Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan-Clicker.win32.Small.kj infection

Started by t_coop , Nov 28 2011 06:07 PM

Please log in to reply

#16
RKinner

Posted 02 December 2011 - 10:53 AM

Malware Expert

Expert
24,625 posts

OK. I see what you mean. Just run it without the scan.txt the first time. Let's see what you have.

#17
t_coop

Posted 03 December 2011 - 09:48 AM

Member

Topic Starter
Member
46 posts

I had two create two boot CD's for OTLPEStd and OTLPENet. OTLPENet asked to erase the CD before continuing. I'm using a RW CD. Which one do I use to boot with?

Tom

#18
RKinner

Posted 03 December 2011 - 09:58 AM

Malware Expert

Expert
24,625 posts

I'd start with OTLPEStd tho I sort of thought they would be on the same CD.

#19
t_coop

Posted 03 December 2011 - 12:42 PM

Member

Topic Starter
Member
46 posts

Making progress. I wasn't able to boot with the OTLPESts boot CD. Received message 'Target is not Windows 2000 or later'. I was able to use a USB keyboard and mouse to log in and navigate. I'm not getting as many errors and warnings now and am able to access the internet from this laptop. Still do not have keyboard or touch pad access. Combofix started after the restart and created a log file. Also ran TDSSKiller and aswMBR. The FIX button was disabled after the scan. Here are the logs:

