Problems After Fixing Anti-Malware Doctor

videogamer · Aug 4, 2010

I was infected with Anti-Malware Doctor about two weeks ago. Pop-ups and ads for anti-malware software were coming up all over my screen. A quick Google search on the problem led me to a link that had a list of instructions that helped me fix the immediate problem. I downloaded Malwarebytes' Anti-Malware, ran the scan, then removed the infected files. This helped in getting rid of all of the pop-ups. But since then, my computer has been running slower. Every now and then, the desktop will randomly change its look (I'm running Windows XP) but I can still run everything, Internet, Word, etc. And I also get an error message that says something like: Generic Host Process 32, or something like that. I think my computer is still infected.

Also, I tried to put the DDS log in but whenever I pasted it, I keep getting an error message saying, "The Connection was Reset."

Blade81 · Aug 11, 2010

Hi,

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

videogamer · Aug 11, 2010

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF78DD000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1175552 bytes (Agere Systems, SoftModem Device Driver)
0xF8420000 kxgvqxlj.sys 794624 bytes
0xF7A20000 C:\WINDOWS\system32\drivers\smwdm.sys 598016 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF8325000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF06F000 C:\WINDOWS\System32\ialmdd5.DLL 483328 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xBA2FA000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7310000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xBA405000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB3B97000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB3796000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF84F3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 188416 bytes (Intel Corporation, Component GHAL Driver)
0xB3CDE000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF82F8000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB3E03000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xBA36A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBA3B7000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA3DF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7AE9000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 147456 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xF79FC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7B0D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7AB2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xBA395000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF01F000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF83C9000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8401000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xED1CB000 C:\WINDOWS\system32\drivers\ialmsbw.sys 114688 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000(R) & Windows XP(TM))
0xF82DE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF83E9000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7B45000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF83B2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF78C6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3E51000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xED1E7000 C:\WINDOWS\system32\drivers\ialmkchw.sys 81920 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000(R) & Windows XP(TM))
0xF7AD5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7B31000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xBA45E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF84E2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF788D000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5742000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8722000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF85E2000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8552000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xEBD57000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF8742000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8732000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEBDB7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF68CE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8562000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF85A2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8702000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 53248 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8752000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8582000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8772000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB9EA3000 C:\WINDOWS\System32\DRIVERS\srenum.sys 49152 bytes
0xEBD47000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8712000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8572000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8762000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8542000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF75C2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF87A2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8592000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86F2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8782000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8792000 C:\WINDOWS\system32\DRIVERS\ndisrd.sys 36864 bytes (NT Kernel Resources, NDISRD helper driver)
0xEBD67000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3A47000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF85B2000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xEBD77000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8922000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF641A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88FA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8912000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF87C2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF891A000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF8902000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF890A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88F2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF642A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF643A000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF6422000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87CA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8932000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF893A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF892A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB553D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A0A000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF8A22000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8952000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB55C0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF89EE000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xECE75000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8ACE000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF8A88000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A86000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A46000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A42000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A8A000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8AAE000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A8C000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AD0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A50000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A44000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C82000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B16000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEB8A4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B0A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x82283930 unknown_irp_handler 1744 bytes
!!!!!!!!!!!Hidden driver: 0x822E8AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x82388DE0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF83E9000 WARNING: suspicious driver modification [atapi.sys::0x822E8AEA]
0xF8542000 WARNING: Virus alike driver modification [isapnp.sys], 40960 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\kxgvqxlj.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BZ7X2YRZ\ad.afy11[1].net%2fad%3fc%3dUMYdasPHrkOXdJMeaaIhfOCk81r24eOMFKfu3fA1deE2lbTkwmYvx6N%2btqVCNanf3TttSRXB9Ey63Ztz9C4vCUNJLKAxgtT2toLzcyJKnz0%3d!;ord=26787418189
