: [Battery Optimizer] c:\program\reviversoft\battery optimizer\BatteryOptimizer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adober~1.lnk - c:\program\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3C7CD7B4-3AA2-48F8-87A1-E28A010CFC72} : DhcpNameServer = 10.0.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-8-1 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-8-1 79936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\f-secure\hips\drivers\fshs.sys [2009-8-1 67808]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2009-8-1 215648]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\minifilter\fsgk.sys [2009-8-1 124072]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2011-5-18 135664]
S3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2009-8-1 162456]
S3 FSORSPClient;F-Secure ORSP Client;c:\program\f-secure\orsp client\fsorsp.exe [2009-8-1 55904]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\google\update\GoogleUpdate.exe [2011-5-18 135664]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S4 Battery Optimizer;Battery Optimizer;"c:\program\reviversoft\battery optimizer\batteryoptimizerservice.exe" --> c:\program\reviversoft\battery optimizer\BatteryOptimizerService.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\fsfilter.sys [2009-8-1 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\fsrec.sys [2009-8-1 25184]
.
=============== Created Last 30 ================
.
2012-02-27 20:03:18 388096 ----a-r- c:\documents and settings\kjell samuelson\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-27 20:03:16 -------- d-----w- c:\program\Trend Micro
2012-02-24 20:22:49 -------- d-----w- c:\documents and settings\kjell samuelson\application data\GlarySoft
2012-02-24 20:22:48 -------- d-----w- c:\program\Absolute Uninstaller
2012-02-24 14:20:00 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-24 14:20:00 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
==================== Find3M ====================
.
2012-01-12 17:20:32 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-17 19:42:02 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23:18 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 18:09:30,35 ===============