Combofix:
ComboFix 11-11-29.04 - user 12/03/2011 12:44:24.4.2 - x86
Running from: c:\users\user\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\programdata\ntuser.dat
c:\users\user\AppData\Local\rjc.exe
c:\windows\$NtUninstallKB28629$\1577791966\@
c:\windows\$NtUninstallKB28629$\1577791966\bckfg.tmp
c:\windows\$NtUninstallKB28629$\1577791966\cfg.ini
c:\windows\$NtUninstallKB28629$\1577791966\Desktop.ini
c:\windows\$NtUninstallKB28629$\1577791966\keywords
c:\windows\$NtUninstallKB28629$\1577791966\kwrd.dll
c:\windows\$NtUninstallKB28629$\1577791966\L\qnbwvoto
c:\windows\$NtUninstallKB28629$\1577791966\lsflt7.ver
c:\windows\$NtUninstallKB28629$\1577791966\U\00000001.@
c:\windows\$NtUninstallKB28629$\1577791966\U\00000002.@
c:\windows\$NtUninstallKB28629$\1577791966\U\00000004.@
c:\windows\$NtUninstallKB28629$\1577791966\U\80000000.@
c:\windows\$NtUninstallKB28629$\1577791966\U\80000004.@
c:\windows\$NtUninstallKB28629$\1577791966\U\80000032.@
c:\windows\$NtUninstallKB28629$\3735076892
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 17:56 . 2011-12-03 17:56 -------- d-----w- c:\users\user\AppData\Local\temp
2011-11-28 02:55 . 2011-11-28 02:55 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F7002F-47E6-4ADB-97B6-CD9FBEA10397}\offreg.dll
2011-11-28 02:55 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F7002F-47E6-4ADB-97B6-CD9FBEA10397}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 13:20 . 2011-06-08 13:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2011-02-26 15:44 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-09 18:53 . 2011-05-09 16:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 18:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-29 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"OLPSYNCH"="c:\program files\Offline Course Player\OlpSynch.exe" [2008-09-05 42288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1570795875]
2007-02-06 18:48 71432 ----a-w- c:\program files\Toshiba Registration\Activation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\740751906]
2007-02-06 18:48 71432 ----a-w- c:\program files\Toshiba Registration\Registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 16:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 01:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 01:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 01:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2006-12-03 23:29 49168 ----a-w- c:\program files\Protector Suite QL\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 15:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34 2159104 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R1 MpKsl0144773b;MpKsl0144773b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDDC7CD3-D1DC-4FCA-8436-8A9F49B60325}\MpKsl0144773b.sys [x]
R1 MpKsl07e973b1;MpKsl07e973b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32FC9CEF-7392-4B04-A1EE-3CFE6E1A0B1A}\MpKsl07e973b1.sys [x]
R1 MpKsl0834f347;MpKsl0834f347;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11EB684A-66B1-4873-A1C0-DE592C45AF28}\MpKsl0834f347.sys [x]
R1 MpKsl11ae70be;MpKsl11ae70be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D79AD579-BBFA-4841-AF07-DC15CC992DE0}\MpKsl11ae70be.sys [x]
R1 MpKsl11d6f00a;MpKsl11d6f00a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C01DC1D-EE2D-47AA-8305-D80DB956D0B8}\MpKsl11d6f00a.sys [x]
R1 MpKsl11ffaeeb;MpKsl11ffaeeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40099AA2-2423-4164-BBE3-D64DE26574B4}\MpKsl11ffaeeb.sys [x]
R1 MpKsl16d581e9;MpKsl16d581e9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E610EA7-3C18-42FC-9918-7B80205ECD7C}\MpKsl16d581e9.sys [x]
R1 MpKsl1a358c63;MpKsl1a358c63;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD4CB6CD-4E59-4862-B9EB-E0D8A86F449E}\MpKsl1a358c63.sys [x]
R1 MpKsl1e1e4312;MpKsl1e1e4312;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3D25A24-A52D-4535-A870-0997ED026D1E}\MpKsl1e1e4312.sys [x]
R1 MpKsl2697ccc3;MpKsl2697ccc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AC12807-9100-4F15-B2C3-934BF412BF56}\MpKsl2697ccc3.sys [x]
R1 MpKsl2d0bf09d;MpKsl2d0bf09d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CFFFBD88-257B-4D1F-B763-0A54D4F016B1}\MpKsl2d0bf09d.sys [x]
R1 MpKsl2da1c538;MpKsl2da1c538;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E94E52B-BADF-40F4-88E0-A525FEA2A01B}\MpKsl2da1c538.sys [x]
R1 MpKsl2e496ba5;MpKsl2e496ba5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF049DCD-37B9-44EC-B055-AE954363631F}\MpKsl2e496ba5.sys [x]
R1 MpKsl2eecc53e;MpKsl2eecc53e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{993D649C-F650-4C8E-BF27-97059E96CCD1}\MpKsl2eecc53e.sys [x]
R1 MpKsl34555bfd;MpKsl34555bfd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF46408F-5FC7-4EAC-B9DF-4C6C65D2D418}\MpKsl34555bfd.sys [x]
R1 MpKsl346b4a04;MpKsl346b4a04;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61687D7-C97F-47BF-A13D-0C2385DC0F80}\MpKsl346b4a04.sys [x]
R1 MpKsl347091bc;MpKsl347091bc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9713675-E092-47B7-8C62-BF6B3F9B1A82}\MpKsl347091bc.sys [x]
R1 MpKsl3d983996;MpKsl3d983996;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F97B95D-05EE-4F1A-A4BA-7819F03554A0}\MpKsl3d983996.sys [x]
R1 MpKsl422d91ab;MpKsl422d91ab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{075A5F4D-7406-4DC4-9066-E9746D3E68B9}\MpKsl422d91ab.sys [x]
R1 MpKsl49d4f13c;MpKsl49d4f13c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55C9F2AA-CD0A-497E-AEB1-F00F581DDD9A}\MpKsl49d4f13c.sys [x]
R1 MpKsl4cb9e0b6;MpKsl4cb9e0b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{066C3CBB-9AD4-4467-886E-2E7E38D0A2F4}\MpKsl4cb9e0b6.sys [x]
R1 MpKsl59917efd;MpKsl59917efd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95208C5C-92DF-4AD4-AFD1-9EE045306EAE}\MpKsl59917efd.sys [x]
R1 MpKsl5fae4cca;MpKsl5fae4cca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22A3F221-A90E-47ED-BDCE-32246BA9F3B7}\MpKsl5fae4cca.sys [x]
R1 MpKsl626b09d7;MpKsl626b09d7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82B0258C-F5D9-46C6-915D-8602B0B963B7}\MpKsl626b09d7.sys [x]
R1 MpKsl62a0cdf5;MpKsl62a0cdf5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFC53692-53D5-41CC-9B27-D6E56D11D0D8}\MpKsl62a0cdf5.sys [x]
R1 MpKsl638a0252;MpKsl638a0252;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AAF28C8-DDAF-449F-9249-C090264AC5A2}\MpKsl638a0252.sys [x]
R1 MpKsl6479926f;MpKsl6479926f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C01DC1D-EE2D-47AA-8305-D80DB956D0B8}\MpKsl6479926f.sys [x]
R1 MpKsl69564d6a;MpKsl69564d6a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C64548EC-D360-4607-9595-125BFEF0659B}\MpKsl69564d6a.sys [x]
R1 MpKsl6a6eaf2e;MpKsl6a6eaf2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95F27134-8D89-4821-94A8-036790CABAA1}\MpKsl6a6eaf2e.sys [x]
R1 MpKsl6b1b1d8c;MpKsl6b1b1d8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6616C321-99F3-42F1-BC9E-6334C985C5A0}\MpKsl6b1b1d8c.sys [x]
R1 MpKsl6c8c2e2c;MpKsl6c8c2e2c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FF200A2-19C4-4C30-A22C-79433705825F}\MpKsl6c8c2e2c.sys [x]
R1 MpKsl6f15749b;MpKsl6f15749b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33FAA0EF-AA07-4F0C-8656-4989D43535E6}\MpKsl6f15749b.sys [x]
R1 MpKsl706d0dff;MpKsl706d0dff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4A8CA1F-4D36-45D0-AC8A-1D5C49FAA117}\MpKsl706d0dff.sys [x]
R1 MpKsl7677b56c;MpKsl7677b56c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38C16826-F41A-4B97-AD2E-F7F09EF3BA3F}\MpKsl7677b56c.sys [x]
R1 MpKsl78ff7cb8;MpKsl78ff7cb8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56B1C953-9822-4972-ACE0-D6C931C64465}\MpKsl78ff7cb8.sys [x]
R1 MpKsl8584b172;MpKsl8584b172;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5BEFB19-509A-4116-BCB6-948BCBDE47D3}\MpKsl8584b172.sys [x]
R1 MpKsl8bbe32ae;MpKsl8bbe32ae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0C43119D-61F1-48C0-9D0A-562B2233C020}\MpKsl8bbe32ae.sys [x]
R1 MpKsl8e80cee2;MpKsl8e80cee2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A053C2BB-7936-45AB-9303-9A2B6FA08D1A}\MpKsl8e80cee2.sys [x]
R1 MpKsl8f085a51;MpKsl8f085a51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D61AF58-B221-490F-BABC-19B76E20DCAB}\MpKsl8f085a51.sys [x]
R1 MpKsla07cae5f;MpKsla07cae5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED7AB65-24DA-4F11-ACC0-FEC4A88FACB9}\MpKsla07cae5f.sys [x]
R1 MpKslac55e845;MpKslac55e845;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6722C6C-7934-437E-B1DF-BE723FC5284B}\MpKslac55e845.sys [x]
R1 MpKsladd9a87f;MpKsladd9a87f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D9D066FE-A73E-4227-B9C3-C0B72E6BED41}\MpKsladd9a87f.sys [x]
R1 MpKslafaae583;MpKslafaae583;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{663C874F-CAF5-4ABD-AC04-3454322EDBE8}\MpKslafaae583.sys [x]
R1 MpKslb03a689f;MpKslb03a689f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D97BF683-21D9-45E4-83E8-478185175B83}\MpKslb03a689f.sys [x]
R1 MpKslb2664874;MpKslb2664874;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D61AF58-B221-490F-BABC-19B76E20DCAB}\MpKslb2664874.sys [x]
R1 MpKslb84b7fe9;MpKslb84b7fe9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8BB6672-4EEA-4DD4-8AD5-32908F2916AA}\MpKslb84b7fe9.sys [x]
R1 MpKslbb5a96c4;MpKslbb5a96c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D900E250-06E2-433F-A633-CBADE5C8675A}\MpKslbb5a96c4.sys [x]
R1 MpKslbe14dd8a;MpKslbe14dd8a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11E6FF64-88C1-45E4-8E43-F15B4892CDE5}\MpKslbe14dd8a.sys [x]
R1 MpKsld856de30;MpKsld856de30;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDF3979E-1BD7-4926-A38C-9EED486A71B6}\MpKsld856de30.sys [x]
R1 MpKslda90f2ec;MpKslda90f2ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0334F3A-04D2-4B40-9113-31457E203743}\MpKslda90f2ec.sys [x]
R1 MpKsldbe94be0;MpKsldbe94be0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{004247A5-F2EE-42BA-99C7-5C420E6E9C59}\MpKsldbe94be0.sys [x]
R1 MpKsle04c894d;MpKsle04c894d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39D98DAC-CFC4-4B54-B2F0-84217C9678B2}\MpKsle04c894d.sys [x]
R1 MpKsle446e661;MpKsle446e661;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A6FBA69-EB36-4ED6-A471-E745178E0743}\MpKsle446e661.sys [x]
R1 MpKsle4b95119;MpKsle4b95119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11EB684A-66B1-4873-A1C0-DE592C45AF28}\MpKsle4b95119.sys [x]
R1 MpKsle5258564;MpKsle5258564;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AFED33F-CF4F-49EF-AFC5-33B0C6017C8E}\MpKsle5258564.sys [x]
R1 MpKsle58f64c2;MpKsle58f64c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8B4295D-4BED-41B0-AF14-950872ACE3D2}\MpKsle58f64c2.sys [x]
R1 MpKsle5989099;MpKsle5989099;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDF3979E-1BD7-4926-A38C-9EED486A71B6}\MpKsle5989099.sys [x]
R1 MpKslf8d23662;MpKslf8d23662;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEA93F7E-9078-4726-B324-7BB02703D153}\MpKslf8d23662.sys [x]
R1 MpKslf97842a6;MpKslf97842a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D523C5A-8ECD-4BBE-947C-6BEC3894759E}\MpKslf97842a6.sys [x]
R1 MpKslfc1ef27c;MpKslfc1ef27c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{962AA1EF-221E-4E13-8940-C1019B6D093E}\MpKslfc1ef27c.sys [x]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0nqah7al.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=09-05-2010&tb_mrud=09-05-2010
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=09-05-2010&tb_mrud=09-05-2010&query=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-03 12:59:21
ComboFix-quarantined-files.txt 2011-12-03 17:59
ComboFix2.txt 2011-02-22 00:37
.
Pre-Run: 64,980,688,896 bytes free
Post-Run: 64,882,864,128 bytes free
.
- - End Of File - - 7ECF055BBC92744921BF8CDACAE08E9C