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BZ7X2YRZ\ad.afy11[1].net%2fad%3fc%3durcavE9qYESrvCwUYzO1o6U2pmx1iOLTVkl1s9odI3TuV9Rn5jkocBbUQDpg3LtzLHCs8Wq95WmdXl%2bTtI8qZ1YMYkk90JVrzX6iqJ4Aa2A%3d!;ord=18179504989
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JEDD4RIF\dref=http%253A%252F%252Forigin.candystand.com%252Fbanners%252Frotate[1].do%253Furi%253D%25252Fplay-random-game%25252Fmovie-star%2526region%253Dsquare_zone11
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\389J2XYA\kvseg%3D99999%3A53013%3A53020%3A53052%3A53058%3A53410%3A50280%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua29%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=279570909[1]2
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\itime%3D533361155%3Bkvmn%3D93305241%3Bkvtid%3D15h17pv0o4ksfl%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua30%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=533361155[1]ndd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\kvseg%3D99999%3A53013%3A53020%3A53052%3A53058%3A53410%3A50280%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua30%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=788820991[1]dd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[1].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[2].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[3].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[4].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[5].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[6].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[7].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[8].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\PXUZIGWO\ref=http%253A%252F%252Fwww.aim.com%252Fredirects%252Finclient%252FAIM_UAC_v2[9].adp%253Fmagic%253D93305241%2526width%253D234%2526height%253D60%2526sn%253DMBTheSecondd
!-->[Hidden] C:\Documents and Settings\Waqar\Local Settings\Temporary Internet Files\Content.IE5\XAXEU591\kvseg%3D99999%3A53013%3A53020%3A53052%3A53058%3A53410%3A50280%3Bkr581%3D3829%3Bkvag%3Dam2%3Aua29%3Bkvug%3D1%3Bkp%3D12323%3Bnodecode%3Dyes%3Blink%3D;ord=874390633[1]d
==============================================
>Hooks
==============================================
Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
[1380]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1380]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1380]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1380]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1380]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1380]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1380]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[308]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[308]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[308]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[308]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[308]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[308]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[308]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[308]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[308]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[308]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[308]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C0E4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0040C0E0-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x0040C0B0-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x0040C0B8-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->shell32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7C9C1134-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->AnimateWindow, Type: IAT modification 0x7C9C1D18-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcA, Type: IAT modification 0x7C9C1D48-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x7C9C1EA4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x7C9C1E3C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x7C9C1EE4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x7C9C1F90-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->shell32.dll-->user32.dll-->TrackPopupMenuEx, Type: IAT modification 0x7C9C1D34-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->DefWindowProcW, Type: IAT modification 0x0040C268-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->gdi32.dll-->GetStockObject, Type: IAT modification 0x7E411130-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->user32.dll-->GetSysColor, Type: IAT modification 0x0040C2A4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->TrackPopupMenu, Type: IAT modification 0x0040C29C-->00000000 [yui.dll]
[3264]Ymsgr_tray.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[3264]Ymsgr_tray.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[580]igfxtray.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[580]igfxtray.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[580]igfxtray.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[580]igfxtray.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[580]igfxtray.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[604]hkcmd.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[604]hkcmd.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[604]hkcmd.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[604]hkcmd.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[604]hkcmd.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[620]AGRSMMSG.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[628]jusched.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[628]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[628]jusched.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[628]jusched.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[628]jusched.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[628]jusched.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[628]jusched.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[628]jusched.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[628]jusched.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[636]realsched.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[636]realsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[636]realsched.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[636]realsched.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[636]realsched.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[636]realsched.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[636]realsched.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[636]realsched.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[636]realsched.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[652]AdobeARM.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[672]iTunesHelper.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[680]ctfmon.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[680]ctfmon.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[680]ctfmon.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[680]ctfmon.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[680]ctfmon.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]
[700]msmsgs.exe-->kernel32.dll-->GetFileAttributesExW, Type: Inline - RelativeJump 0x7C811195-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ntdll.dll-->NtCreateThread, Type: Inline - RelativeJump 0x7C90D1AE-->00000000 [unknown_code_page]
[700]msmsgs.exe-->user32.dll-->GetClipboardData, Type: Inline - RelativeJump 0x7E430DBA-->00000000 [unknown_code_page]
[700]msmsgs.exe-->user32.dll-->TranslateMessage, Type: Inline - RelativeJump 0x7E418BF6-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpQueryInfoA, Type: Inline - RelativeJump 0x3D94878D-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x3D95EE89-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x3D9BA70A-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x3D9BA763-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x3D94FABE-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetCloseHandle, Type: Inline - RelativeJump 0x3D949088-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetQueryDataAvailable, Type: Inline - RelativeJump 0x3D94BF7F-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetReadFile, Type: Inline - RelativeJump 0x3D94654B-->00000000 [unknown_code_page]
[700]msmsgs.exe-->wininet.dll-->InternetReadFileExA, Type: Inline - RelativeJump 0x3D963381-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->00000000 [unknown_code_page]
[700]msmsgs.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->00000000 [unknown_code_page]

Blade81 · Aug 12, 2010

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click
Start Scan
. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format).

