Member Avatar for Valium1989

Ok,

Not sure if you require specs, but a few main ones are;

Dell XPS M1530
Windows Vista 32-bit

This problem started a few days ago, i can honestly say i don't have a clue how it started. I lent my laptop too my brother one day... day later suddenly BOOM, 100 problems launched in my face.

The problem i'm having is that when ever i open up the Internet i get 2 pop ups that pop up twice (opening 2 seperate internet windows) See attachments.

The problem has now gotten far worse which i think is because of this. My laptop now takes about 10 minutes too fully boot up (from about 2minutes). Everything in general on the laptop is slow, opening applications is hard, sometimes causing the laptop too now go to the Blue Screen of Death.

The laptop itself used too run as smooth as ever, internet / applications / games, you name it.

In following the things i should do before posting i had a problem getting the first .txt from the GMER Rootkit scanner. Everytime i opened it, it would either run then crash or it would open then go to Blue screen of death, sorry i couldn't get it.

I was able to get the 2nd .txt for GMER Rootkit by running in safe mode.

Everything else i was successfull in completing.

The MBAM Log was ran in safemode, finding nothing, not sure if i should try running this again normally booting up?) It's just extremely hard with how bad the computer runs now, most times it will just BSOD on me.

Not much more i can say, i was going too Restore, but 1. i don't make restore points, and 2. i don't think it would get rid of any virus's or that anyway.


GMER LOG 2 (with - Sections, IAT/EAT unticked)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-22 18:04:03
Windows 6.0.6001 Service Pack 1
Running: 3d34jwcw.exe; Driver: C:\Users\Me\AppData\Local\Temp\pxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x87D0CCDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x87D0CECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x87D0C982]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x87D0D0D6]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cdd9a64
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x29 0xCC 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA6 0x43 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x67 0x4E 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e4cdd9a64 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEE 0x29 0xCC 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA6 0x43 0x1D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x51 0x67 0x4E 0x7C ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 8664
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 8665

---- EOF - GMER 1.0.15 ----


MBAM LOG - 2010-06-22

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

22/06/2010 19:13:38
mbam-log-2010-06-22 (19-13-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 258619
Time elapsed: 57 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS;


DDS (Ver_10-03-17.01) - NTFSx86
Run by Me at 20:01:45.24 on 22/06/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2045.1158 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Me\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = N1ghtHawk
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WebcamMaxAutoRun] "c:\program files\webcammax\WebcamMax.exe" -a
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Korean IME Migration] c:\progra~1\common~1\micros~1\ime12\imekr\IMKRMIG.EXE /UNINSTALL
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Microsoft Excel? ????(&X) - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\me\appdata\roaming\mozilla\firefox\profiles\5b18j25d.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-22 207280]
R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2010-3-2 22016]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 MpKsl4e74fca8;MpKsl4e74fca8;c:\programdata\microsoft\microsoft antimalware\definition updates\{dd8ee29c-be1c-4669-9b53-321ff1d08324}\MpKsl4e74fca8.sys [2010-6-22 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_c09c50a2\AEstSrv.exe [2009-7-16 73728]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-22 112592]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-9-11 95896]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-22 358600]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-22 1141200]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]