TDSSKiller:
13:19:04.0561 3580 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:19:04.0701 3580 ============================================================
13:19:04.0701 3580 Current date / time: 2011/12/03 13:19:04.0701
13:19:04.0701 3580 SystemInfo:
13:19:04.0701 3580
13:19:04.0701 3580 OS Version: 6.0.6000 ServicePack: 0.0
13:19:04.0701 3580 Product type: Workstation
13:19:04.0701 3580 ComputerName: USER-PC
13:19:04.0701 3580 UserName: user
13:19:04.0701 3580 Windows directory: C:\Windows
13:19:04.0701 3580 System windows directory: C:\Windows
13:19:04.0701 3580 Processor architecture: Intel x86
13:19:04.0701 3580 Number of processors: 2
13:19:04.0701 3580 Page size: 0x1000
13:19:04.0701 3580 Boot type: Normal boot
13:19:04.0701 3580 ============================================================
13:19:06.0167 3580 Initialize success
13:19:23.0842 3244 ============================================================
13:19:23.0842 3244 Scan started
13:19:23.0842 3244 Mode: Manual;
13:19:23.0842 3244 ============================================================
13:19:25.0605 3244 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
13:19:25.0605 3244 ACPI - ok
13:19:25.0652 3244 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:19:25.0667 3244 adp94xx - ok
13:19:25.0792 3244 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:19:25.0792 3244 adpahci - ok
13:19:25.0855 3244 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:19:25.0855 3244 adpu160m - ok
13:19:25.0901 3244 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:19:25.0901 3244 adpu320 - ok
13:19:25.0995 3244 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
13:19:25.0995 3244 AFD - ok
13:19:26.0104 3244 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
13:19:26.0120 3244 AgereSoftModem - ok
13:19:26.0229 3244 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:19:26.0229 3244 agp440 - ok
13:19:26.0276 3244 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:19:26.0276 3244 aic78xx - ok
13:19:26.0307 3244 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:19:26.0307 3244 aliide - ok
13:19:26.0354 3244 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:19:26.0354 3244 amdagp - ok
13:19:26.0385 3244 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:19:26.0385 3244 amdide - ok
13:19:26.0479 3244 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:19:26.0479 3244 AmdK7 - ok
13:19:26.0525 3244 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:19:26.0525 3244 AmdK8 - ok
13:19:26.0572 3244 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:19:26.0572 3244 arc - ok
13:19:26.0619 3244 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:19:26.0619 3244 arcsas - ok
13:19:26.0697 3244 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:26.0697 3244 AsyncMac - ok
13:19:26.0744 3244 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
13:19:26.0744 3244 atapi - ok
13:19:26.0822 3244 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
13:19:26.0853 3244 Beep - ok
13:19:27.0227 3244 blbdrive - ok
13:19:27.0383 3244 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
13:19:27.0399 3244 bowser - ok
13:19:27.0415 3244 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:19:27.0415 3244 BrFiltLo - ok
13:19:27.0446 3244 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:19:27.0446 3244 BrFiltUp - ok
13:19:27.0477 3244 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:19:27.0493 3244 Brserid - ok
13:19:27.0524 3244 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:19:27.0524 3244 BrSerWdm - ok
13:19:27.0602 3244 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:19:27.0602 3244 BrUsbMdm - ok
13:19:27.0633 3244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:19:27.0633 3244 BrUsbSer - ok
13:19:27.0680 3244 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:19:27.0680 3244 BTHMODEM - ok
13:19:27.0758 3244 catchme - ok
13:19:27.0914 3244 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
13:19:27.0914 3244 cdfs - ok
13:19:27.0961 3244 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
13:19:27.0961 3244 cdrom - ok
13:19:28.0023 3244 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:19:28.0023 3244 circlass - ok
13:19:28.0054 3244 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
13:19:28.0070 3244 CLFS - ok
13:19:28.0148 3244 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:28.0163 3244 CmBatt - ok
13:19:28.0210 3244 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:19:28.0210 3244 cmdide - ok
13:19:28.0257 3244 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
13:19:28.0257 3244 Compbatt - ok
13:19:28.0288 3244 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:19:28.0288 3244 crcdisk - ok
13:19:28.0319 3244 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:19:28.0335 3244 Crusoe - ok
13:19:28.0366 3244 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
13:19:28.0382 3244 DfsC - ok
13:19:28.0585 3244 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
13:19:28.0585 3244 disk - ok
13:19:28.0787 3244 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
13:19:28.0787 3244 Dot4 - ok
13:19:28.0834 3244 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:19:28.0834 3244 Dot4Print - ok
13:19:28.0881 3244 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
13:19:28.0881 3244 dot4usb - ok
13:19:28.0928 3244 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
13:19:28.0943 3244 drmkaud - ok
13:19:29.0021 3244 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
13:19:29.0037 3244 DXGKrnl - ok
13:19:29.0131 3244 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:19:29.0131 3244 E1G60 - ok
13:19:29.0193 3244 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
13:19:29.0193 3244 Ecache - ok
13:19:29.0255 3244 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:19:29.0255 3244 elxstor - ok
13:19:29.0427 3244 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
13:19:29.0427 3244 fastfat - ok
13:19:29.0614 3244 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:19:29.0614 3244 fdc - ok
13:19:29.0770 3244 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
13:19:29.0770 3244 FileInfo - ok
13:19:29.0801 3244 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
13:19:29.0801 3244 Filetrace - ok
13:19:29.0973 3244 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:29.0973 3244 flpydisk - ok
13:19:30.0004 3244 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
13:19:30.0004 3244 FltMgr - ok
13:19:30.0113 3244 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
13:19:30.0113 3244 Fs_Rec - ok
13:19:30.0160 3244 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
13:19:30.0160 3244 FwLnk - ok
13:19:30.0191 3244 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:19:30.0191 3244 gagp30kx - ok
13:19:30.0394 3244 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:19:30.0410 3244 HdAudAddService - ok
13:19:30.0472 3244 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:30.0472 3244 HDAudBus - ok
13:19:30.0503 3244 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:19:30.0503 3244 HidBth - ok
13:19:30.0535 3244 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:19:30.0535 3244 HidIr - ok