Try to post contents of DDS logs (dds.txt & attach.txt) now.

videogamer · Aug 12, 2010

There is one item found by TDSSKiller that does not have a "cure" option, but rather a "delete" option. Should I go ahead and delete that one? The other item does have a cure option.

Blade81 · Aug 12, 2010

Don't make any changes on that item that doesn't have cure option available.

videogamer · Aug 12, 2010

2010/08/12 04:41:57.0484 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/12 04:41:57.0484 ================================================================================
2010/08/12 04:41:57.0484 SystemInfo:
2010/08/12 04:41:57.0484
2010/08/12 04:41:57.0484 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/12 04:41:57.0484 Product type: Workstation
2010/08/12 04:41:57.0484 ComputerName: KINESIO
2010/08/12 04:41:57.0484 UserName: Waqar
2010/08/12 04:41:57.0484 Windows directory: C:\WINDOWS
2010/08/12 04:41:57.0484 System windows directory: C:\WINDOWS
2010/08/12 04:41:57.0484 Processor architecture: Intel x86
2010/08/12 04:41:57.0484 Number of processors: 2
2010/08/12 04:41:57.0484 Page size: 0x1000
2010/08/12 04:41:57.0484 Boot type: Normal boot
2010/08/12 04:41:57.0484 ================================================================================
2010/08/12 04:41:57.0562 Initialize success
2010/08/12 04:42:00.0265 ================================================================================
2010/08/12 04:42:00.0265 Scan started
2010/08/12 04:42:00.0265 Mode: Manual;
2010/08/12 04:42:00.0265 ================================================================================
2010/08/12 04:42:01.0343 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 04:42:01.0390 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/12 04:42:01.0468 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/12 04:42:01.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 04:42:01.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 04:42:01.0687 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/12 04:42:01.0890 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/12 04:42:02.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 04:42:02.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 04:42:02.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 04:42:02.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 04:42:02.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 04:42:02.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 04:42:02.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 04:42:02.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 04:42:02.0421 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 04:42:02.0625 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 04:42:02.0718 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 04:42:02.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 04:42:02.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 04:42:02.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 04:42:02.0921 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 04:42:02.0968 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/12 04:42:03.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 04:42:03.0078 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/12 04:42:03.0109 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 04:42:03.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/12 04:42:03.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 04:42:03.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 04:42:03.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 04:42:03.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/12 04:42:03.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 04:42:03.0468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 04:42:03.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 04:42:03.0609 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/12 04:42:03.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 04:42:03.0703 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/12 04:42:03.0734 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 04:42:03.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 04:42:03.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 04:42:03.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 04:42:03.0921 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 04:42:03.0953 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 04:42:04.0000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 04:42:04.0046 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\drivers\tsk9.tmp
2010/08/12 04:42:04.0046 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk9.tmp. md5: 05a299ec56e52649b1cf2fc52d20f2d7
2010/08/12 04:42:04.0093 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 04:42:04.0140 klmdb (710f89af32b1acd8b008148e28584531) C:\WINDOWS\system32\drivers\klmdb.sys
2010/08/12 04:42:04.0203 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 04:42:04.0250 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 04:42:04.0265 Suspicious service (NoAccess): kxgvqxlj
2010/08/12 04:42:04.0328 kxgvqxlj (135c73fb45d9a6ad3c865fb942e340d6) C:\WINDOWS\system32\drivers\kxgvqxlj.sys
2010/08/12 04:42:04.0328 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\kxgvqxlj.sys. md5: 135c73fb45d9a6ad3c865fb942e340d6
2010/08/12 04:42:04.0343 kxgvqxlj - detected Locked service (1)
2010/08/12 04:42:04.0453 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 04:42:04.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 04:42:04.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 04:42:04.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 04:42:04.0609 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 04:42:04.0687 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 04:42:04.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 04:42:04.0781 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 04:42:04.0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 04:42:04.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 04:42:04.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 04:42:04.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 04:42:05.0015 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 04:42:05.0093 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
2010/08/12 04:42:05.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 04:42:05.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 04:42:05.0203 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 04:42:05.0250 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 04:42:05.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 04:42:05.0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 04:42:05.0375 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/12 04:42:05.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 04:42:05.0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 04:42:05.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 04:42:05.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 04:42:05.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 04:42:05.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/12 04:42:05.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/12 04:42:05.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 04:42:05.0734 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 04:42:05.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 04:42:05.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 04:42:05.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/12 04:42:06.0093 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 04:42:06.0109 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 04:42:06.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 04:42:06.0218 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 04:42:06.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 04:42:06.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 04:42:06.0421 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 04:42:06.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 04:42:06.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 04:42:06.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 04:42:06.0562 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 04:42:06.0625 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 04:42:06.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 04:42:06.0765 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 04:42:06.0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/12 04:42:06.0906 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/12 04:42:07.0000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 04:42:07.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\drivers\sr.sys
2010/08/12 04:42:07.0140 srenum (bd679b08ddc9f5e28b0df812a4524a77) C:\WINDOWS\system32\DRIVERS\srenum.sys
2010/08/12 04:42:07.0218 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 04:42:07.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 04:42:07.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 04:42:07.0468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 04:42:07.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 04:42:07.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 04:42:07.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 04:42:07.0609 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 04:42:07.0687 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 04:42:07.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 04:42:07.0828 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/12 04:42:07.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 04:42:07.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 04:42:07.0953 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 04:42:08.0000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 04:42:08.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 04:42:08.0062 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 04:42:08.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 04:42:08.0187 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 04:42:08.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 04:42:08.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 04:42:08.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 04:42:08.0531 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/12 04:42:08.0578 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/12 04:42:08.0609 ================================================================================