=============== Created Last 30 ================

2010-06-22 17:10:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-22 17:10:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-22 17:10:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-22 15:06:54 0 d-----w- c:\program files\Microsoft Security Essentials
2010-06-22 00:52:11 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-22 00:52:09 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-22 00:52:09 880 ----a-w- c:\windows\RegISSImport.xml
2010-06-22 00:52:09 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-22 00:52:09 131 ----a-w- c:\windows\IDB.zip
2010-06-22 00:52:09 1152470 ----a-w- c:\windows\UDB.zip
2010-06-22 00:52:08 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-22 00:52:08 1636304 ----a-w- c:\windows\PCTBDCore.dll
2010-06-22 00:49:20 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-22 00:49:20 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-06-22 00:49:20 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-22 00:48:57 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-06-22 00:48:56 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-22 00:48:56 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-06-22 00:48:56 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-22 00:48:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-06-22 00:48:29 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-22 00:47:33 0 d-----w- c:\program files\common files\PC Tools
2010-06-22 00:47:31 0 d-----w- c:\users\me\appdata\roaming\PC Tools
2010-06-22 00:47:31 0 d-----w- c:\programdata\PC Tools
2010-06-22 00:47:31 0 d-----w- c:\program files\Spyware Doctor
2010-06-22 00:46:36 0 d---a-w- c:\programdata\TEMP
2010-06-21 19:30:47 0 d-----w- c:\users\me\appdata\roaming\Malwarebytes
2010-06-21 19:30:27 0 d-----w- c:\programdata\Malwarebytes
2010-06-21 18:34:14 273235425 ----a-w- c:\windows\MEMORY.DMP
2010-06-21 09:26:46 0 d-----w- c:\program files\Tizer™ Rootkit Razor
2010-06-17 20:57:06 0 d-----w- c:\users\me\appdata\roaming\WebcamMax
2010-06-17 20:57:06 0 d-----w- c:\programdata\WebcamMax
2010-06-17 20:56:32 0 d-----w- c:\program files\WebcamMax
2010-06-16 20:41:52 0 d-----w- c:\program files\common files\DVDVideoSoft
2010-06-16 20:41:51 0 d-----w- c:\program files\DVDVideoSoft
2010-06-13 17:20:21 0 d-----w- c:\users\me\appdata\roaming\MessengerDiscovery 2
2010-06-13 17:16:00 0 d-----w- c:\programdata\MessengerDiscovery 2
2010-06-13 17:15:59 0 d-----w- c:\program files\MessengerDiscovery 2
2010-06-06 20:10:19 0 d-----w- c:\program files\common files\PX Storage Engine
2010-06-05 19:20:30 0 d-----w- c:\program files\Microsoft
2010-06-05 16:49:32 0 d-----w- c:\programdata\Messenger Plus!
2010-06-05 16:47:28 0 d-----w- c:\program files\Messenger Plus! Live
2010-05-31 09:02:28 0 d-----w- c:\program files\Frameworkx
2010-05-30 22:18:25 0 d-----w- c:\windows\pss
2010-05-30 21:05:22 0 d-----w- c:\program files\MTA San Andreas
2010-05-30 20:37:35 0 d-----w- c:\program files\Rockstar Games
2010-05-30 14:13:22 0 d--h--w- c:\windows\msdownld.tmp
2010-05-30 13:34:39 0 d-----w- c:\program files\League Of Legends
2010-05-30 13:31:10 0 d-----w- c:\programdata\PMB Files
2010-05-30 13:30:46 0 d-----w- c:\program files\Pando Networks
2010-05-30 13:19:38 0 d-----w- c:\users\me\appdata\roaming\LolClient
2010-05-30 09:02:28 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-05-30 09:02:28 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-05-30 09:02:26 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-05-30 09:02:26 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-05-30 09:02:24 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-05-28 21:07:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-28 20:25:21 0 d-----w- c:\programdata\ESET
2010-05-28 20:25:21 0 d-----w- c:\program files\ESET
2010-05-27 15:44:04 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-27 15:32:30 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-27 10:12:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-27 10:11:02 0 d-----w- c:\program files\DAEMON Tools Lite
2010-05-27 10:10:11 0 d-----w- c:\users\me\appdata\roaming\DAEMON Tools Lite
2010-05-27 10:10:09 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-05-26 15:21:23 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-26 15:21:23 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-25 19:32:04 0 d-----w- c:\program files\common files\Steam
2010-05-25 19:31:50 0 d-----w- c:\program files\Steam
2010-05-25 18:33:01 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 12:25:39 0 d-----w- c:\program files\Counter-Strike 1.6
2010-05-24 01:04:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-05-23 23:33:14 0 d-----w- c:\programdata\Kaspersky Lab
2010-05-23 23:30:44 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-05-23 22:56:32 843776 ----a-w- c:\windows\MSNImport.exe