attach log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-07-23 14:32:20
System Uptime: 2012-03-02 17:57:51 (1 hours ago)
.
Motherboard: Acer | | Morar
Processor: Intel® Celeron® M processor 1.50GHz | U1 | 1496/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 26 GiB total, 10,038 GiB free.
D: is FIXED (FAT32) - 27 GiB total, 26,6 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI-modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&33FD14CA&0&F3
Manufacturer:
Name: PCI-modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&33FD14CA&0&F3
Service:
.
Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Intel PCIC-kompatibel PCMCIA-styrenhet
Device ID: ROOT\PCMCIA\0000
Manufacturer: Intel
Name: Intel PCIC-kompatibel PCMCIA-styrenhet
PNP Device ID: ROOT\PCMCIA\0000
Service: pcmcia
.
==== System Restore Points ===================
.
RP341: 2011-11-29 14:07:43 - Systemkontrollpunkt
RP342: 2012-01-28 22:33:00 - Systemkontrollpunkt
RP343: 2012-01-29 21:53:10 - Software Distribution Service 3.0
RP344: 2012-01-31 14:39:05 - Systemkontrollpunkt
RP345: 2012-02-02 12:54:32 - Systemkontrollpunkt
RP346: 2012-02-24 11:42:41 - Systemkontrollpunkt
RP347: 2012-02-24 21:23:40 - Verktygsfältet Outlook (Windows Live Toolbar) togs bort
RP348: 2012-02-24 21:24:00 - Webbsökning med flikar (Windows Live Toolbar) togs bort
RP349: 2012-02-24 21:25:29 - Removed MSVCRT
RP350: 2012-02-24 21:26:38 - Removed OGA Notifier 2.0.0048.0
RP351: 2012-02-24 21:26:54 - OneCare Advisor (Windows Live Toolbar) togs bort
RP352: 2012-02-24 21:27:40 - Segoe UI togs bort
RP353: 2012-02-24 21:29:10 - Smarta menyer (Windows Live Toolbar) togs bort
RP354: 2012-02-24 21:32:24 - Feedidentifiering (Windows Live Toolbar) togs bort
RP355: 2012-02-24 21:36:41 - Removed Junk Mail filter update
RP356: 2012-02-25 00:48:10 - Software Distribution Service 3.0
RP357: 2012-02-25 22:51:13 - Software Distribution Service 3.0
RP358: 2012-02-27 21:03:15 - Installed HiJackThis
.
==== Installed Programs ======================
.
Absolute Uninstaller 2.9.0.722
Acer ePowerManagement
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0 - Svenska
AiO_Scan
Bokföring
F-Secure Client Security – E-postgenomsökning
F-Secure Client Security – Internet-sköld
F-Secure Client Security – Systemkontrollen
F-Secure Client Security – Webbtrafiksgenomsökning
F-Secure Client Security – Virus- och spionskydd
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Image Zone 4.2
HP Product Detection
HP PSC & OfficeJet 4.2
Java Auto Updater
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mobile Connect
Popup-blockeraren (Windows Live Toolbar)
PowerDVD
QFolder
Realtek AC'97 Audio
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Search 4 - KB963093
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB2158563)
Snabbkorrigering för Windows XP (KB2443685)
Snabbkorrigering för Windows XP (KB2570791)
Snabbkorrigering för Windows XP (KB2633952)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB961118)
Snabbkorrigering för Windows XP (KB970653-v3)
Snabbkorrigering för Windows XP (KB976098-v2)
Snabbkorrigering för Windows XP (KB979306)
Snabbkorrigering för Windows XP (KB981793)
Säkerhetsuppdatering för Microsoft Windows (KB2564958)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2482017)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2497640)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2510531)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2544521)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2586448)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2618444)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2647516)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB982381)
Säkerhetsuppdatering för Windows Media Player (KB2378111)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player (KB954155)
Säkerhetsuppdatering för Windows Media Player (KB973540)
Säkerhetsuppdatering för Windows Media Player (KB975558)
Säkerhetsuppdatering för Windows Media Player (KB978695)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows Media Player 9 (KB936782)
Säkerhetsuppdatering för Windows XP (KB2079403)
Säkerhetsuppdatering för Windows XP (KB2115168)
Säkerhetsuppdatering för Windows XP (KB2121546)
Säkerhetsuppdatering för Windows XP (KB2124261)
Säkerhetsuppdatering för Windows XP (KB2160329)
Säkerhetsuppdatering för Windows XP (KB2229593)
Säkerhetsuppdatering för Windows XP (KB2259922)
Säkerhetsuppdatering för Windows XP (KB2279986)
Säkerhetsuppdatering för Windows XP (KB2286198)
Säkerhetsuppdatering för Windows XP (KB2290570)
Säkerhetsuppdatering för Windows XP (KB2296011)
Säkerhetsuppdatering för Windows XP (KB2296199)
Säkerhetsuppdatering för Windows XP (KB2347290)
Säkerhetsuppdatering för Windows XP (KB2360937)
Säkerhetsuppdatering för Windows XP (KB2387149)
Säkerhetsuppdatering för Windows XP (KB2393802)
Säkerhetsuppdatering för Windows XP (KB2412687)
Säkerhetsuppdatering för Windows XP (KB2419632)
Säkerhetsuppdatering för Windows XP (KB2423089)
Säkerhetsuppdatering för Windows XP (KB2436673)
Säkerhetsuppdatering för Windows XP (KB2440591)
Säkerhetsuppdatering för Windows XP (KB2443105)
Säkerhetsuppdatering för Windows XP (KB2476490)
Säkerhetsuppdatering för Windows XP (KB2476687)
Säkerhetsuppdatering för Windows XP (KB2478960)
Säkerhetsuppdatering för Windows XP (KB2478971)
Säkerhetsuppdatering för Windows XP (KB2479628)
Säkerhetsuppdatering för Windows XP (KB2479943)
Säkerhetsuppdatering för Windows XP (KB2481109)
Säkerhetsuppdatering för Windows XP (KB2483185)
Säkerhetsuppdatering för Windows XP (KB2485376)
Säkerhetsuppdatering för Windows XP (KB2485663)
Säkerhetsuppdatering för Windows XP (KB2491683)
Säkerhetsuppdatering för Windows XP (KB2503658)
Säkerhetsuppdatering för Windows XP (KB2506212)
Säkerhetsuppdatering för Windows XP (KB2506223)
Säkerhetsuppdatering för Windows XP (KB2507618)
Säkerhetsuppdatering för Windows XP (KB2507938)
Säkerhetsuppdatering för Windows XP (KB2508272)
Säkerhetsuppdatering för Windows XP (KB2508429)
Säkerhetsuppdatering för Windows XP (KB2509553)
Säkerhetsuppdatering för Windows XP (KB2511455)
Säkerhetsuppdatering för Windows XP (KB2524375)
Säkerhetsuppdatering för Windows XP (KB2535512)
Säkerhetsuppdatering för Windows XP (KB2536276-v2)
Säkerhetsuppdatering för Windows XP (KB2544893-v2)
Säkerhetsuppdatering för Windows XP (KB2544893)
Säkerhetsuppdatering för Windows XP (KB2562937)
Säkerhetsuppdatering för Windows XP (KB2566454)
Säkerhetsuppdatering för Windows XP (KB2567053)
Säkerhetsuppdatering för Windows XP (KB2567680)
Säkerhetsuppdatering för Windows XP (KB2570222)
Säkerhetsuppdatering för Windows XP (KB2570947)
Säkerhetsuppdatering för Windows XP (KB2584146)
Säkerhetsuppdatering för Windows XP (KB2585542)
Säkerhetsuppdatering för Windows XP (KB2592799)
Säkerhetsuppdatering för Windows XP (KB2598479)
Säkerhetsuppdatering för Windows XP (KB2603381)
Säkerhetsuppdatering för Windows XP (KB2618451)
Säkerhetsuppdatering för Windows XP (KB2619339)
Säkerhetsuppdatering för Windows XP (KB2620712)
Säkerhetsuppdatering för Windows XP (KB2624667)
Säkerhetsuppdatering för Windows XP (KB2631813)
Säkerhetsuppdatering för Windows XP (KB2633171)
Säkerhetsuppdatering för Windows XP (KB2639417)
Säkerhetsuppdatering för Windows XP (KB2646524)
Säkerhetsuppdatering för Windows XP (KB2660465)
Säkerhetsuppdatering för Windows XP (KB2661637)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB923789)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953155)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956744)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956844)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958869)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB960859)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB969059)
Säkerhetsuppdatering för Windows XP (KB969947)
Säkerhetsuppdatering för Windows XP (KB970430)
Säkerhetsuppdatering för Windows XP (KB970483)
Säkerhetsuppdatering för Windows XP (KB971468)
Säkerhetsuppdatering för Windows XP (KB971486)
Säkerhetsuppdatering för Windows XP (KB971657)
Säkerhetsuppdatering för Windows XP (KB972270)
Säkerhetsuppdatering för Windows XP (KB973507)
Säkerhetsuppdatering för Windows XP (KB973525)
Säkerhetsuppdatering för Windows XP (KB973869)
Säkerhetsuppdatering för Windows XP (KB973904)
Säkerhetsuppdatering för Windows XP (KB974112)
Säkerhetsuppdatering för Windows XP (KB974318)
Säkerhetsuppdatering för Windows XP (KB974392)
Säkerhetsuppdatering för Windows XP (KB974571)
Säkerhetsuppdatering för Windows XP (KB975025)
Säkerhetsuppdatering för Windows XP (KB975467)
Säkerhetsuppdatering för Windows XP (KB975560)
Säkerhetsuppdatering för Windows XP (KB975561)
Säkerhetsuppdatering för Windows XP (KB975562)
Säkerhetsuppdatering för Windows XP (KB975713)
Säkerhetsuppdatering för Windows XP (KB977165)
Säkerhetsuppdatering för Windows XP (KB977816)
Säkerhetsuppdatering för Windows XP (KB977914)
Säkerhetsuppdatering för Windows XP (KB978037)
Säkerhetsuppdatering för Windows XP (KB978251)
Säkerhetsuppdatering för Windows XP (KB978262)
Säkerhetsuppdatering för Windows XP (KB978338)
Säkerhetsuppdatering för Windows XP (KB978542)
Säkerhetsuppdatering för Windows XP (KB978601)
Säkerhetsuppdatering för Windows XP (KB978706)
Säkerhetsuppdatering för Windows XP (KB979309)
Säkerhetsuppdatering för Windows XP (KB979482)
Säkerhetsuppdatering för Windows XP (KB979559)
Säkerhetsuppdatering för Windows XP (KB979683)
Säkerhetsuppdatering för Windows XP (KB979687)
Säkerhetsuppdatering för Windows XP (KB980195)
Säkerhetsuppdatering för Windows XP (KB980218)
Säkerhetsuppdatering för Windows XP (KB980232)
Säkerhetsuppdatering för Windows XP (KB980436)
Säkerhetsuppdatering för Windows XP (KB981322)
Säkerhetsuppdatering för Windows XP (KB981852)
Säkerhetsuppdatering för Windows XP (KB981957)
Säkerhetsuppdatering för Windows XP (KB981997)
Säkerhetsuppdatering för Windows XP (KB982132)
Säkerhetsuppdatering för Windows XP (KB982214)
Säkerhetsuppdatering för Windows XP (KB982665)
Säkerhetsuppdatering för Windows XP (KB982802)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Uppdatering för Windows XP (KB2141007)
Uppdatering för Windows XP (KB2345886)
Uppdatering för Windows XP (KB2467659)
Uppdatering för Windows XP (KB2541763)
Uppdatering för Windows XP (KB2616676-v2)
Uppdatering för Windows XP (KB2641690)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955759)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB961503)
Uppdatering för Windows XP (KB968389)
Uppdatering för Windows XP (KB971029)
Uppdatering för Windows XP (KB971737)
Uppdatering för Windows XP (KB973687)
Uppdatering för Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Search 4.0
Windows XP Service Pack 3
.
==== End Of File ===========================