13:19:30.0597 3244 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
13:19:30.0597 3244 HidUsb - ok
13:19:30.0628 3244 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:19:30.0628 3244 HpCISSs - ok
13:19:30.0769 3244 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
13:19:30.0769 3244 HTTP - ok
13:19:30.0878 3244 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:19:30.0878 3244 i2omp - ok
13:19:30.0940 3244 i8042prt (4f8db253f45fbd81d431a0e80717782a) C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:30.0940 3244 i8042prt - ok
13:19:31.0081 3244 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:19:31.0159 3244 ialm - ok
13:19:31.0283 3244 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:19:31.0299 3244 iaStorV - ok
13:19:31.0439 3244 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:19:31.0455 3244 igfx - ok
13:19:31.0611 3244 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:19:31.0611 3244 iirsp - ok
13:19:31.0720 3244 IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
13:19:31.0751 3244 IntcAzAudAddService - ok
13:19:31.0845 3244 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
13:19:31.0845 3244 intelide - ok
13:19:31.0892 3244 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:19:31.0892 3244 intelppm - ok
13:19:31.0939 3244 IO_Memory - ok
13:19:32.0048 3244 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:32.0048 3244 IpFilterDriver - ok
13:19:32.0079 3244 IpInIp - ok
13:19:32.0095 3244 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:19:32.0095 3244 IPMIDRV - ok
13:19:32.0126 3244 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
13:19:32.0126 3244 IPNAT - ok
13:19:32.0157 3244 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
13:19:32.0157 3244 IRENUM - ok
13:19:32.0188 3244 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:19:32.0188 3244 isapnp - ok
13:19:32.0282 3244 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
13:19:32.0282 3244 iScsiPrt - ok
13:19:32.0344 3244 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:19:32.0344 3244 iteatapi - ok
13:19:32.0375 3244 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:19:32.0375 3244 iteraid - ok
13:19:32.0422 3244 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:32.0422 3244 kbdclass - ok
13:19:32.0531 3244 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:32.0531 3244 kbdhid - ok
13:19:32.0594 3244 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
13:19:32.0594 3244 KR10I - ok
13:19:32.0625 3244 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
13:19:32.0641 3244 KR10N - ok
13:19:32.0750 3244 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
13:19:32.0765 3244 KR3NPXP - ok
13:19:32.0906 3244 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
13:19:32.0906 3244 KSecDD - ok
13:19:33.0015 3244 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
13:19:33.0015 3244 lltdio - ok
13:19:33.0046 3244 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:19:33.0062 3244 LSI_FC - ok
13:19:33.0093 3244 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:19:33.0093 3244 LSI_SAS - ok
13:19:33.0124 3244 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:19:33.0140 3244 LSI_SCSI - ok
13:19:33.0233 3244 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
13:19:33.0233 3244 luafv - ok
13:19:33.0280 3244 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
13:19:33.0280 3244 MCSTRM - ok
13:19:33.0343 3244 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:19:33.0343 3244 megasas - ok
13:19:33.0374 3244 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
13:19:33.0374 3244 Modem - ok
13:19:33.0499 3244 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
13:19:33.0499 3244 monitor - ok
13:19:33.0545 3244 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
13:19:33.0545 3244 mouclass - ok
13:19:33.0577 3244 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
13:19:33.0577 3244 mouhid - ok
13:19:33.0608 3244 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
13:19:33.0608 3244 MountMgr - ok
13:19:33.0717 3244 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:19:33.0733 3244 MpFilter - ok
13:19:33.0748 3244 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:19:33.0764 3244 mpio - ok
13:19:33.0873 3244 MpKsl0144773b - ok
13:19:33.0904 3244 MpKsl07e973b1 - ok
13:19:33.0920 3244 MpKsl0834f347 - ok
13:19:33.0935 3244 MpKsl11ae70be - ok
13:19:33.0951 3244 MpKsl11d6f00a - ok
13:19:33.0967 3244 MpKsl11ffaeeb - ok
13:19:33.0967 3244 MpKsl16d581e9 - ok
13:19:33.0982 3244 MpKsl1a358c63 - ok
13:19:33.0982 3244 MpKsl1e1e4312 - ok
13:19:33.0998 3244 MpKsl2697ccc3 - ok
13:19:33.0998 3244 MpKsl2d0bf09d - ok
13:19:34.0013 3244 MpKsl2da1c538 - ok
13:19:34.0013 3244 MpKsl2e496ba5 - ok
13:19:34.0029 3244 MpKsl2eecc53e - ok
13:19:34.0029 3244 MpKsl34555bfd - ok
13:19:34.0045 3244 MpKsl346b4a04 - ok
13:19:34.0060 3244 MpKsl347091bc - ok
13:19:34.0076 3244 MpKsl3d983996 - ok
13:19:34.0076 3244 MpKsl422d91ab - ok
13:19:34.0091 3244 MpKsl49d4f13c - ok
13:19:34.0091 3244 MpKsl4cb9e0b6 - ok
13:19:34.0107 3244 MpKsl59917efd - ok
13:19:34.0107 3244 MpKsl5fae4cca - ok
13:19:34.0123 3244 MpKsl626b09d7 - ok
13:19:34.0123 3244 MpKsl62a0cdf5 - ok
13:19:34.0138 3244 MpKsl638a0252 - ok
13:19:34.0216 3244 MpKsl6479926f - ok
13:19:34.0232 3244 MpKsl69564d6a - ok
13:19:34.0232 3244 MpKsl6a6eaf2e - ok
13:19:34.0247 3244 MpKsl6b1b1d8c - ok
13:19:34.0263 3244 MpKsl6c8c2e2c - ok
13:19:34.0263 3244 MpKsl6f15749b - ok
13:19:34.0263 3244 MpKsl706d0dff - ok
13:19:34.0279 3244 MpKsl7677b56c - ok
13:19:34.0279 3244 MpKsl78ff7cb8 - ok
13:19:34.0294 3244 MpKsl8584b172 - ok
13:19:34.0310 3244 MpKsl8bbe32ae - ok
13:19:34.0310 3244 MpKsl8e80cee2 - ok
13:19:34.0325 3244 MpKsl8f085a51 - ok
13:19:34.0325 3244 MpKsla07cae5f - ok
13:19:34.0357 3244 MpKslac55e845 - ok
13:19:34.0357 3244 MpKsladd9a87f - ok
13:19:34.0372 3244 MpKslafaae583 - ok
13:19:34.0372 3244 MpKslb03a689f - ok
13:19:34.0388 3244 MpKslb2664874 - ok
13:19:34.0403 3244 MpKslb84b7fe9 - ok
13:19:34.0403 3244 MpKslbb5a96c4 - ok
13:19:34.0419 3244 MpKslbe14dd8a - ok
13:19:34.0419 3244 MpKsld856de30 - ok
13:19:34.0435 3244 MpKslda90f2ec - ok
13:19:34.0435 3244 MpKsldbe94be0 - ok
13:19:34.0450 3244 MpKsle04c894d - ok
13:19:34.0466 3244 MpKsle446e661 - ok
13:19:34.0466 3244 MpKsle4b95119 - ok
13:19:34.0481 3244 MpKsle5258564 - ok
13:19:34.0481 3244 MpKsle58f64c2 - ok
13:19:34.0497 3244 MpKsle5989099 - ok
13:19:34.0497 3244 MpKslf8d23662 - ok
13:19:34.0513 3244 MpKslf97842a6 - ok
13:19:34.0513 3244 MpKslfc1ef27c - ok
13:19:34.0622 3244 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:19:34.0622 3244 MpNWMon - ok
13:19:34.0669 3244 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
13:19:34.0684 3244 mpsdrv - ok
13:19:34.0700 3244 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:19:34.0700 3244 Mraid35x - ok
13:19:34.0731 3244 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
13:19:34.0747 3244 MRxDAV - ok
13:19:34.0840 3244 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:34.0840 3244 mrxsmb - ok
13:19:34.0887 3244 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:34.0887 3244 mrxsmb10 - ok
13:19:34.0903 3244 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:34.0918 3244 mrxsmb20 - ok