==================== Find3M ====================

2010-06-22 15:03:13 27554 ----a-w- c:\programdata\nvModes.dat
2010-05-25 15:26:54 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-25 15:26:54 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-25 15:26:54 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-12 01:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 18:32:38 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-16 06:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 11:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-11-01 17:33:00 174 --sha-w- c:\program files\desktop.ini
2009-11-01 17:24:01 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:07:05.12 ===============


ATTACH;


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16/07/2009 19:23:17
System Uptime: 22/06/2010 19:31:48 (1 hours ago)

Motherboard: Dell Inc. | | 0XR148
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 37.295 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
Bonjour
Browser Defender 2.0.6.10
Counter-Strike
Counter-Strike: Source
Dell Touchpad
ESET NOD32 Antivirus
Free 3GP Video Converter version 3.5
GTA San Andreas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Laptop Integrated Webcam Driver (1.04.01.1011)
League of Legends
LimeWire 5.2.13
Malwarebytes' Anti-Malware
Marvell Miniport Driver
mCore
mDriver
Messenger Plus! Live
MessengerDiscovery 2.5.95
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mMHouse
Mozilla Firefox (3.5.9)
mPfMgr
MSVCRT
MTA:SA v1.0.3
mWMI
Nero 6 Demo
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenAL
Pando Media Booster
Project64 1.6
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
Security Update for CAPICOM (KB931906)
SigmaTel Audio
Spotify
Spyware Doctor 7.0
Steam
Tizer™ Rootkit Razor
TouchChip USB Driver 2.6
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981726)
Vista Shortcut Manager
VLC media player 1.0.1
WebcamMax
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

19/06/2010 19:43:39, Error: EventLog [6008] - The previous system shutdown at 19:41:45 on 19/06/2010 was unexpected.
19/06/2010 19:04:31, Error: Microsoft-Windows-WMPNSS-Service [14370] - A device with IP address '192.168.1.7' failed to register itself for protected content retrieval due to unknown error '0xc00d28af'.
19/06/2010 18:59:56, Error: EventLog [6008] - The previous system shutdown at 18:56:01 on 19/06/2010 was unexpected.
18/06/2010 20:20:31, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17/06/2010 17:52:47, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
17/06/2010 15:10:49, Error: Microsoft-Windows-WMPNSS-Service [14370] - A device with IP address '192.168.1.3' failed to register itself for protected content retrieval due to unknown error '0xc00d28af'.
17/06/2010 14:38:25, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
17/06/2010 14:26:50, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001DE03685AD. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
15/06/2010 04:01:30, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

Problem_1.jpg 10.87 KB Problem_2.jpg 67.87 KB
  • 4 Contributors
  • 6 Replies
  • 387 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by Biker920
Member Avatar for PhilliePhan


The problem i'm having is that when ever i open up the Internet i get 2 pop ups that pop up twice (opening 2 seperate internet windows) See attachments.

If I am not mistaken, that blocked url is indicative of a TDSS rootkit infection.

If it were my machine, I'd wipe it and reinstall Windows.... But, if that is not an option for you, you can try either of these options:

1) Please download TDSSKiller.zip and Extract TDSSKiller.exe from the ZIP to your Desktop.
-- Click START > RUN and type or Copy&Paste the following command into the Run Box and hit ENTER.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\LogIt.txt -v

Let the tool run. If you get a Hidden service detected message, DO NOT take any action. Just press ENTER and allow the tool to continue.

Once it finishes, please post the C:\LogIt.txt for me.

If that fails, try option 2:


2) Download and run Hitman Pro 3
That should detect and remove this.

I'll try to check back as time permits.

Best Luck :)
PP

Edited by PhilliePhan because: The Usual. . . .
Member Avatar for mrlambo

Oh, you are running so many processes, your computer system must be slow and in danger, the processes I checked just now, wmiprvse.exe, is a bad thing, I don't know how to remove it from task manager.