2010/08/12 04:42:08.0609 Scan finished
2010/08/12 04:42:08.0609 ================================================================================
2010/08/12 04:42:08.0625 Detected object count: 1
2010/08/12 04:42:23.0531 Locked service(kxgvqxlj) - User select action: Skip
2010/08/12 04:42:34.0468 ================================================================================
2010/08/12 04:42:34.0468 Scan started
2010/08/12 04:42:34.0468 Mode: Manual;
2010/08/12 04:42:34.0468 ================================================================================
2010/08/12 04:42:34.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/12 04:42:35.0031 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/12 04:42:35.0093 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/12 04:42:35.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/12 04:42:35.0218 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/12 04:42:35.0312 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/12 04:42:35.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/12 04:42:35.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/12 04:42:35.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/12 04:42:35.0671 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/12 04:42:35.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/12 04:42:35.0750 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/12 04:42:35.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/12 04:42:35.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/12 04:42:35.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/12 04:42:35.0953 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/12 04:42:36.0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/12 04:42:36.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/12 04:42:36.0250 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/12 04:42:36.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/12 04:42:36.0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/12 04:42:36.0406 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/12 04:42:36.0453 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/08/12 04:42:36.0500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/12 04:42:36.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/12 04:42:36.0562 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/12 04:42:36.0578 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/12 04:42:36.0625 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/12 04:42:36.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/12 04:42:36.0687 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/12 04:42:36.0734 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/12 04:42:36.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/12 04:42:36.0859 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/12 04:42:36.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/12 04:42:37.0000 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/12 04:42:37.0015 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/12 04:42:37.0078 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/12 04:42:37.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/12 04:42:37.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/12 04:42:37.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/12 04:42:37.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/12 04:42:37.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/12 04:42:37.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/12 04:42:37.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/12 04:42:37.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\drivers\tsk9.tmp
2010/08/12 04:42:37.0406 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk9.tmp. md5: 05a299ec56e52649b1cf2fc52d20f2d7
2010/08/12 04:42:37.0453 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/12 04:42:37.0484 klmdb (710f89af32b1acd8b008148e28584531) C:\WINDOWS\system32\drivers\klmdb.sys
2010/08/12 04:42:37.0546 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/12 04:42:37.0593 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/12 04:42:37.0609 Suspicious service (NoAccess): kxgvqxlj
2010/08/12 04:42:37.0671 kxgvqxlj (135c73fb45d9a6ad3c865fb942e340d6) C:\WINDOWS\system32\drivers\kxgvqxlj.sys
2010/08/12 04:42:37.0671 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\kxgvqxlj.sys. md5: 135c73fb45d9a6ad3c865fb942e340d6
2010/08/12 04:42:37.0687 kxgvqxlj - detected Locked service (1)
2010/08/12 04:42:37.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/12 04:42:37.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/12 04:42:37.0875 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/12 04:42:37.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/12 04:42:37.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/12 04:42:38.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/12 04:42:38.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/12 04:42:38.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/12 04:42:38.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/12 04:42:38.0234 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/12 04:42:38.0281 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/12 04:42:38.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/12 04:42:38.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/12 04:42:38.0390 ndisrd (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
2010/08/12 04:42:38.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/12 04:42:38.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/12 04:42:38.0468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/12 04:42:38.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/12 04:42:38.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/12 04:42:38.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/12 04:42:38.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/12 04:42:38.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/12 04:42:38.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/12 04:42:38.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/12 04:42:38.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/12 04:42:38.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/12 04:42:38.0843 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/12 04:42:38.0859 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/12 04:42:38.0890 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/12 04:42:38.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/12 04:42:38.0937 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/12 04:42:39.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/12 04:42:39.0046 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/12 04:42:39.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/12 04:42:39.0343 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/12 04:42:39.0390 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/12 04:42:39.0421 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/12 04:42:39.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/12 04:42:39.0609 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/12 04:42:39.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/12 04:42:39.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/12 04:42:39.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/12 04:42:39.0734 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/12 04:42:39.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/12 04:42:39.0828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/12 04:42:39.0937 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/12 04:42:39.0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/12 04:42:40.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/12 04:42:40.0109 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/12 04:42:40.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/12 04:42:40.0265 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\drivers\sr.sys
2010/08/12 04:42:40.0312 srenum (bd679b08ddc9f5e28b0df812a4524a77) C:\WINDOWS\system32\DRIVERS\srenum.sys
2010/08/12 04:42:40.0390 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/12 04:42:40.0437 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/12 04:42:40.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/12 04:42:40.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/12 04:42:40.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/12 04:42:40.0703 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/12 04:42:40.0734 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/12 04:42:40.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/12 04:42:40.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/12 04:42:40.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/12 04:42:41.0031 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/08/12 04:42:41.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/12 04:42:41.0093 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/12 04:42:41.0156 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/12 04:42:41.0203 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/12 04:42:41.0234 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/12 04:42:41.0265 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/12 04:42:41.0312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/12 04:42:41.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/12 04:42:41.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/12 04:42:41.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/12 04:42:41.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/12 04:42:41.0671 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2010/08/12 04:42:41.0703 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2010/08/12 04:42:41.0734 ================================================================================
2010/08/12 04:42:41.0734 Scan finished
2010/08/12 04:42:41.0734 ================================================================================
2010/08/12 04:42:41.0750 Detected object count: 1
2010/08/12 04:42:43.0781 Locked service(kxgvqxlj) - User select action: Skip