13:19:34.0934 3244 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:19:34.0949 3244 msahci - ok
13:19:35.0027 3244 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:19:35.0027 3244 msdsm - ok
13:19:35.0074 3244 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
13:19:35.0074 3244 Msfs - ok
13:19:35.0105 3244 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
13:19:35.0105 3244 msisadrv - ok
13:19:35.0152 3244 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
13:19:35.0152 3244 MSKSSRV - ok
13:19:35.0183 3244 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:35.0183 3244 MSPCLOCK - ok
13:19:35.0277 3244 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
13:19:35.0277 3244 MSPQM - ok
13:19:35.0308 3244 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
13:19:35.0308 3244 MsRPC - ok
13:19:35.0339 3244 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
13:19:35.0339 3244 mssmbios - ok
13:19:35.0386 3244 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
13:19:35.0386 3244 MSTEE - ok
13:19:35.0417 3244 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
13:19:35.0417 3244 Mup - ok
13:19:35.0589 3244 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
13:19:35.0589 3244 NativeWifiP - ok
13:19:35.0776 3244 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
13:19:35.0792 3244 NDIS - ok
13:19:35.0963 3244 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:35.0963 3244 NdisTapi - ok
13:19:36.0010 3244 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:36.0010 3244 Ndisuio - ok
13:19:36.0057 3244 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:36.0057 3244 NdisWan - ok
13:19:36.0073 3244 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
13:19:36.0088 3244 NDProxy - ok
13:19:36.0104 3244 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
13:19:36.0119 3244 NetBIOS - ok
13:19:36.0135 3244 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
13:19:36.0135 3244 netbt - ok
13:19:36.0400 3244 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
13:19:36.0431 3244 NETw3v32 - ok
13:19:36.0697 3244 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
13:19:36.0743 3244 NETw4v32 - ok
13:19:36.0899 3244 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:19:36.0899 3244 nfrd960 - ok
13:19:36.0931 3244 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
13:19:36.0931 3244 Npfs - ok
13:19:36.0962 3244 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
13:19:36.0962 3244 nsiproxy - ok
13:19:37.0040 3244 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
13:19:37.0055 3244 Ntfs - ok
13:19:37.0149 3244 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:19:37.0149 3244 ntrigdigi - ok
13:19:37.0180 3244 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
13:19:37.0180 3244 Null - ok
13:19:37.0227 3244 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:19:37.0227 3244 nvraid - ok
13:19:37.0258 3244 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:19:37.0258 3244 nvstor - ok
13:19:37.0289 3244 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:19:37.0321 3244 nv_agp - ok
13:19:37.0477 3244 NwlnkFlt - ok
13:19:37.0570 3244 NwlnkFwd - ok
13:19:37.0617 3244 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
13:19:37.0617 3244 ohci1394 - ok
13:19:37.0664 3244 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:19:37.0664 3244 Parport - ok
13:19:37.0695 3244 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
13:19:37.0695 3244 partmgr - ok
13:19:37.0726 3244 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:19:37.0726 3244 Parvdm - ok
13:19:37.0742 3244 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
13:19:37.0742 3244 pci - ok
13:19:37.0773 3244 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
13:19:37.0773 3244 pciide - ok
13:19:37.0882 3244 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
13:19:37.0882 3244 pcmcia - ok
13:19:37.0960 3244 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:19:37.0976 3244 PEAUTH - ok
13:19:38.0101 3244 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
13:19:38.0101 3244 PptpMiniport - ok
13:19:38.0147 3244 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:19:38.0147 3244 Processor - ok
13:19:38.0225 3244 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
13:19:38.0225 3244 PSched - ok
13:19:38.0319 3244 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
13:19:38.0319 3244 PxHelp20 - ok
13:19:38.0381 3244 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:19:38.0397 3244 ql2300 - ok
13:19:38.0475 3244 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:19:38.0475 3244 ql40xx - ok
13:19:38.0522 3244 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
13:19:38.0522 3244 QWAVEdrv - ok
13:19:38.0569 3244 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
13:19:38.0569 3244 RasAcd - ok
13:19:38.0600 3244 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:19:38.0600 3244 Rasl2tp - ok
13:19:38.0631 3244 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
13:19:38.0631 3244 RasPppoe - ok
13:19:38.0647 3244 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
13:19:38.0647 3244 rdbss - ok
13:19:38.0803 3244 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:38.0803 3244 RDPCDD - ok
13:19:38.0834 3244 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:19:38.0849 3244 rdpdr - ok
13:19:39.0005 3244 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
13:19:39.0005 3244 RDPENCDD - ok
13:19:39.0052 3244 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
13:19:39.0052 3244 RDPWD - ok
13:19:39.0099 3244 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
13:19:39.0099 3244 rspndr - ok
13:19:39.0130 3244 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:19:39.0130 3244 sbp2port - ok
13:19:39.0193 3244 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
13:19:39.0193 3244 sdbus - ok
13:19:39.0286 3244 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:19:39.0286 3244 secdrv - ok
13:19:39.0317 3244 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:19:39.0317 3244 Serenum - ok
13:19:39.0349 3244 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:19:39.0349 3244 Serial - ok
13:19:39.0380 3244 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
13:19:39.0395 3244 sermouse - ok
13:19:39.0427 3244 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
13:19:39.0427 3244 sffdisk - ok
13:19:39.0536 3244 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:19:39.0536 3244 sffp_mmc - ok
13:19:39.0551 3244 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:19:39.0551 3244 sffp_sd - ok
13:19:39.0583 3244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
13:19:39.0583 3244 sfloppy - ok
13:19:39.0614 3244 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:19:39.0629 3244 sisagp - ok
13:19:39.0645 3244 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:19:39.0645 3244 SiSRaid2 - ok
13:19:39.0739 3244 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:19:39.0739 3244 SiSRaid4 - ok
13:19:39.0770 3244 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
13:19:39.0770 3244 Smb - ok
13:19:39.0801 3244 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