Now I know that. you may meet a big problem, check out

Member Avatar for Valium1989

TDSKIller Log;

12:46:57:843 5392 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
12:46:57:844 5392 ================================================================================
12:46:57:844 5392 SystemInfo:

12:46:57:844 5392 OS Version: 6.0.6001 ServicePack: 1.0
12:46:57:844 5392 Product type: Workstation
12:46:57:844 5392 ComputerName: ME-PC
12:46:57:845 5392 UserName: Me
12:46:57:845 5392 Windows directory: C:\Windows
12:46:57:845 5392 Processor architecture: Intel x86
12:46:57:845 5392 Number of processors: 2
12:46:57:845 5392 Page size: 0x1000
12:46:57:848 5392 Boot type: Normal boot
12:46:57:848 5392 ================================================================================
12:47:13:020 5392 Initialize success
12:47:13:021 5392
12:47:13:021 5392 Scanning Services ...
12:47:14:230 5392 Raw services enum returned 436 services
12:47:14:254 5392
12:47:14:255 5392 Scanning Drivers ...
12:47:14:984 5392 1UnHooker (d26956eb27d6c4990bc3ddc4cae63ea0) C:\Windows\system32\DRIVERS\1UnHooker.sys
12:47:15:134 5392 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
12:47:15:226 5392 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:47:15:340 5392 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:47:15:455 5392 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:47:15:552 5392 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:47:15:650 5392 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
12:47:15:765 5392 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:47:15:860 5392 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:47:15:951 5392 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
12:47:16:027 5392 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:47:16:087 5392 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
12:47:16:198 5392 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:47:16:295 5392 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:47:16:387 5392 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:47:16:483 5392 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:47:16:598 5392 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:47:16:694 5392 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:16:834 5392 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
12:47:16:943 5392 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:47:17:101 5392 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
12:47:17:167 5392 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:47:17:282 5392 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:47:17:381 5392 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:47:17:484 5392 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:47:17:702 5392 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:47:17:808 5392 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:47:17:946 5392 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
12:47:18:022 5392 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:47:18:167 5392 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
12:47:18:321 5392 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
12:47:18:421 5392 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
12:47:18:523 5392 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:47:18:631 5392 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
12:47:18:732 5392 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:47:18:864 5392 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
12:47:18:991 5392 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:19:092 5392 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
12:47:19:201 5392 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:47:19:291 5392 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:47:19:371 5392 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:47:19:484 5392 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
12:47:19:607 5392 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
12:47:19:687 5392 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:47:19:771 5392 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
12:47:19:877 5392 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:47:20:035 5392 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys
12:47:20:128 5392 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
12:47:20:177 5392 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys
12:47:20:294 5392 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:47:20:453 5392 epfwwfpr (edce64430652f6a0bbccc348e2713fc3) C:\Windows\system32\DRIVERS\epfwwfpr.sys
12:47:20:551 5392 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
12:47:20:675 5392 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
12:47:20:802 5392 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:47:20:897 5392 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:47:20:992 5392 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:47:21:113 5392 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:21:254 5392 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
12:47:21:349 5392 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:47:21:438 5392 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:47:21:531 5392 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:47:21:619 5392 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:47:21:764 5392 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:47:21:827 5392 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:47:21:898 5392 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:47:22:053 5392 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
12:47:22:164 5392 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:47:22:280 5392 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
12:47:22:519 5392 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:47:22:650 5392 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:47:22:727 5392 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:47:22:868 5392 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:47:22:962 5392 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:47:23:048 5392 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:47:23:136 5392 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:23:289 5392 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:47:23:413 5392 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:47:23:536 5392 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:47:23:605 5392 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:47:23:761 5392 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
12:47:23:848 5392 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:47:23:911 5392 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:47:24:017 5392 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:47:24:090 5392 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:47:24:188 5392 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
12:47:24:299 5392 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
12:47:24:412 5392 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:47:24:527 5392 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:47:24:610 5392 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:47:24:672 5392 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:47:24:780 5392 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:47:24:946 5392 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:47:25:044 5392 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:47:25:149 5392 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:47:25:277 5392 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:47:25:353 5392 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:47:25:458 5392 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:47:25:543 5392 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\Windows\system32\DRIVERS\MpFilter.sys
12:47:25:636 5392 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:47:25:743 5392 MpNWMon (77075a384a94b83e19d78efbcf8a832e) C:\Windows\system32\DRIVERS\MpNWMon.sys
12:47:25:848 5392 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:47:25:906 5392 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:47:26:013 5392 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
12:47:26:177 5392 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:26:247 5392 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:26:308 5392 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:26:391 5392 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
12:47:26:504 5392 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:47:26:606 5392 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:47:26:703 5392 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:47:26:803 5392 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:47:26:946 5392 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:27:019 5392 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:47:27:122 5392 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
12:47:27:238 5392 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:47:27:354 5392 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:47:27:462 5392 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