videogamer · Aug 12, 2010

As you can see, I have posted the TDSSKiller log but I am still having the same problems with the DDS and Attach logs. I can't copy and paste them; I get the "Connection was Reset" page. And the same thing happens if I try to upload them as attachments.

Blade81 · Aug 12, 2010

The other item does have a cure option.

I don't see any other detected items there. What item were you talking about? Please run TDSSKiller again and let it quarantine (or delete if quarantine is not available) the item skipped on previous run.

videogamer · Aug 12, 2010

For some reason, I don't know why, I ran TDSSKiller again and no threats were found.

Blade81 · Aug 12, 2010

Hi,

Remove DDS related lines from both dds.txt and attach.txt log header part and try to copy-paste rest of the contents here. If that doesn't work let me know if you have other system you can use to post the logs.

videogamer · Aug 13, 2010

Run by Waqar at 4:44:59.17 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.181 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Waqar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {4fd1746b-6b0c-4761-8138-7677f99d0315} - c:\windows\system32\qiwgp.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [{3E22F618-7EBF-DAD1-F566-648CEB8CC750}] "c:\documents and settings\waqar\application data\luuds\kuet.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sta] rundll32 "uiwgp.dll",,Run
dRun: [Udusis] rundll32.exe "c:\windows\kbdbgsi.dll",Startup
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247800031515
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\waqar\applic~1\mozilla\firefox\profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101046100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\waqar\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files\mozilla firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2010-8-8 46976]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-8 20480]
S3 3B38C503;3B38C503;c:\windows\system32\3B38C503.exe [2010-8-11 6656]
UnknownUnknown klmd24;klmd24; [x]