13:19:39.0801 3244 spldr - ok
13:19:39.0848 3244 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys
13:19:39.0848 3244 SRS_SSCFilter - ok
13:19:39.0957 3244 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
13:19:39.0957 3244 srv - ok
13:19:40.0019 3244 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
13:19:40.0019 3244 srv2 - ok
13:19:40.0051 3244 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
13:19:40.0066 3244 srvnet - ok
13:19:40.0144 3244 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
13:19:40.0144 3244 swenum - ok
13:19:40.0222 3244 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:19:40.0222 3244 Symc8xx - ok
13:19:40.0253 3244 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:19:40.0269 3244 Sym_hi - ok
13:19:40.0285 3244 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:19:40.0285 3244 Sym_u3 - ok
13:19:40.0378 3244 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
13:19:40.0378 3244 SynTP - ok
13:19:40.0487 3244 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
13:19:40.0503 3244 Tcpip - ok
13:19:40.0675 3244 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
13:19:40.0675 3244 Tcpip6 - ok
13:19:40.0831 3244 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
13:19:40.0846 3244 tcpipreg - ok
13:19:40.0924 3244 TcUsb (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys
13:19:40.0924 3244 TcUsb - ok
13:19:40.0971 3244 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:19:40.0971 3244 tdcmdpst - ok
13:19:40.0987 3244 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
13:19:41.0002 3244 TDPIPE - ok
13:19:41.0049 3244 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
13:19:41.0049 3244 TDTCP - ok
13:19:41.0065 3244 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
13:19:41.0080 3244 tdx - ok
13:19:41.0143 3244 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
13:19:41.0143 3244 TermDD - ok
13:19:41.0221 3244 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
13:19:41.0236 3244 tifm21 - ok
13:19:41.0314 3244 Tosrfcom - ok
13:19:41.0377 3244 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:41.0377 3244 tssecsrv - ok
13:19:41.0423 3244 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
13:19:41.0423 3244 tunmp - ok
13:19:41.0470 3244 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
13:19:41.0470 3244 tunnel - ok
13:19:41.0626 3244 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:19:41.0626 3244 TVALZ - ok
13:19:41.0689 3244 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:19:41.0704 3244 uagp35 - ok
13:19:41.0720 3244 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
13:19:41.0735 3244 udfs - ok
13:19:41.0782 3244 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:19:41.0782 3244 uliagpkx - ok
13:19:41.0829 3244 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:19:41.0829 3244 uliahci - ok
13:19:41.0891 3244 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:19:41.0907 3244 UlSata - ok
13:19:41.0923 3244 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:19:41.0923 3244 ulsata2 - ok
13:19:41.0954 3244 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
13:19:41.0954 3244 umbus - ok
13:19:42.0016 3244 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
13:19:42.0016 3244 usbbus - ok
13:19:42.0047 3244 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
13:19:42.0047 3244 usbccgp - ok
13:19:42.0141 3244 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:19:42.0157 3244 usbcir - ok
13:19:42.0219 3244 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
13:19:42.0219 3244 UsbDiag - ok
13:19:42.0297 3244 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
13:19:42.0297 3244 usbehci - ok
13:19:42.0359 3244 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
13:19:42.0359 3244 usbhub - ok
13:19:42.0406 3244 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
13:19:42.0422 3244 USBModem - ok
13:19:42.0469 3244 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:19:42.0469 3244 usbohci - ok
13:19:42.0515 3244 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
13:19:42.0515 3244 usbprint - ok
13:19:42.0562 3244 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
13:19:42.0562 3244 usbscan - ok
13:19:42.0781 3244 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:42.0781 3244 USBSTOR - ok
13:19:42.0859 3244 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys
13:19:42.0859 3244 usbuhci - ok
13:19:42.0905 3244 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
13:19:42.0905 3244 usbvideo - ok
13:19:42.0983 3244 UVCFTR (0d09f77f46dd3be73c3e5949428d6995) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
13:19:42.0983 3244 UVCFTR - ok
13:19:43.0155 3244 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:43.0155 3244 vga - ok
13:19:43.0217 3244 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
13:19:43.0217 3244 VgaSave - ok
13:19:43.0249 3244 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:19:43.0264 3244 viaagp - ok
13:19:43.0295 3244 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:19:43.0295 3244 ViaC7 - ok
13:19:43.0342 3244 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:19:43.0342 3244 viaide - ok
13:19:43.0373 3244 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
13:19:43.0373 3244 volmgr - ok
13:19:43.0436 3244 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
13:19:43.0451 3244 volmgrx - ok
13:19:43.0529 3244 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
13:19:43.0529 3244 volsnap - ok
13:19:43.0561 3244 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:19:43.0576 3244 vsmraid - ok
13:19:43.0623 3244 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:19:43.0623 3244 WacomPen - ok
13:19:43.0685 3244 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:43.0685 3244 Wanarp - ok
13:19:43.0717 3244 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:43.0717 3244 Wanarpv6 - ok
13:19:43.0795 3244 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:19:43.0795 3244 Wd - ok
13:19:43.0857 3244 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:19:43.0873 3244 Wdf01000 - ok
13:19:44.0060 3244 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:19:44.0075 3244 WmiAcpi - ok
13:19:44.0200 3244 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
13:19:44.0200 3244 WpdUsb - ok
13:19:44.0247 3244 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
13:19:44.0247 3244 ws2ifsl - ok
13:19:44.0309 3244 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:44.0309 3244 WUDFRd - ok
13:19:44.0356 3244 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
13:19:44.0356 3244 yukonwlh - ok
13:19:44.0387 3244 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:19:44.0403 3244 \Device\Harddisk0\DR0 - ok
13:19:44.0403 3244 Boot (0x1200) (35cd2fdedb820416032f59034238e60b) \Device\Harddisk0\DR0\Partition0
13:19:44.0403 3244 \Device\Harddisk0\DR0\Partition0 - ok
13:19:44.0419 3244 ============================================================
13:19:44.0419 3244 Scan finished
13:19:44.0419 3244 ============================================================
13:19:44.0434 2192 Detected object count: 0
13:19:44.0434 2192 Actual detected object count: 0
13:20:23.0512 3608 Deinitialize success