12:47:27:516 5392 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
12:47:27:653 5392 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
12:47:28:098 5392 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:28:333 5392 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:47:28:440 5392 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
12:47:28:599 5392 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:47:28:663 5392 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:47:28:778 5392 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
12:47:28:973 5392 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
12:47:29:193 5392 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:47:29:307 5392 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
12:47:29:416 5392 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:47:29:592 5392 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
12:47:29:750 5392 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:47:29:854 5392 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:47:30:203 5392 nvlddmkm (64fa050c9ce122792eed58b275d07c55) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:47:30:964 5392 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
12:47:31:053 5392 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
12:47:31:148 5392 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:47:31:368 5392 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
12:47:31:442 5392 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
12:47:31:545 5392 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
12:47:31:610 5392 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:47:31:704 5392 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
12:47:31:782 5392 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:47:31:903 5392 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
12:47:31:975 5392 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
12:47:32:094 5392 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:47:32:235 5392 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:47:32:387 5392 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:47:32:489 5392 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:47:32:621 5392 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
12:47:32:798 5392 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:47:32:944 5392 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:47:33:082 5392 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:47:33:226 5392 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:47:33:517 5392 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:47:33:627 5392 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
12:47:33:766 5392 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
12:47:33:871 5392 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
12:47:34:013 5392 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:47:34:116 5392 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:47:34:234 5392 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:47:34:325 5392 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
12:47:34:526 5392 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
12:47:34:604 5392 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
12:47:34:693 5392 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
12:47:34:760 5392 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
12:47:34:894 5392 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:47:34:995 5392 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:47:35:157 5392 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
12:47:35:260 5392 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:47:35:329 5392 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:47:35:440 5392 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:47:35:612 5392 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:47:35:729 5392 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
12:47:35:830 5392 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:47:35:932 5392 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:47:36:030 5392 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:47:36:133 5392 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:47:36:220 5392 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:47:36:295 5392 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:47:36:397 5392 Smb (76f52eb52049fd2d0e48f2b8ef2428cc) C:\Windows\system32\DRIVERS\smb.sys
12:47:36:398 5392 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 76f52eb52049fd2d0e48f2b8ef2428cc, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
12:47:36:399 5392 File "C:\Windows\system32\DRIVERS\smb.sys" infected by TDSS rootkit ... 12:47:36:743 5392 Backup copy found, using it..
12:47:36:855 5392 will be cured on next reboot
12:47:36:976 5392 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:47:37:085 5392 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
12:47:37:086 5392 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:47:37:200 5392 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
12:47:37:346 5392 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
12:47:37:482 5392 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
12:47:37:632 5392 STHDA (68a0d39e357dd7a234b1d4f1e844c615) C:\Windows\system32\drivers\stwrt.sys
12:47:37:820 5392 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:47:37:901 5392 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:47:37:988 5392 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:47:38:064 5392 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:47:38:238 5392 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
12:47:38:349 5392 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
12:47:38:449 5392 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
12:47:38:511 5392 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
12:47:38:663 5392 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:47:38:752 5392 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:47:38:869 5392 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
12:47:38:980 5392 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
12:47:39:097 5392 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:47:39:224 5392 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:47:39:337 5392 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
12:47:39:452 5392 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:47:39:575 5392 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
12:47:39:686 5392 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:47:39:776 5392 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:47:39:877 5392 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:47:39:960 5392 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:47:40:088 5392 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:47:40:210 5392 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
12:47:40:340 5392 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:47:40:454 5392 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:47:40:598 5392 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
12:47:40:679 5392 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
12:47:40:773 5392 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:47:40:875 5392 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
12:47:41:005 5392 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:47:41:117 5392 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:47:41:203 5392 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
12:47:41:321 5392 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:47:41:447 5392 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:47:41:548 5392 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:47:41:639 5392 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:47:41:736 5392 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
12:47:41:856 5392 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:47:41:964 5392 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
12:47:42:084 5392 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
12:47:42:198 5392 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:47:42:292 5392 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:47:42:404 5392 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:42:438 5392 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:47:42:531 5392 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:47:42:662 5392 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:47:42:821 5392 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:47:42:907 5392 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
12:47:43:029 5392 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:47:43:142 5392 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:47:43:265 5392 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
12:47:43:419 5392 Reboot required for cure complete..
12:47:43:895 5392 Cure on reboot scheduled successfully
12:47:43:896 5392
12:47:43:896 5392 Completed
12:47:43:897 5392
12:47:43:898 5392 Results:
12:47:43:899 5392 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
12:47:43:900 5392 File objects infected / cured / cured on reboot: 1 / 0 / 1
12:47:43:901 5392
12:47:43:973 5392 KLMD(ARK) unloaded successfully

"I press Y and my machine rebooted, too it's normal speed of rebooting i must say".

I thought to be on the safe side i'd go to step 2 (just incase).

It found 99 Cookies from various sites, and potential dangerous 1 which i've quarantined.

I've got onto the internet (loads speedy again) searched through sites that normally get this darn thing popping up, but i've been unsuccessful (which is fantastic).

All in all the performance of my laptop now after running the TDSSKiller has greatly improved.

Member Avatar for Valium1989

DDS (Ver_10-03-17.01) - NTFSx86
Run by Me at 13:43:58.98 on 23/06/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2045.1012 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Me\Desktop\dds.scr

After running the above that's my processes running, do you think that's still far too many? if so i'm not sure how too stop processes from running!

i was looking at "wmiprvse.exe" and i think more say it's bad than good, so i should get rid of it? Although it could be something used for me running GTA / Windows Update?

Many thanks for your quick replies, i appreciate it

Member Avatar for PhilliePhan

After running the above that's my processes running, do you think that's still far too many? if so i'm not sure how too stop processes from running!
i was looking at "wmiprvse.exe" and i think more say it's bad than good, so i should get rid of it? Although it could be something used for me running GTA / Windows Update?
Many thanks for your quick replies, i appreciate it

Happy to help!

-- You can easily stop processes via Task Manager, but they all look OK to me. wmiprvse.exe is not a baddie and nothing jumps out at me at quick glance..... Just to be on the safe side, I suggest you update your MBAM and run a scan in normal Windows boot and make sure it shows clean.

You might also be well served to dump Limewire. And make sure no LOP came along with MessengerPlus! (though I haven't seen that in a while).

If you are back up to speed, there probably isn't reason to mess with the processes. However, if you want to tweak and fine tune them, I suggest the tried and true method of visiting Black Viper's Site.

-- And, you might wish to enable System Restore or, better yet, try URUNT.

Cheers :)
PP

Edited by PhilliePhan because: The Usual...
Member Avatar for Biker920

wmiprvse.exe is a Windows System File and should be in a system directory. If it is then this application is safe.

this quote came from Micro soft if it is where it should be leave it alone. Later---

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.