=============== Created Last 30 ================

2010-08-12 08:29:30 70608 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-08-12 08:29:30 37248 ----a-w- c:\windows\system32\drivers\tsk9.tmp
2010-08-11 21:47:09 6656 ----a-w- c:\windows\system32\3B38C503.exe
2010-08-09 04:11:33 0 d-----w- c:\docume~1\waqar\applic~1\Street-Ads
2010-08-09 04:11:33 0 d-----w- c:\docume~1\waqar\applic~1\Sky-Banners
2010-08-08 22:18:37 46976 ----a-w- c:\windows\system32\drivers\srenum.sys
2010-08-08 22:18:37 4128 ----a-w- c:\windows\system32\msrun.exe
2010-08-08 22:18:25 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-07-26 21:27:20 0 d-----w- c:\docume~1\waqar\applic~1\Malwarebytes
2010-07-26 21:26:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:26:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-26 21:09:48 2767 ----a-w- c:\windows\ilavesaz.dll
2010-07-26 21:09:37 768000 ----a-w- c:\windows\system32\drivers\kxgvqxlj.sys
2010-07-26 21:06:38 5 ----a-w- C:\zrpt.xml
2010-07-26 21:06:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-07-26 21:06:27 0 d-----w- c:\docume~1\waqar\applic~1\5E184C8E1602A42187F2A0BF820911F1
2010-07-16 04:18:18 246784 ----a-w- c:\windows\system32\qiwgp.dll
2010-07-14 05:00:07 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 4:46:36.59 ===============

videogamer · Aug 13, 2010

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2009 10:37:12 PM
System Uptime: 8/12/2010 4:23:55 AM (0 hours ago)

Motherboard: ASUSTek Computer Inc. | | P4SD-VL
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2793/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 132.996 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Agere Systems AC'97 Modem
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Updater (AOL LLC)
Free RAR Extract Frog 1.00
H.264 Decoder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Move Media Player
Mozilla Firefox (3.5.11)
MSN
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Street-Ads Browser Enhancer
thriXXX 3DSexVilla2-084.001
thriXXX WebLaunch
Times Reader
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/9/2010 6:01:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
8/9/2010 5:57:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:57:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/9/2010 5:56:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2010 5:56:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/5/2010 10:31:14 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/5/2010 10:31:14 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Blade81 · Aug 13, 2010

Good. Let's continue

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

videogamer · Aug 16, 2010

I can ComboFix and a log was even produced but when the computer re-booted afterwards, I found that I could no longer access the Internet. Every time I open a browser, Mozilla says, "Server not found." And my desktop picture was changed when the computer re-booted. Internet Explorer doesn't even work. When I opened the log that ComboFix produced, I found some Mozilla files deleted. I don't have the log on me right now since I am typing this reply from a different computer. What should I do?

Blade81 · Aug 16, 2010

Hi,

Could you transfer logs via removable drive and post them from system that has network access working, please?

videogamer · Aug 16, 2010

ComboFix 10-08-15.01 - Waqar 08/16/2010 0:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.358 [GMT -4:00]
Running from: c:\documents and settings\Waqar\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Update\seupd.exe
c:\documents and settings\LocalService\Application Data\Sky-Banners
c:\documents and settings\LocalService\Application Data\Street-Ads
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1\enemies-names.txt
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1\local.ini
c:\documents and settings\Waqar\Application Data\5E184C8E1602A42187F2A0BF820911F1\lsrslt.ini
c:\documents and settings\Waqar\Application Data\Luuds
c:\documents and settings\Waqar\Application Data\Luuds\kuet.exe
c:\documents and settings\Waqar\Application Data\Sky-Banners
c:\documents and settings\Waqar\Application Data\Street-Ads
c:\documents and settings\Waqar\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\Waqar\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\Waqar\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\zrpt.xml
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\ilavesaz.dll
c:\windows\kbdbgsi.dll
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\srenum.sys
c:\windows\system32\msrun.exe
c:\windows\system32\qiwgp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_ATAPIDRV
-------\Service_ndisrd
-------\Legacy_srenum
-------\Service_srenum

((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-13 22:51 . 2010-08-13 22:51 -------- d-----w- c:\documents and settings\Waqar\Application Data\BitComet
2010-08-11 21:47 . 2010-08-11 21:47 6656 ----a-w- c:\windows\system32\3B38C503.exe
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-08 22:18 . 2010-08-08 22:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AIM Toolbar
2010-08-08 22:18 . 2010-08-09 21:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\dsitjkcbc
2010-08-07 23:23 . 2010-08-15 20:15 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-01 04:59 . 2010-08-01 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 00:15 . 2010-07-28 00:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-26 23:28 . 2010-07-26 23:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-26 21:27 . 2010-07-26 21:27 -------- d-----w- c:\documents and settings\Waqar\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 21:26 . 2010-07-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-26 21:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 21:08 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\exbnwpfwf
2010-07-26 21:08 . 2010-07-26 21:08 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\{116E1CDE-1499-4068-BEE3-3C0DB2E07A0D}
2010-07-26 21:06 . 2010-07-26 21:31 -------- d-----w- c:\documents and settings\Waqar\Local Settings\Application Data\gygbthdjk
2010-07-26 21:06 . 2010-08-16 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 04:51 . 2009-07-17 22:14 -------- d-----w- c:\program files\BitComet
2010-08-12 09:22 . 2006-02-28 12:00 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-08-12 02:25 . 2009-10-27 00:12 -------- d-----w- c:\documents and settings\Waqar\Application Data\Oply
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\program files\iTunes
2010-07-01 01:58 . 2010-07-01 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-01 01:57 . 2010-07-01 01:57 -------- d-----w- c:\program files\iPod
2010-07-01 01:57 . 2009-07-17 03:57 -------- d-----w- c:\program files\Common Files\Apple
2010-07-01 01:54 . 2010-01-03 02:52 -------- d-----w- c:\program files\QuickTime
2010-07-01 01:51 . 2010-07-01 01:51 -------- d-----w- c:\program files\Bonjour
2010-07-01 01:45 . 2010-07-01 01:45 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-30 12:31 . 2006-02-28 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-28 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-28 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-28 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-07-17 02:33 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-05-22 19:35 . 2010-05-22 19:35 503808 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcp71.dll
2010-05-22 19:35 . 2010-05-22 19:35 499712 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\jmc.dll
2010-05-22 19:35 . 2010-05-22 19:35 348160 ----a-w- c:\documents and settings\Waqar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7424c877-n\msvcr71.dll
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 88363]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-29 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26439:TCP"= 26439:TCP:BitComet 26439 TCP
"26439:UDP"= 26439:UDP:BitComet 26439 UDP

S3 3B38C503;3B38C503;c:\windows\system32\3B38C503.exe [8/11/2010 5:47 PM 6656]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
FF - ProfilePath - c:\documents and settings\Waqar\Application Data\Mozilla\Firefox\Profiles\orf8mrek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101046100&s=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Waqar\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-{3E22F618-7EBF-DAD1-F566-648CEB8CC750} - c:\documents and settings\Waqar\Application Data\Luuds\kuet.exe
HKLM-Run-sta - uiwgp.dll
HKU-Default-Run-Udusis - c:\windows\kbdbgsi.dll
SafeBoot-klmdb.sys
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-08-16 01:08:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 05:08

Pre-Run: 140,500,664,320 bytes free
Post-Run: 143,118,917,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D67879B736817A88F5C651F622D7682C

videogamer · Aug 16, 2010

Just posted the ComboFix log. I can't find DDS on my computer and so can't run it.

videogamer · Aug 16, 2010

I have an update. While I was using my flash drive to paste the ComboFix log on another computer, I research the problem I had with Internet connectivity and found a download called "WinsockXP." I downloaded the program to my flash drive, ran it on my computer and the Internet now works.

videogamer · Aug 17, 2010

I spoke too soon. About an hour after I ran the WinsockXP program, Antimalware Doctor (the original problem) showed up again and it seems my computer is still infected. Also, the Internet connection has been cut off again and Winsock won't work again. I run it and it won't reboot my Internet connection.

Problems After Fixing Anti-Malware Doctor

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

New member