aswMBR:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-03 13:20:32
-----------------------------
13:20:32.420 OS Version: Windows 6.0.6000
13:20:32.420 Number of processors: 2 586 0xF02
13:20:32.420 ComputerName: USER-PC UserName: user
13:20:52.669 Initialize success
13:21:54.639 AVAST engine defs: 11120301
13:22:34.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:22:34.403 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 3
13:22:36.447 Disk 0 MBR read successfully
13:22:36.447 Disk 0 MBR scan
13:22:36.509 Disk 0 Windows VISTA default MBR code
13:22:36.525 Disk 0 scanning sectors +234434560
13:22:36.603 Disk 0 scanning C:\Windows\system32\drivers
13:22:39.473 File: C:\Windows\system32\drivers\i8042prt.sys **INFECTED** Win32:Aluroot [Rtk]
13:22:47.273 Service scanning
13:22:48.989 Modules scanning
13:22:56.618 Scan finished successfully
13:24:54.142 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
13:24:54.142 The log file has been saved successfully to "C:\aswMBR.txt"

Thanks for your help so far
Tom

#20
RKinner

Posted 03 December 2011 - 01:07 PM

Malware Expert

Expert
24,625 posts

Combofix took care of Zero Access.

aswMBR reports that the i8042prt.sys driver is infected which explains what happened to the keyboard. Let's see if there is another on your PC:

Copy the text in the code box by highlighting and Ctrl + c


/md5start
i8042prt.sys
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will NOT reboot the PC when it is done. Save the log and copy and paste it to a reply.

#21
t_coop

Posted 03 December 2011 - 05:14 PM

Member

Topic Starter
Member
46 posts

Ran OTL with the copied text. Keyboard and touch pad are not working. Here is the OTL log:

OTL logfile created on: 12/3/2011 5:54:29 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.44 Mb Total Physical Memory | 402.28 Mb Available Physical Memory | 39.69% Memory free
2.22 Gb Paging File | 1.51 Gb Available in Paging File | 67.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.51 Gb Free Space | 55.76% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/03 17:53:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/02/13 15:20:14 | 000,325,000 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/05 10:39:54 | 000,042,288 | ---- | M] () -- C:\Program Files\Offline Course Player\OlpSynch.exe
PRC - [2008/06/17 18:58:46 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2007/10/29 06:02:38 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 20:50:08 | 004,374,528 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/02 17:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/12/11 11:11:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006/12/11 11:11:54 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/12/03 18:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/29 15:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/09/05 10:39:54 | 000,042,288 | ---- | M] () -- C:\Program Files\Offline Course Player\OlpSynch.exe
MOD - [2006/12/11 11:11:54 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006/05/25 15:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\iptk.dll
MOD - [2005/12/29 10:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/10/02 20:20:50 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/06/17 18:58:46 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/04/07 16:24:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/02/02 17:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/02/14 01:34:44 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/09 12:54:53 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/26 09:25:12 | 000,039,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2007/01/26 19:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 03:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 03:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/19 11:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...rud=09-05-2010"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://slirsredirect...05-2010&query="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\user\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\user\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\user\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 13:01:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 13:53:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 11:38:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\user\AppData\Roaming\Move Networks [2009/12/03 09:38:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 13:01:30 | 000,000,000 | ---D | M]