Rootkit Unhooker log:



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF67D6000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5672960 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF6334000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBF1CC000 C:\WINDOWS\System32\igxpdx32.DLL 2531328 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2070144 bytes (Microsoft Corporation, NT:s kernel och system)
0x804D7000 PnpManager 2070144 bytes
0x804D7000 RAW 2070144 bytes
0x804D7000 WMIxWDM 2070144 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1564672 bytes (Intel Corporation, Component GHAL Driver)
0xAA5C9000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF616F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6743000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 372736 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xAA734000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9E0D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF436000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA967A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAA686000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xF61CD000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF748D000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)
0xAA1D6000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72F8000 C:\WINDOWS\System32\drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF73A4000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xA8ECD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA639000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xAA70C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7419000 dmio.sys 155648 bytes (Microsoft Corporation, Veritas Software, I/O-drivrutin för NT-diskhanterare)
0xAA6BE000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF734E000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6310000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF679E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF62ED000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA664000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA97AB000 C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys 139264 bytes (-, -)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7384000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF6723000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF743F000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)
0xF745E000 pcmcia.sys 122880 bytes (Microsoft Corporation, Drivrutiner för PCMCIA-Buss)
0xF72DE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73D0000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF73E9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA589000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7401000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7337000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF62D6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA36B000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xAA199000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA9EB5000 C:\WINDOWS\system32\drivers\epm-shd.sys 81920 bytes (Acer Value Labs, USA, Acer EPM SHD ECV-TO)
0xF67C2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA78D000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7325000 fsdfw.sys 73728 bytes (F-Secure Corporation, F-Secure Internet Shield Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7372000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)
0xA9103000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0xF747C000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)
0xF629D000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA579000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF75CC000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF774C000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF72AE000 C:\Program\F-Secure\HIPS\drivers\fshs.sys 61440 bytes (F-Secure Corporation, F-Secure HIPS 32-bit Driver)
0xAA491000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77DC000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF75DC000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF763C000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF760C000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF625D000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF769C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF775C000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Drivrutin för i8042 Port)
0xF776C000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75FC000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)
0xF76CC000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0xF767C000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF766C000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF778C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF770C000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF771C000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF76EC000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF76FC000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF72BE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)
0xF75EC000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF777C000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76BC000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF773C000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Drivrutin för processor)
0xF75BC000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)
0xF77BC000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF765C000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF762C000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF76AC000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF77AC000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA9AFD000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF768C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76DC000 fsbts.sys 36864 bytes (-, -)
0xF728E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF77FC000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF779C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF780C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF761C000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF764C000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise ULTRA66 Miniport Driver)
0xF628D000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7964000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF786C000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF787C000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF78FC000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7854000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF794C000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78A4000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7904000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)
0xF79BC000 C:\DOCUME~1\KJELLS~1\LOKALA~1\Temp\mbr.sys 28672 bytes
0xF783C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF789C000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF7874000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7884000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF788C000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF7914000 C:\WINDOWS\system32\DRIVERS\intelsmb.sys 24576 bytes (Intel Corporation, System Management Bus 2.0 (SMBus) Driver)
0xF790C000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)
0xF78F4000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7954000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7894000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF7864000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF785C000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF795C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7844000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7924000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF792C000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF784C000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF791C000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF796C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79E0000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF79F0000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF79D4000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF79F8000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7A8C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF79DC000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF79E8000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF79F4000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF7AA8000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA3F1000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF79E4000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF79D8000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI-drivrutin för inbäddad styrenhet)
0xF79EC000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF79CC000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF79D0000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6163000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF62C6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF71FA000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF62C2000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)
0xF7A90000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF71E1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A84000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF7A88000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7AC0000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7ADE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7ACC000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7AC8000 cmdide.sys 8192 bytes (CMD Technology, Inc., Drivrutin för CMD PCI IDE-buss)
0xF7ACA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7AE4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AD0000 ENECBPTH.sys 8192 bytes (EnE Technology Inc., EnE Cardbus Patch Driver)
0xF7ADC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AC2000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE-drivrutin)
0xF7ABC000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AE0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7ACE000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7AE2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AD4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AC4000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE-styrenhet)
0xF7AD6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AC6000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7ABE000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF6D92000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF6F9D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF6D4F000 C:\WINDOWS\system32\drivers\epm-psd.sys 4096 bytes (Acer Value Labs, USA, Acer EPM Power Scheme Driver)
0xF6D58000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B85000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B84000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)
==============================================
>Stealth
==============================================








No problem

Edited by Nebowski, 02 March 2012 - 12:24 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 02 March 2012 - 02:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 05 March 2012 - 01:47 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Nebowski

Nebowski
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 05 March 2012 - 04:24 PM

Combofix Log:


ComboFix 12-03-04.02 - Kjell Samuelson 2012-03-05 22:13:36.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1014.534 [GMT 1:00]
Körs från: c:\documents and settings\Kjell Samuelson\Mina dokument\Downloads\ComboFix.exe
AV: F-Secure Client Security 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Kjell Samuelson\Application Data\PriceGong\Data\z.xml
c:\windows\system32\Cache
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET19D.tmp
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-05 till 2012-03-05 ))))))))))))))))))))))))))))))
.
.
2012-02-27 20:03 . 2012-02-27 20:03 388096 ----a-r- c:\documents and settings\Kjell Samuelson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-27 20:03 . 2012-02-27 20:03 -------- d-----w- c:\program\Trend Micro
2012-02-24 20:22 . 2012-02-24 20:22 -------- d-----w- c:\documents and settings\Kjell Samuelson\Application Data\GlarySoft
2012-02-24 20:22 . 2012-02-24 20:22 -------- d-----w- c:\program\Absolute Uninstaller
2012-02-24 14:20 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-24 14:20 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2009-06-12 13:48 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 212992]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-10-26 2889728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 385024]
"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\program\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-08-01 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-01 79936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\F-Secure\HIPS\drivers\fshs.sys [2009-08-01 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-08-01 124072]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
S3 FSORSPClient;F-Secure ORSP Client;c:\program\F-Secure\ORSP Client\fsorsp.exe [2009-08-01 55904]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S4 Battery Optimizer;Battery Optimizer;"c:\program\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe" --> c:\program\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-08-01 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-08-01 25184]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - INT15.SYS
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-03-05 c:\windows\Tasks\User_Feed_Synchronization-{8D09BAA2-AF96-4C00-8BE7-9404FEDABF67}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 13:44]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 13:44]
.
.
------- Extra genomsökning -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Registry Reviver - c:\program\Reviversoft\Registry Reviver\RegistryReviver.exe
HKLM-Run-Battery Optimizer - c:\program\ReviverSoft\Battery Optimizer\BatteryOptimizer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 22:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Sluttid: 2012-03-05 22:19:44
ComboFix-quarantined-files.txt 2012-03-05 21:19
.
Före genomsökningen: 10 633 592 832 byte ledigt
Efter genomsökningen: 11 013 079 040 byte ledigt
.
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F17D7E459D75696CDAB9C27FDB8D0631




No problem, and computer seems unchanged

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 05 March 2012 - 08:34 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 08 March 2012 - 01:03 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Nebowski

Nebowski
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 08 March 2012 - 02:36 PM

Hello!

Edit: Here are the logs:


20:38:31.0781 2636 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
20:38:32.0078 2636 ============================================================
20:38:32.0078 2636 Current date / time: 2012/03/08 20:38:32.0078
20:38:32.0078 2636 SystemInfo:
20:38:32.0078 2636
20:38:32.0078 2636 OS Version: 5.1.2600 ServicePack: 3.0
20:38:32.0078 2636 Product type: Workstation
20:38:32.0078 2636 ComputerName: ACER-20F6620599
20:38:32.0078 2636 UserName: Kjell Samuelson
20:38:32.0078 2636 Windows directory: C:\WINDOWS
20:38:32.0078 2636 System windows directory: C:\WINDOWS
20:38:32.0078 2636 Processor architecture: Intel x86
20:38:32.0078 2636 Number of processors: 1
20:38:32.0078 2636 Page size: 0x1000
20:38:32.0078 2636 Boot type: Normal boot
20:38:32.0078 2636 ============================================================
20:38:33.0640 2636 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:38:33.0640 2636 \Device\Harddisk0\DR0:
20:38:33.0640 2636 MBR used
20:38:33.0640 2636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x640398, BlocksNum 0x3446454
20:38:33.0640 2636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3A867EC, BlocksNum 0x353D5D3
20:38:33.0687 2636 Initialize success
20:38:33.0687 2636 ============================================================
20:38:40.0328 2776 ============================================================
20:38:40.0328 2776 Scan started
20:38:40.0328 2776 Mode: Manual;
20:38:40.0328 2776 ============================================================
20:38:40.0734 2776 Abiosdsk - ok
20:38:40.0953 2776 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:38:40.0953 2776 abp480n5 - ok
20:38:41.0187 2776 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:38:41.0187 2776 ACPI - ok
20:38:41.0312 2776 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:38:41.0312 2776 ACPIEC - ok
20:38:41.0515 2776 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:38:41.0515 2776 adpu160m - ok
20:38:41.0734 2776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:38:41.0734 2776 aec - ok
20:38:42.0046 2776 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:38:42.0046 2776 AFD - ok
20:38:42.0234 2776 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:38:42.0234 2776 agp440 - ok
20:38:42.0437 2776 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:38:42.0437 2776 agpCPQ - ok
20:38:42.0625 2776 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:38:42.0640 2776 Aha154x - ok
20:38:42.0828 2776 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:38:42.0828 2776 aic78u2 - ok
20:38:43.0031 2776 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:38:43.0031 2776 aic78xx - ok
20:38:43.0406 2776 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:38:43.0812 2776 ALCXWDM - ok
20:38:44.0078 2776 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:38:44.0093 2776 AliIde - ok
20:38:44.0343 2776 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:38:44.0343 2776 alim1541 - ok
20:38:44.0515 2776 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:38:44.0515 2776 amdagp - ok
20:38:44.0718 2776 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:38:44.0718 2776 amsint - ok
20:38:44.0921 2776 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:38:44.0921 2776 Arp1394 - ok
20:38:45.0171 2776 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:38:45.0171 2776 asc - ok
20:38:45.0359 2776 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:38:45.0375 2776 asc3350p - ok
20:38:45.0562 2776 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:38:45.0562 2776 asc3550 - ok
20:38:45.0781 2776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:38:45.0781 2776 AsyncMac - ok
20:38:46.0031 2776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:46.0031 2776 atapi - ok
20:38:46.0453 2776 Atdisk - ok
20:38:46.0593 2776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:38:46.0593 2776 Atmarpc - ok
20:38:46.0796 2776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:38:46.0796 2776 audstub - ok
20:38:47.0078 2776 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:38:47.0078 2776 BCM43XX - ok
20:38:47.0218 2776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:38:47.0218 2776 Beep - ok
20:38:47.0375 2776 catchme - ok
20:38:47.0500 2776 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:38:47.0500 2776 cbidf - ok
20:38:47.0625 2776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:38:47.0625 2776 cbidf2k - ok
20:38:47.0812 2776 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:38:47.0812 2776 cd20xrnt - ok
20:38:47.0968 2776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:38:47.0968 2776 Cdaudio - ok
20:38:48.0125 2776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:38:48.0140 2776 Cdfs - ok
20:38:48.0281 2776 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:38:48.0296 2776 Cdrom - ok
20:38:48.0546 2776 Changer - ok
20:38:48.0718 2776 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:38:48.0718 2776 CmBatt - ok
20:38:48.0984 2776 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:38:48.0984 2776 CmdIde - ok
20:38:49.0140 2776 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:38:49.0156 2776 Compbatt - ok
20:38:49.0343 2776 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:38:49.0343 2776 Cpqarray - ok
20:38:49.0562 2776 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:38:49.0578 2776 dac2w2k - ok
20:38:49.0765 2776 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:38:49.0765 2776 dac960nt - ok
20:38:49.0984 2776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:49.0984 2776 Disk - ok
20:38:50.0171 2776 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
20:38:50.0218 2776 dmboot - ok
20:38:50.0453 2776 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
20:38:50.0453 2776 dmio - ok
20:38:50.0562 2776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:38:50.0562 2776 dmload - ok
20:38:50.0781 2776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:38:50.0781 2776 DMusic - ok
20:38:51.0000 2776 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:38:51.0000 2776 dpti2o - ok
20:38:51.0156 2776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:38:51.0156 2776 drmkaud - ok
20:38:51.0437 2776 ENECBPTH (48cf4234f33b427fe1fa352a7dc9f6c7) C:\WINDOWS\system32\drivers\ENECBPTH.sys
20:38:51.0500 2776 ENECBPTH - ok
20:38:51.0718 2776 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
20:38:51.0781 2776 EpmPsd - ok
20:38:52.0046 2776 EpmShd (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
20:38:52.0125 2776 EpmShd - ok
20:38:52.0343 2776 F-Secure Filter (040643b32bcf5e85e2592c42c97dc919) C:\Program\F-Secure\Anti-Virus\Win2K\FSfilter.sys
20:38:52.0343 2776 F-Secure Filter - ok
20:38:52.0562 2776 F-Secure Gatekeeper (59cb82e8506071335e5aecabe630032f) C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys
20:38:52.0562 2776 F-Secure Gatekeeper - ok
20:38:52.0750 2776 F-Secure HIPS (64a8f71b19cb0a3f4a3c807ab03e448a) C:\Program\F-Secure\HIPS\drivers\fshs.sys
20:38:52.0750 2776 F-Secure HIPS - ok
20:38:52.0984 2776 F-Secure Recognizer (da70fac49dca8003463b1ed1f4684678) C:\Program\F-Secure\Anti-Virus\Win2K\FSrec.sys
20:38:52.0984 2776 F-Secure Recognizer - ok
20:38:53.0156 2776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:38:53.0156 2776 Fastfat - ok
20:38:53.0296 2776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:38:53.0296 2776 Fdc - ok
20:38:53.0484 2776 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:38:53.0484 2776 FETNDIS - ok
20:38:53.0640 2776 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
20:38:53.0640 2776 Fips - ok
20:38:53.0859 2776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:38:53.0859 2776 Flpydisk - ok
20:38:54.0218 2776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:38:54.0218 2776 FltMgr - ok
20:38:54.0437 2776 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\WINDOWS\system32\Drivers\fsbts.sys
20:38:54.0453 2776 fsbts - ok
20:38:54.0625 2776 FSFW (f91745b9e4a86b943fbaa67b6a1c13a0) C:\WINDOWS\system32\drivers\fsdfw.sys
20:38:54.0625 2776 FSFW - ok
20:38:54.0765 2776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:38:54.0765 2776 Fs_Rec - ok
20:38:55.0015 2776 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:38:55.0031 2776 Ftdisk - ok
20:38:55.0281 2776 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
20:38:55.0281 2776 gagp30kx - ok
20:38:55.0546 2776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:38:55.0546 2776 Gpc - ok
20:38:55.0765 2776 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:38:55.0765 2776 HidUsb - ok
20:38:56.0000 2776 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:38:56.0000 2776 hpn - ok
20:38:56.0234 2776 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:38:56.0296 2776 HPZid412 - ok
20:38:56.0515 2776 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:38:56.0578 2776 HPZipr12 - ok
20:38:56.0796 2776 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:38:56.0875 2776 HPZius12 - ok
20:38:57.0078 2776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:38:57.0078 2776 HTTP - ok
20:38:57.0250 2776 hwdatacard (d24c509bce360af120431d44d100605b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:38:57.0375 2776 hwdatacard - ok
20:38:57.0578 2776 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:38:57.0578 2776 i2omgmt - ok
20:38:57.0765 2776 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:38:57.0765 2776 i2omp - ok
20:38:57.0968 2776 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:38:57.0968 2776 i8042prt - ok
20:38:58.0500 2776 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:38:58.0828 2776 ialm - ok
20:38:59.0109 2776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:38:59.0109 2776 Imapi - ok
20:38:59.0328 2776 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:38:59.0328 2776 ini910u - ok
20:38:59.0375 2776 int15.sys - ok
20:38:59.0515 2776 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:38:59.0515 2776 IntelIde - ok
20:38:59.0687 2776 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:38:59.0687 2776 intelppm - ok
20:38:59.0921 2776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:38:59.0921 2776 Ip6Fw - ok
20:39:00.0062 2776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:39:00.0078 2776 IpFilterDriver - ok
20:39:00.0281 2776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:39:00.0281 2776 IpInIp - ok
20:39:00.0468 2776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:39:00.0468 2776 IpNat - ok
20:39:00.0718 2776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:39:00.0734 2776 IPSec - ok
20:39:01.0046 2776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:39:01.0046 2776 IRENUM - ok
20:39:01.0281 2776 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:39:01.0281 2776 isapnp - ok
20:39:01.0515 2776 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:39:01.0515 2776 Kbdclass - ok
20:39:01.0734 2776 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:39:01.0734 2776 kbdhid - ok
20:39:01.0968 2776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:39:01.0968 2776 kmixer - ok
20:39:02.0187 2776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:39:02.0203 2776 KSecDD - ok
20:39:02.0484 2776 lbrtfdc - ok
20:39:02.0734 2776 massfilter - ok
20:39:02.0859 2776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:39:02.0875 2776 mnmdd - ok
20:39:03.0109 2776 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
20:39:03.0109 2776 Modem - ok
20:39:03.0265 2776 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:39:03.0265 2776 Mouclass - ok
20:39:03.0515 2776 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:39:03.0515 2776 mouhid - ok
20:39:03.0718 2776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:39:03.0734 2776 MountMgr - ok
20:39:04.0015 2776 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:39:04.0078 2776 mraid35x - ok
20:39:04.0312 2776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:39:04.0328 2776 MRxDAV - ok
20:39:04.0562 2776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:39:04.0578 2776 MRxSmb - ok
20:39:04.0750 2776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:39:04.0750 2776 Msfs - ok
20:39:05.0015 2776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:39:05.0015 2776 MSKSSRV - ok
20:39:05.0234 2776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:39:05.0234 2776 MSPCLOCK - ok
20:39:05.0359 2776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:39:05.0359 2776 MSPQM - ok
20:39:05.0609 2776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:39:05.0609 2776 mssmbios - ok
20:39:05.0812 2776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:39:05.0812 2776 Mup - ok
20:39:05.0984 2776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:39:05.0984 2776 NDIS - ok
20:39:06.0218 2776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:39:06.0218 2776 NdisTapi - ok
20:39:06.0359 2776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:39:06.0359 2776 Ndisuio - ok
20:39:06.0500 2776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:39:06.0515 2776 NdisWan - ok
20:39:06.0781 2776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:39:06.0781 2776 NDProxy - ok
20:39:06.0968 2776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:39:06.0968 2776 NetBIOS - ok
20:39:07.0187 2776 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:39:07.0187 2776 NetBT - ok
20:39:07.0375 2776 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:39:07.0390 2776 NIC1394 - ok
20:39:07.0531 2776 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
20:39:07.0531 2776 nm - ok
20:39:07.0718 2776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:39:07.0718 2776 Npfs - ok
20:39:07.0953 2776 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:39:07.0953 2776 NSCIRDA - ok
20:39:08.0187 2776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:39:08.0218 2776 Ntfs - ok
20:39:08.0437 2776 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:39:08.0500 2776 NTIDrvr - ok
20:39:08.0640 2776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:39:08.0640 2776 Null - ok
20:39:08.0765 2776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:39:08.0765 2776 NwlnkFlt - ok
20:39:08.0906 2776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:39:08.0906 2776 NwlnkFwd - ok
20:39:09.0093 2776 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:39:09.0093 2776 NwlnkIpx - ok
20:39:09.0218 2776 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:39:09.0218 2776 NwlnkNb - ok
20:39:09.0343 2776 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:39:09.0343 2776 NwlnkSpx - ok
20:39:09.0593 2776 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
20:39:09.0609 2776 NWRDR - ok
20:39:09.0750 2776 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:39:09.0750 2776 ohci1394 - ok
20:39:09.0906 2776 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys
20:39:09.0906 2776 Parport - ok
20:39:10.0125 2776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:39:10.0125 2776 PartMgr - ok
20:39:10.0250 2776 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
20:39:10.0250 2776 ParVdm - ok
20:39:10.0484 2776 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
20:39:10.0484 2776 PCI - ok
20:39:10.0734 2776 PCIDump - ok
20:39:11.0015 2776 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:39:11.0015 2776 PCIIde - ok
20:39:11.0296 2776 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:39:11.0296 2776 Pcmcia - ok
20:39:11.0546 2776 PDCOMP - ok
20:39:11.0765 2776 PDFRAME - ok
20:39:12.0015 2776 PDRELI - ok
20:39:12.0265 2776 PDRFRAME - ok
20:39:12.0468 2776 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:39:12.0468 2776 perc2 - ok
20:39:12.0656 2776 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:39:12.0656 2776 perc2hib - ok
20:39:12.0921 2776 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
20:39:13.0000 2776 pfc - ok
20:39:13.0203 2776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:39:13.0203 2776 PptpMiniport - ok
20:39:13.0375 2776 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
20:39:13.0375 2776 Processor - ok
20:39:13.0531 2776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:39:13.0531 2776 PSched - ok
20:39:13.0656 2776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:39:13.0656 2776 Ptilink - ok
20:39:13.0875 2776 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:39:13.0875 2776 ql1080 - ok
20:39:14.0187 2776 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:39:14.0187 2776 Ql10wnt - ok
20:39:14.0390 2776 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:39:14.0390 2776 ql12160 - ok
20:39:14.0593 2776 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:39:14.0593 2776 ql1240 - ok
20:39:14.0796 2776 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:39:14.0796 2776 ql1280 - ok
20:39:14.0953 2776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:39:14.0968 2776 RasAcd - ok
20:39:15.0171 2776 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:39:15.0171 2776 Rasirda - ok
20:39:15.0312 2776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:39:15.0312 2776 Rasl2tp - ok
20:39:15.0468 2776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:39:15.0484 2776 RasPppoe - ok
20:39:15.0593 2776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:39:15.0593 2776 Raspti - ok
20:39:15.0812 2776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:39:15.0828 2776 Rdbss - ok
20:39:16.0046 2776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:39:16.0046 2776 RDPCDD - ok
20:39:16.0250 2776 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:39:16.0265 2776 rdpdr - ok
20:39:16.0421 2776 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:39:16.0421 2776 RDPWD - ok
20:39:16.0609 2776 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:39:16.0609 2776 redbook - ok
20:39:16.0953 2776 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:39:17.0031 2776 RTL8023xp - ok
20:39:17.0375 2776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:39:17.0390 2776 Secdrv - ok
20:39:17.0546 2776 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
20:39:17.0546 2776 Serial - ok
20:39:17.0734 2776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:39:17.0734 2776 Sfloppy - ok
20:39:18.0000 2776 Simbad - ok
20:39:18.0296 2776 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:39:18.0296 2776 sisagp - ok
20:39:18.0484 2776 smbusp (64dce11279fde28f0abf6f04aa6a073a) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
20:39:18.0593 2776 smbusp - ok
20:39:18.0781 2776 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:39:18.0796 2776 Sparrow - ok
20:39:18.0984 2776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:39:18.0984 2776 splitter - ok
20:39:19.0171 2776 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
20:39:19.0187 2776 sr - ok
20:39:19.0328 2776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:39:19.0343 2776 Srv - ok
20:39:19.0531 2776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:39:19.0531 2776 swenum - ok
20:39:19.0718 2776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:39:19.0718 2776 swmidi - ok
20:39:19.0921 2776 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:39:19.0921 2776 symc810 - ok
20:39:20.0156 2776 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:39:20.0171 2776 symc8xx - ok
20:39:20.0359 2776 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:39:20.0359 2776 sym_hi - ok
20:39:20.0546 2776 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:39:20.0562 2776 sym_u3 - ok
20:39:20.0718 2776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:39:20.0718 2776 sysaudio - ok
20:39:20.0906 2776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:39:20.0937 2776 Tcpip - ok
20:39:21.0296 2776 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:39:21.0312 2776 Tcpip6 - ok
20:39:21.0468 2776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:39:21.0468 2776 TDPIPE - ok
20:39:21.0625 2776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:39:21.0625 2776 TDTCP - ok
20:39:21.0781 2776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:39:21.0781 2776 TermDD - ok
20:39:22.0031 2776 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys
20:39:22.0031 2776 TosIde - ok
20:39:22.0281 2776 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:39:22.0281 2776 tunmp - ok
20:39:22.0437 2776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:39:22.0437 2776 Udfs - ok
20:39:22.0656 2776 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:39:22.0656 2776 ultra - ok
20:39:22.0937 2776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:39:22.0984 2776 Update - ok
20:39:23.0156 2776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:39:23.0156 2776 usbccgp - ok
20:39:23.0359 2776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:39:23.0375 2776 usbehci - ok
20:39:23.0671 2776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:39:23.0687 2776 usbhub - ok
20:39:24.0046 2776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:39:24.0046 2776 usbprint - ok
20:39:24.0296 2776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:39:24.0343 2776 usbscan - ok
20:39:24.0515 2776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:39:24.0515 2776 USBSTOR - ok
20:39:24.0656 2776 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:39:24.0656 2776 usbuhci - ok
20:39:24.0781 2776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:39:24.0781 2776 VgaSave - ok
20:39:25.0046 2776 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:39:25.0062 2776 viaagp - ok
20:39:25.0343 2776 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:39:25.0359 2776 ViaIde - ok
20:39:25.0625 2776 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
20:39:25.0640 2776 VolSnap - ok
20:39:25.0953 2776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:39:25.0953 2776 Wanarp - ok
20:39:26.0265 2776 WDICA - ok
20:39:26.0515 2776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:39:26.0515 2776 wdmaud - ok
20:39:26.0843 2776 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:39:26.0843 2776 WmiAcpi - ok
20:39:27.0015 2776 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:39:27.0015 2776 WS2IFSL - ok
20:39:27.0296 2776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:39:27.0312 2776 WudfPf - ok
20:39:27.0562 2776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:39:27.0578 2776 WudfRd - ok
20:39:27.0843 2776 ZTEusbmdm6k - ok
20:39:28.0093 2776 ZTEusbnmea - ok
20:39:28.0359 2776 ZTEusbser6k - ok
20:39:28.0390 2776 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
20:39:32.0593 2776 \Device\Harddisk0\DR0 - ok
20:39:32.0609 2776 Boot (0x1200) (6339af79b069424e6558f7724e4c3e04) \Device\Harddisk0\DR0\Partition0
20:39:32.0625 2776 \Device\Harddisk0\DR0\Partition0 - ok
20:39:32.0656 2776 Boot (0x1200) (c0c226cc2ed9745e0f3579aba7342e90) \Device\Harddisk0\DR0\Partition1
20:39:32.0656 2776 \Device\Harddisk0\DR0\Partition1 - ok
20:39:32.0671 2776 ============================================================
20:39:32.0671 2776 Scan finished
20:39:32.0671 2776 ============================================================
20:39:32.0703 2792 Detected object count: 0
20:39:32.0703 2792 Actual detected object count: 0








aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 20:46:15
-----------------------------
20:46:15.015 OS Version: Windows 5.1.2600 Service Pack 3
20:46:15.015 Number of processors: 1 586 0xD08
20:46:15.015 ComputerName: ACER-20F6620599 UserName: Kjell Samuelson
20:46:15.656 Initialize success
20:50:07.906 AVAST engine defs: 12030800
20:53:12.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:53:12.968 Disk 0 Vendor: MAXTOR_ST60212A 3.06 Size: 57231MB BusType: 3
20:53:12.984 Disk 0 MBR read successfully
20:53:12.984 Disk 0 MBR scan
20:53:13.046 Disk 0 unknown MBR code
20:53:13.062 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 3200 MB offset 63
20:53:13.093 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 26764 MB offset 6554520
20:53:13.109 Disk 0 Partition 3 00 0C FAT32 LBA MSDOS5.0 27258 MB offset 61368300
20:53:13.140 Disk 0 scanning sectors +117194175
20:53:13.203 Disk 0 scanning C:\WINDOWS\system32\drivers
20:55:43.265 Service scanning
20:56:41.296 Modules scanning
20:56:59.812 Disk 0 trace - called modules:
20:56:59.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:56:59.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8655d030]
20:56:59.859 3 CLASSPNP.SYS[f769cfd7] -> nt!IofCallDriver -> \Device\000000ab[0x86546f18]
20:56:59.859 5 ACPI.sys[f7493620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86573940]
20:57:00.250 AVAST engine scan C:\WINDOWS
20:57:26.406 AVAST engine scan C:\WINDOWS\system32
21:04:39.421 AVAST engine scan C:\WINDOWS\system32\drivers
21:04:56.109 AVAST engine scan C:\Documents and Settings\Kjell Samuelson
21:07:20.390 AVAST engine scan C:\Documents and Settings\All Users
21:07:32.968 Scan finished successfully
21:09:12.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kjell Samuelson\Mina dokument\MBR.dat"
21:09:12.203 The log file has been saved successfully to "C:\Documents and Settings\Kjell Samuelson\Mina dokument\aswMBR.txt"

Edited by Nebowski, 08 March 2012 - 03:11 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 09 March 2012 - 12:28 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 12 March 2012 - 01:50 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Nebowski

Nebowski
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 14 March 2012 - 12:02 PM

My father had to use the computer for a few days, thats why I haven't replied. My apologies.

Here's the Combofix scan:


ComboFix 12-03-04.02 - Kjell Samuelson 2012-03-14 18:12:06.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1014.559 [GMT 1:00]
Körs från: c:\documents and settings\Kjell Samuelson\Mina dokument\Downloads\ComboFix.exe
Kommandoväxlar som använts :: c:\documents and settings\Kjell Samuelson\Skrivbord\CFScript.txt
AV: F-Secure Client Security 8.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.01 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
- REDUCERAD FUNKTIONALITETSMOD -
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-14 till 2012-03-14 ))))))))))))))))))))))))))))))
.
.
2012-02-27 20:03 . 2012-02-27 20:03 388096 ----a-r- c:\documents and settings\Kjell Samuelson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-27 20:03 . 2012-02-27 20:03 -------- d-----w- c:\program\Trend Micro
2012-02-24 20:22 . 2012-02-24 20:22 -------- d-----w- c:\documents and settings\Kjell Samuelson\Application Data\GlarySoft
2012-02-24 20:22 . 2012-02-24 20:22 -------- d-----w- c:\program\Absolute Uninstaller
2012-02-24 14:20 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-24 14:20 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2009-06-12 13:48 1859968 ------w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-04 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 212992]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-10-26 2889728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 385024]
"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\program\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"USBDetector"="c:\usbstorage\USBDetector.exe" [2003-04-01 53248]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start-meny\Program\Autostart\
Windows Search.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-08-01 42664]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-01 79936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\F-Secure\HIPS\drivers\fshs.sys [2009-08-01 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\minifilter\fsgk.sys [2009-08-01 124072]
S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
S3 FSORSPClient;F-Secure ORSP Client;c:\program\F-Secure\ORSP Client\fsorsp.exe [2009-08-01 55904]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 135664]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S4 Battery Optimizer;Battery Optimizer;"c:\program\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe" --> c:\program\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\fsfilter.sys [2009-08-01 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\fsrec.sys [2009-08-01 25184]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - INT15.SYS
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-03-14 c:\windows\Tasks\User_Feed_Synchronization-{8D09BAA2-AF96-4C00-8BE7-9404FEDABF67}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 13:44]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2011-05-18 13:44]
.
.
------- Extra genomsökning -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR
IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 18:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Sluttid: 2012-03-14 18:15:01
ComboFix-quarantined-files.txt 2012-03-14 17:15
ComboFix2.txt 2012-03-05 21:19
.
Före genomsökningen: 10 893 901 824 byte ledigt
Efter genomsökningen: 11 021 844 480 byte ledigt
.
- - End Of File - - BE66F198917867E526457707F4AD7135

Edited by Nebowski, 14 March 2012 - 12:31 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 14 March 2012 - 03:07 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 7.0 - Svenska [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 17 March 2012 - 12:46 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users