[2008/08/26 17:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/11/17 23:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\0nqah7al.default\extensions
[2011/11/17 23:38:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\0nqah7al.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/09/29 17:00:46 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\0nqah7al.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/11/08 22:52:23 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\0nqah7al.default\extensions\[email protected]
[2009/06/15 11:21:21 | 000,004,207 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0nqah7al.default\searchplugins\aim-search.xml
[2010/05/08 20:26:50 | 000,002,343 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0nqah7al.default\searchplugins\aol-search.xml
[2011/11/09 13:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/09 13:53:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/23 20:17:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/02/19 04:00:02 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOlp32.dll
[2011/10/05 09:12:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13:53:34 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/03 12:56:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files\Offline Course Player\OlpSynch.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer = 10.61.0.98 10.61.0.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFDDB606-8004-4245-8C89-96E4B5F69980}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/03 17:53:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/12/03 12:59:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/03 12:59:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2011/11/30 17:53:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/30 17:53:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/30 17:53:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/11/30 17:53:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/30 17:53:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/30 17:52:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2011/11/30 17:52:12 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2011/11/30 17:51:57 | 004,321,290 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2007/05/20 15:56:25 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2007/05/20 15:56:25 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2007/05/20 15:56:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2007/05/20 15:56:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2007/05/20 15:56:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2007/05/20 15:56:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2007/05/20 15:56:23 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2007/05/20 15:56:23 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2007/05/20 15:56:23 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2007/05/20 15:56:22 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2007/05/20 15:56:21 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2007/05/20 15:56:20 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2007/05/20 15:56:20 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/03 17:53:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/12/03 17:46:43 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 17:46:43 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/03 17:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/03 17:46:29 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 13:24:54 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/03 12:56:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/30 17:49:43 | 000,008,108 | -HS- | M] () -- C:\ProgramData\r8wr47l8ha3xng
[2011/11/30 17:49:42 | 000,008,108 | -HS- | M] () -- C:\Users\user\AppData\Local\r8wr47l8ha3xng
[2011/11/30 17:43:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2011/11/30 17:43:30 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2011/11/29 21:06:17 | 154,985,926 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/29 20:59:02 | 004,321,290 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2011/11/28 18:44:58 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/28 18:44:58 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/20 21:59:30 | 000,002,587 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
[2011/11/07 08:20:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 13:24:54 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/03 12:16:11 | 1063,313,408 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/30 17:53:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/30 17:53:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/30 17:53:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/30 17:53:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/30 17:53:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/29 21:05:55 | 154,985,926 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/27 22:04:51 | 000,008,108 | -HS- | C] () -- C:\Users\user\AppData\Local\r8wr47l8ha3xng
[2011/11/27 22:04:51 | 000,008,108 | -HS- | C] () -- C:\ProgramData\r8wr47l8ha3xng
[2010/07/15 13:00:38 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/07/14 12:14:18 | 000,201,384 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/07/14 12:14:18 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2008/04/07 17:13:29 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/14 01:34:44 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\i8042prt.sys
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/09 00:47:30 | 000,000,681 | ---- | C] () -- C:\Windows\mozver.dat
[2008/01/16 18:01:23 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/11/20 16:11:26 | 000,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2007/11/20 16:11:26 | 000,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2007/11/20 16:11:26 | 000,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2007/11/20 16:11:26 | 000,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2007/11/18 19:02:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/10/18 09:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/06/12 06:57:09 | 000,012,288 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/20 18:07:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/05/20 15:56:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2007/03/25 11:10:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/03/25 11:10:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/03/25 11:10:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/03/25 11:10:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/02 14:01:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/03/02 14:01:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/03/02 14:01:08 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/03/02 14:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/03/02 14:01:08 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/03/02 14:01:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/02/28 15:47:07 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/02/28 14:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/02/28 14:50:50 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/01/31 19:03:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2006/12/05 16:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/30 11:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,744,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,648 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,024 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 03:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========

< MD5 for: I8042PRT.SYS >
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/02/14 01:34:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008/02/14 01:34:45 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008/02/14 01:34:44 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/02/14 01:34:45 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/02/14 01:34:44 | 000,054,784 | ---- | M] () MD5=4F8DB253F45FBD81D431A0E80717782A -- C:\Windows\System32\drivers\i8042prt.sys
[2008/02/14 01:34:43 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/02/14 01:34:43 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2C6A77F3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:89C6F032
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:172EB9B5
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:5804A24D

< End of report >

#22
RKinner

Posted 03 December 2011 - 06:31 PM

Malware Expert

Expert
24,625 posts

If we are lucky then Windows can fix it for us as the good files are still on your system:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


sfc  /scannow

Reboot. Does the keyboard work now?

IF not we can have OTL replace the file for us. There are two candidates and I'm not sure which is the correct one so we may have to try it twice.

Copy the text in the code box by highlighting and Ctrl + c


:files
C:\Windows\System32\drivers\i8042prt.sys|C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
     
:Commands
[Reboot]


:files
C:\Windows\System32\drivers\i8042prt.sys|C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
     
:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

We still have two files that OTL didn't or couldn't get.

Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\ProgramData\r8wr47l8ha3xng
C:\Users\user\AppData\Local\r8wr47l8ha3xng

******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.

Ron

#23
t_coop

Posted 03 December 2011 - 08:07 PM

Member

Topic Starter
Member
46 posts

Success, I have the keyboard and touch pad back after running the sfc /scannow. Here is the avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\ProgramData\r8wr47l8ha3xng" deleted successfully.
File "C:\Users\user\AppData\Local\r8wr47l8ha3xng" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Thanks again for your help Ron,

Tom

#24
RKinner

Posted 03 December 2011 - 08:53 PM

Malware Expert

Expert
24,625 posts

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

We need to cleanup System Restore:

Copy the following:


:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

Any sign of the infection?

#25
t_coop

Posted 06 December 2011 - 05:14 PM

Member

Topic Starter
Member
46 posts

TDSSKiller detected 4 threats, KR10I, KR10N, KR3NPXP, and MCSTRM. I kept the SKIP option on all them. Ran OTL with the enclosed script. There are no other problems that I can see.

Thanks,

Tom

#26
RKinner

Posted 06 December 2011 - 05:18 PM

Malware Expert

Expert
24,625 posts

All good files.

I think we are done.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron