Ukash

[Sparks]

The ukash virus seems to have completly locked a computer we have i just don't no what to do....could any one help? I'm a complete novice, however i have tried all things on the tips section as far as i'm aware but it just will not boot up, any advice would really be such a help.

 

[Fiery]

Hi and welcome to MalwareTips!

What is your operating system? XP or Vista or window 7 or windows 8?

 

[Sparks]

Hi, Fiery

XP

---

Hi Fiery,

XP

 

[Fiery]

Ok, let`s get started. You will need a CD and USB for this. If you do not have a CD, let me know.

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Sparks]

Hi,

Thanks for your reply i have done as you have asked, please see flash drive info.
I did turn the infected computer off was that ok. Hope so.
Hope you can help please.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02
Ran by SYSTEM on 22-04-2013 10:01:22
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] stsystra.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2008-03-30] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2008-03-30] (NVIDIA Corporation)
HKLM\...\Run: [PMX Daemon] ICO.EXE [x]
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [309 2013-04-21] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-01-27] (LogMeIn, Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [951592 2009-12-15] (Trend Micro Inc.)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [System]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\Anyone\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\Anyone\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x]
HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\LogMeInRemoteUser\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-05] (Apple Inc.)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation)
S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1299752 2009-12-11] (Trend Micro Inc.)
S2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-06-24] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1337488 2009-12-11] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2008-03-30] (Broadcom Corporation)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-01-27] (LogMeIn, Inc.)
S2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-01-27] (LogMeIn, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [105472 2007-12-19] (NVIDIA Corporation)
S0 nvgts; C:\Windows\System32\drivers\nvgts.sys [102400 2008-06-10] (NVIDIA Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2007-12-02] (SigmaTel, Inc.)
S3 tmcfw; C:\Windows\System32\DRIVERS\TM_CFW.sys [339984 2009-07-15] (Trend Micro Inc.)
S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [158224 2010-05-18] (Trend Micro Inc.)
S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.)
S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)
S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 WDICA; No ImagePath
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST
2013-04-21 10:32 - 2013-04-21 11:23 - 00006208 ____A C:\Windows\setupapi.log
2013-04-17 13:24 - 2013-04-21 14:07 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini
2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$

==================== One Month Modified Files and Folders ========

2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST
2013-04-22 03:52 - 2010-06-09 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-04-22 03:52 - 2008-04-25 17:32 - 00032570 ____A C:\Windows\SchedLgU.Txt
2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-04-22 03:52 - 2008-04-25 17:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-22 03:52 - 2008-04-25 17:28 - 01061630 ____A C:\Windows\WindowsUpdate.log
2013-04-22 03:52 - 2008-04-25 05:25 - 00000275 ____A C:\Windows\wiadebug.log
2013-04-22 03:52 - 2008-04-25 05:25 - 00000050 ____A C:\Windows\wiaservc.log
2013-04-21 14:08 - 2011-01-04 10:48 - 00233788 ____A C:\Windows\System32\TmInstall.log
2013-04-21 14:07 - 2013-04-17 13:24 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini
2013-04-21 14:07 - 2008-04-25 12:16 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-04-21 14:06 - 2011-01-05 11:17 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3915953210-1411050872-365619372-1007.job
2013-04-21 14:06 - 2010-07-14 06:49 - 00000236 ____A C:\Windows\Tasks\OGALogon.job
2013-04-21 14:06 - 2008-11-19 11:45 - 00000062 __ASH C:\Documents and Settings\Anyone\Local Settings\desktop.ini
2013-04-21 14:00 - 2011-01-04 10:52 - 00000031 ____A C:\tmuninst.ini
2013-04-21 11:23 - 2013-04-21 10:32 - 00006208 ____A C:\Windows\setupapi.log
2013-04-21 08:24 - 2012-03-13 06:27 - 00000000 __SHD C:\Windows\CSC
2013-04-17 14:16 - 2008-11-19 11:45 - 00000278 __SHC C:\Documents and Settings\Anyone\ntuser.ini
2013-04-17 13:20 - 2011-01-05 11:17 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915953210-1411050872-365619372-1007.job
2013-04-16 08:33 - 2009-01-05 12:31 - 00000000 ____D C:\Program Files\EasyCert
2013-04-16 03:26 - 2012-08-20 10:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-16 03:26 - 2012-08-20 10:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-15 11:09 - 2009-05-06 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-04-11 04:21 - 2008-04-25 05:21 - 00273376 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-04-11 04:05 - 2010-07-14 06:52 - 00000000 ____D C:\Windows\ie8updates
2013-04-11 04:05 - 2008-10-20 13:29 - 00000000 ___HD C:\Windows\$hf_mig$
2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-04-11 04:01 - 2008-10-25 09:30 - 70490256 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-04-04 09:50 - 2012-08-20 10:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-03 02:42 - 2008-04-25 05:22 - 00573294 ___AC C:\Windows\System32\PerfStringBackup.INI

==================== Known DLLs (ALL) =========================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-14 05:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP999

RP: -> 2013-04-13 04:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP998

RP: -> 2013-04-12 04:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP997

RP: -> 2013-04-11 04:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP996

RP: -> 2013-04-10 09:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP995

RP: -> 2013-04-09 09:11 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP994

RP: -> 2013-04-08 07:21 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP993

RP: -> 2013-04-07 06:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP992

RP: -> 2013-04-06 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP991

RP: -> 2013-04-05 04:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP990

RP: -> 2013-04-04 04:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP989

RP: -> 2013-04-03 02:58 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP988

RP: -> 2013-03-30 10:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP987

RP: -> 2013-03-29 10:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP986

RP: -> 2013-03-28 09:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP985

RP: -> 2013-03-27 08:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP984

RP: -> 2013-03-26 08:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP983

RP: -> 2013-03-25 07:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP982

RP: -> 2013-03-24 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP981

RP: -> 2013-03-23 05:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP980

RP: -> 2013-03-22 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP979

RP: -> 2013-03-21 11:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP978

RP: -> 2013-03-20 10:26 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP977

RP: -> 2013-03-19 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP976

RP: -> 2013-03-18 08:10 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP975

RP: -> 2013-03-17 06:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP974

RP: -> 2013-03-16 06:01 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP973

RP: -> 2013-03-15 05:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP972

RP: -> 2013-03-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP971

RP: -> 2013-03-13 17:54 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP970

RP: -> 2013-03-12 15:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP969

RP: -> 2013-03-11 14:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP968

RP: -> 2013-03-10 13:13 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP967

RP: -> 2013-03-09 12:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP966

RP: -> 2013-03-08 11:37 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP965

RP: -> 2013-03-06 16:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP964

RP: -> 2013-03-05 15:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP963

RP: -> 2013-03-04 15:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP962

RP: -> 2013-03-03 12:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP961

RP: -> 2013-03-02 12:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP960

RP: -> 2013-03-01 11:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP959

RP: -> 2013-02-28 11:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP958

RP: -> 2013-02-27 10:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP957

RP: -> 2013-02-25 14:34 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP956

RP: -> 2013-02-24 14:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP955

RP: -> 2013-02-23 13:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954

RP: -> 2013-02-22 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP953

RP: -> 2013-02-21 12:56 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP952

RP: -> 2013-02-20 11:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP951

RP: -> 2013-02-19 10:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP950

RP: -> 2013-02-18 09:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP949

RP: -> 2013-02-17 08:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP948

RP: -> 2013-02-16 06:03 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP947

RP: -> 2013-02-15 05:28 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP946

RP: -> 2013-02-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP945

RP: -> 2013-02-13 15:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP944

RP: -> 2013-02-12 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP943

RP: -> 2013-02-11 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP942

RP: -> 2013-02-10 09:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP941

RP: -> 2013-02-09 08:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP940

RP: -> 2013-02-08 06:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP939

RP: -> 2013-02-07 05:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP938

RP: -> 2013-02-06 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP937

RP: -> 2013-02-05 04:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP936

RP: -> 2013-02-01 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP935

RP: -> 2013-01-31 04:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP934

RP: -> 2013-01-29 20:47 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP933

RP: -> 2013-01-28 19:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP932

RP: -> 2013-01-27 18:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP931

RP: -> 2013-01-26 17:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP930

RP: -> 2013-01-25 17:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP929

RP: -> 2013-01-24 16:46 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP928

RP: -> 2013-01-23 16:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP927

RP: -> 2013-01-22 15:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP926

RP: -> 2013-01-22 13:52 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP925

RP: -> 2013-04-17 08:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1002

RP: -> 2013-04-16 07:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1001

RP: -> 2013-04-15 06:59 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1000


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 1982.36 MB
Available physical RAM: 1712.07 MB
Total Pagefile: 1813.46 MB
Available Pagefile: 1742.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.54 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:148.93 GB) (Free:105.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.88 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 149 GB 78 MB
==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 78 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 149 GB Healthy
=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Active) - (Size=149 GB) - (Type=07) (NTFS)

====================================================================
Disk: 1 (Size: 15 GB) (Disk ID: 8E9D0B2D)

Partition 1: (Active) - (Size=15 GB) - (Type=0B)

==================== End Of Log ============================

 

[Fiery]

Hi,

Open notepad and copy & paste the following:

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x]
C:\Documents and Settings\Anyone\Application Data\skype.dat
C:\Documents and Settings\Anyone\Application Data\skype.ini

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Next, pull out the OTLPE CD, reset the BIOS to boot from harddrive and attempt to boot normally. If you are able to boot normally,

Download TDSSkiller from here

• Double-Click on TDSSKiller.exe to run the application
• When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
• After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
  
  
• click Start scan .
  
• If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
• If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Attach the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

 

[Sparks]

Hi,

I'm just about to attemp all your sugested actions.
I'm not totally clear on a couple of things after hrst and fix at the start, you say post the generated log, do you mean i paste it and send it to you? likewise do i do this with the mbar folder at the end.
Thanks for all your help so far.

Sparks

 

[Fiery]

Hi,

You can paste all the logs directly here into your next reply.

However for the TDSSKiller log, you will have to attach it because it's extremely long. For that, click "New Reply" and scroll down to the Attachment section. Click Choose file and select the TDSSKiller log. Click Add attachment afterwards and post the reply

 

[Sparks]

Hi

I've lost a bit of confidence and for some reason i cant copy and paste your file or dont know how to, or rename it.
Thanks for your patience.

Sparks

 

[Fiery]

Hi,

Are you having trouble with the FRST fix? I have attached a copy of it down below, you can just download it straight to your USB. It contains the fix and already pre-named.

Just right-click it > select Save as and save it to your USB

 

[Sparks]

Hi.....and thanks i've done that....i'm going to leave untill tomorrow as i'm feeling a bit daft at the moment.

Thanks for your patience.

Sparks

 

[Fiery]

Ok, take your time.

Hope everything is ok

 

[Sparks]

Hi,
Thanks for all your help all seems to be working great now, there is no way i could have done this myself without your knowledge and patience. Thanks.
Please see logs attached ( I Hope ).
Regards,

Sparks.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02
Ran by SYSTEM on 22-04-2013 10:01:22
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SigmatelSysTrayApp] stsystra.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2008-03-30] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] nwiz.exe /install [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2008-03-30] (NVIDIA Corporation)
HKLM\...\Run: [PMX Daemon] ICO.EXE [x]
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [309 2013-04-21] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.)
HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-01-27] (LogMeIn, Inc.)
HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [951592 2009-12-15] (Trend Micro Inc.)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [System]
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\Anyone\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\Anyone\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x]
HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
HKU\LogMeInRemoteUser\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-05] (Apple Inc.)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation)
S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1299752 2009-12-11] (Trend Micro Inc.)
S2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-06-24] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1337488 2009-12-11] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2008-03-30] (Broadcom Corporation)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-01-27] (LogMeIn, Inc.)
S2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-01-27] (LogMeIn, Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [105472 2007-12-19] (NVIDIA Corporation)
S0 nvgts; C:\Windows\System32\drivers\nvgts.sys [102400 2008-06-10] (NVIDIA Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2007-12-02] (SigmaTel, Inc.)
S3 tmcfw; C:\Windows\System32\DRIVERS\TM_CFW.sys [339984 2009-07-15] (Trend Micro Inc.)
S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [158224 2010-05-18] (Trend Micro Inc.)
S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.)
S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)
S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 Atdisk; No ImagePath
S1 Changer; No ImagePath
S1 lbrtfdc; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 Simbad; No ImagePath
S3 WDICA; No ImagePath
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST
2013-04-21 10:32 - 2013-04-21 11:23 - 00006208 ____A C:\Windows\setupapi.log
2013-04-17 13:24 - 2013-04-21 14:07 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini
2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$

==================== One Month Modified Files and Folders ========

2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST
2013-04-22 03:52 - 2010-06-09 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-04-22 03:52 - 2008-04-25 17:32 - 00032570 ____A C:\Windows\SchedLgU.Txt
2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-04-22 03:52 - 2008-04-25 17:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-22 03:52 - 2008-04-25 17:28 - 01061630 ____A C:\Windows\WindowsUpdate.log
2013-04-22 03:52 - 2008-04-25 05:25 - 00000275 ____A C:\Windows\wiadebug.log
2013-04-22 03:52 - 2008-04-25 05:25 - 00000050 ____A C:\Windows\wiaservc.log
2013-04-21 14:08 - 2011-01-04 10:48 - 00233788 ____A C:\Windows\System32\TmInstall.log
2013-04-21 14:07 - 2013-04-17 13:24 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini
2013-04-21 14:07 - 2008-04-25 12:16 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-04-21 14:06 - 2011-01-05 11:17 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3915953210-1411050872-365619372-1007.job
2013-04-21 14:06 - 2010-07-14 06:49 - 00000236 ____A C:\Windows\Tasks\OGALogon.job
2013-04-21 14:06 - 2008-11-19 11:45 - 00000062 __ASH C:\Documents and Settings\Anyone\Local Settings\desktop.ini
2013-04-21 14:00 - 2011-01-04 10:52 - 00000031 ____A C:\tmuninst.ini
2013-04-21 11:23 - 2013-04-21 10:32 - 00006208 ____A C:\Windows\setupapi.log
2013-04-21 08:24 - 2012-03-13 06:27 - 00000000 __SHD C:\Windows\CSC
2013-04-17 14:16 - 2008-11-19 11:45 - 00000278 __SHC C:\Documents and Settings\Anyone\ntuser.ini
2013-04-17 13:20 - 2011-01-05 11:17 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915953210-1411050872-365619372-1007.job
2013-04-16 08:33 - 2009-01-05 12:31 - 00000000 ____D C:\Program Files\EasyCert
2013-04-16 03:26 - 2012-08-20 10:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-16 03:26 - 2012-08-20 10:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-15 11:09 - 2009-05-06 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2013-04-11 04:21 - 2008-04-25 05:21 - 00273376 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-04-11 04:05 - 2010-07-14 06:52 - 00000000 ____D C:\Windows\ie8updates
2013-04-11 04:05 - 2008-10-20 13:29 - 00000000 ___HD C:\Windows\$hf_mig$
2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-04-11 04:01 - 2008-10-25 09:30 - 70490256 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-04-04 09:50 - 2012-08-20 10:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-03 02:42 - 2008-04-25 05:22 - 00573294 ___AC C:\Windows\System32\PerfStringBackup.INI

==================== Known DLLs (ALL) =========================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-14 05:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP999

RP: -> 2013-04-13 04:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP998

RP: -> 2013-04-12 04:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP997

RP: -> 2013-04-11 04:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP996

RP: -> 2013-04-10 09:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP995

RP: -> 2013-04-09 09:11 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP994

RP: -> 2013-04-08 07:21 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP993

RP: -> 2013-04-07 06:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP992

RP: -> 2013-04-06 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP991

RP: -> 2013-04-05 04:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP990

RP: -> 2013-04-04 04:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP989

RP: -> 2013-04-03 02:58 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP988

RP: -> 2013-03-30 10:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP987

RP: -> 2013-03-29 10:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP986

RP: -> 2013-03-28 09:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP985

RP: -> 2013-03-27 08:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP984

RP: -> 2013-03-26 08:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP983

RP: -> 2013-03-25 07:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP982

RP: -> 2013-03-24 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP981

RP: -> 2013-03-23 05:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP980

RP: -> 2013-03-22 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP979

RP: -> 2013-03-21 11:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP978

RP: -> 2013-03-20 10:26 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP977

RP: -> 2013-03-19 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP976

RP: -> 2013-03-18 08:10 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP975

RP: -> 2013-03-17 06:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP974

RP: -> 2013-03-16 06:01 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP973

RP: -> 2013-03-15 05:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP972

RP: -> 2013-03-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP971

RP: -> 2013-03-13 17:54 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP970

RP: -> 2013-03-12 15:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP969

RP: -> 2013-03-11 14:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP968

RP: -> 2013-03-10 13:13 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP967

RP: -> 2013-03-09 12:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP966

RP: -> 2013-03-08 11:37 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP965

RP: -> 2013-03-06 16:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP964

RP: -> 2013-03-05 15:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP963

RP: -> 2013-03-04 15:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP962

RP: -> 2013-03-03 12:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP961

RP: -> 2013-03-02 12:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP960

RP: -> 2013-03-01 11:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP959

RP: -> 2013-02-28 11:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP958

RP: -> 2013-02-27 10:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP957

RP: -> 2013-02-25 14:34 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP956

RP: -> 2013-02-24 14:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP955

RP: -> 2013-02-23 13:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954

RP: -> 2013-02-22 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP953

RP: -> 2013-02-21 12:56 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP952

RP: -> 2013-02-20 11:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP951

RP: -> 2013-02-19 10:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP950

RP: -> 2013-02-18 09:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP949

RP: -> 2013-02-17 08:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP948

RP: -> 2013-02-16 06:03 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP947

RP: -> 2013-02-15 05:28 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP946

RP: -> 2013-02-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP945

RP: -> 2013-02-13 15:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP944

RP: -> 2013-02-12 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP943

RP: -> 2013-02-11 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP942

RP: -> 2013-02-10 09:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP941

RP: -> 2013-02-09 08:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP940

RP: -> 2013-02-08 06:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP939

RP: -> 2013-02-07 05:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP938

RP: -> 2013-02-06 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP937

RP: -> 2013-02-05 04:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP936

RP: -> 2013-02-01 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP935

RP: -> 2013-01-31 04:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP934

RP: -> 2013-01-29 20:47 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP933

RP: -> 2013-01-28 19:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP932

RP: -> 2013-01-27 18:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP931

RP: -> 2013-01-26 17:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP930

RP: -> 2013-01-25 17:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP929

RP: -> 2013-01-24 16:46 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP928

RP: -> 2013-01-23 16:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP927

RP: -> 2013-01-22 15:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP926

RP: -> 2013-01-22 13:52 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP925

RP: -> 2013-04-17 08:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1002

RP: -> 2013-04-16 07:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1001

RP: -> 2013-04-15 06:59 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1000


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 1982.36 MB
Available physical RAM: 1712.07 MB
Total Pagefile: 1813.46 MB
Available Pagefile: 1742.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.54 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:148.93 GB) (Free:105.03 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.88 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 78 MB 32 KB
Partition 2 Primary 149 GB 78 MB
==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 78 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 149 GB Healthy
=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Active) - (Size=149 GB) - (Type=07) (NTFS)

====================================================================
Disk: 1 (Size: 15 GB) (Disk ID: 8E9D0B2D)

Partition 1: (Active) - (Size=15 GB) - (Type=0B)

==================== End Of Log ============================

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.23.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Anyone :: D6M2H04J [administrator]

23/04/2013 11:35:23
mbar-log-2013-04-23 (11-35-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26805
Time elapsed: 40 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD|CDBurn (Hijack.Trojan.Siredef.C) -> Data: {fbeb8a05-beee-4442-804e-409d6c4515e9} -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3\U (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3\U (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3\L (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3\L (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3 (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 1
c:\Documents and Settings\Anyone\Local Settings\Temp\clljqg (Spyware.Zbot.USBV) -> Delete on reboot.

(end)


Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.23.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Anyone :: D6M2H04J [administrator]

23/04/2013 12:18:13
mbar-log-2013-04-23 (12-18-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26782
Time elapsed: 35 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.705000 GHz
Memory total: 2078650368, free: 1323065344

------------ Kernel report ------------
04/23/2013 10:53:53
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
nvraid.sys
\WINDOWS\system32\drivers\CLASSPNP.SYS
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\drivers\SCSIPORT.SYS
nvatabus.sys
disk.sys
fltMgr.sys
sr.sys
DLACDBHM.SYS
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdPPM.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\System32\Drivers\cdrbsdrv.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\seehcri.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\TM_CFW.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\pmxusblf.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\pmxmouse.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
\??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
\??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\Drivers\DLADResM.SYS
\SystemRoot\System32\Drivers\DLAIFS_M.SYS
\SystemRoot\System32\Drivers\DLAOPIOM.SYS
\SystemRoot\System32\Drivers\DLAPoolM.SYS
\SystemRoot\System32\Drivers\DLABMFSM.SYS
\SystemRoot\System32\Drivers\DLABOIOM.SYS
\SystemRoot\System32\Drivers\DLAUDFAM.SYS
\SystemRoot\System32\Drivers\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\tmcomm.sys
\??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
\WINDOWS\system32\smss.exe
\WINDOWS\system32\autochk.exe
\WINDOWS\system32\sfcfiles.dll
\WINDOWS\system32\csrss.exe
\WINDOWS\system32\csrsrv.dll
\WINDOWS\system32\basesrv.dll
\WINDOWS\system32\winsrv.dll
\WINDOWS\system32\gdi32.dll
\WINDOWS\system32\kernel32.dll
\WINDOWS\system32\user32.dll
\WINDOWS\system32\advapi32.dll
\WINDOWS\system32\rpcrt4.dll
\WINDOWS\system32\secur32.dll
\WINDOWS\system32\authz.dll
\WINDOWS\system32\msvcrt.dll
\WINDOWS\system32\crypt32.dll
\WINDOWS\system32\msasn1.dll
\WINDOWS\system32\nddeapi.dll
\WINDOWS\system32\profmap.dll
\WINDOWS\system32\netapi32.dll
\WINDOWS\system32\userenv.dll
\WINDOWS\system32\psapi.dll
\WINDOWS\system32\regapi.dll
\WINDOWS\system32\setupapi.dll
\WINDOWS\system32\version.dll
\WINDOWS\system32\winsta.dll
\WINDOWS\system32\wintrust.dll
\WINDOWS\system32\imagehlp.dll
\WINDOWS\system32\ws2_32.dll
\WINDOWS\system32\ws2help.dll
\WINDOWS\system32\imm32.dll
\WINDOWS\system32\kbduk.dll
\WINDOWS\system32\msgina.dll
\WINDOWS\system32\comctl32.dll
\WINDOWS\system32\odbc32.dll
\WINDOWS\system32\comdlg32.dll
\WINDOWS\system32\shell32.dll
\WINDOWS\system32\shlwapi.dll
\WINDOWS\system32\sxs.dll
\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
\WINDOWS\system32\shsvcs.dll
\WINDOWS\system32\sfc.dll
\WINDOWS\system32\sfc_os.dll
\WINDOWS\system32\ole32.dll
\WINDOWS\system32\apphelp.dll
\WINDOWS\system32\lsasrv.dll
\WINDOWS\system32\mpr.dll
\WINDOWS\system32\ntdsapi.dll
\WINDOWS\system32\dnsapi.dll
\WINDOWS\system32\wldap32.dll
\WINDOWS\system32\samlib.dll
\WINDOWS\system32\samsrv.dll
\WINDOWS\system32\cryptdll.dll
\WINDOWS\system32\shimeng.dll
\WINDOWS\AppPatch\AcGenral.dll
\WINDOWS\system32\winmm.dll
\WINDOWS\system32\oleaut32.dll
\WINDOWS\system32\msacm32.dll
\WINDOWS\system32\uxtheme.dll
\WINDOWS\system32\msapsspc.dll
\WINDOWS\system32\msvcrt40.dll
\WINDOWS\system32\schannel.dll
\WINDOWS\system32\ncobjapi.dll
\WINDOWS\system32\msvcp60.dll
\WINDOWS\system32\scesrv.dll
\WINDOWS\system32\umpnpmgr.dll
\WINDOWS\AppPatch\AcAdProc.dll
\WINDOWS\system32\digest.dll
\WINDOWS\system32\msnsspc.dll
\WINDOWS\system32\MSCTFIME.IME
\WINDOWS\system32\kerberos.dll
\WINDOWS\system32\msv1_0.dll
\WINDOWS\system32\iphlpapi.dll
\WINDOWS\system32\netlogon.dll
\WINDOWS\system32\w32time.dll
\WINDOWS\system32\wdigest.dll
\WINDOWS\system32\rsaenh.dll
\WINDOWS\system32\winscard.dll
\WINDOWS\system32\wtsapi32.dll
\WINDOWS\system32\scecli.dll
\WINDOWS\system32\ntmarta.dll
\WINDOWS\system32\rpcss.dll
\WINDOWS\system32\eventlog.dll
\WINDOWS\system32\mswsock.dll
\WINDOWS\system32\hnetcfg.dll
\WINDOWS\system32\wshtcpip.dll
\WINDOWS\system32\winrnr.dll
\Program Files\Bonjour\mdnsNSP.dll
\WINDOWS\system32\rasadhlp.dll
\WINDOWS\system32\dhcpcsvc.dll
\WINDOWS\system32\dnsrslvr.dll
\WINDOWS\system32\lmhsvc.dll
\WINDOWS\system32\wzcsvc.dll
\WINDOWS\system32\rtutils.dll
\WINDOWS\system32\wmi.dll
\WINDOWS\system32\eapolqec.dll
\WINDOWS\system32\atl.dll
\WINDOWS\system32\qutil.dll
\WINDOWS\system32\dot3api.dll
\WINDOWS\system32\esent.dll
\WINDOWS\system32\clbcatq.dll
\WINDOWS\system32\comres.dll
\WINDOWS\system32\rastls.dll
\WINDOWS\system32\cryptui.dll
\WINDOWS\system32\wininet.dll
\WINDOWS\system32\urlmon.dll
\WINDOWS\system32\iertutil.dll
\WINDOWS\system32\mprapi.dll
\WINDOWS\system32\activeds.dll
\WINDOWS\system32\adsldpc.dll
\WINDOWS\system32\cscdll.dll
\WINDOWS\system32\dimsntfy.dll
\WINDOWS\system32\LMIinit.dll
\WINDOWS\system32\rasapi32.dll
\WINDOWS\system32\rasman.dll
\WINDOWS\system32\tapi32.dll
\WINDOWS\system32\riched20.dll
\WINDOWS\system32\raschap.dll
\WINDOWS\system32\schedsvc.dll
\WINDOWS\system32\wlnotify.dll
\WINDOWS\system32\winspool.drv
\WINDOWS\system32\msxml3.dll
\WINDOWS\system32\msidle.dll
\WINDOWS\system32\audiosrv.dll
\WINDOWS\system32\wkssvc.dll
\WINDOWS\system32\webclnt.dll
\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
\WINDOWS\system32\wsock32.dll
\WINDOWS\system32\cfgmgr32.dll
\WINDOWS\system32\qmgr.dll
\WINDOWS\system32\shfolder.dll
\WINDOWS\system32\winhttp.dll
\WINDOWS\system32\cryptsvc.dll
\WINDOWS\system32\certcli.dll
\WINDOWS\system32\dmserver.dll
\WINDOWS\system32\ersvc.dll
\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
\WINDOWS\system32\es.dll
\WINDOWS\system32\hidserv.dll
\WINDOWS\system32\hid.dll
\Program Files\Java\jre6\bin\msvcr71.dll
\WINDOWS\system32\pdh.dll
\WINDOWS\system32\odbcbcp.dll
\WINDOWS\system32\netman.dll
\WINDOWS\system32\netshell.dll
\WINDOWS\system32\credui.dll
\WINDOWS\system32\dot3dlg.dll
\WINDOWS\system32\onex.dll
\WINDOWS\system32\eappcfg.dll
\WINDOWS\system32\eappprxy.dll
\WINDOWS\system32\wzcsapi.dll
\WINDOWS\system32\srvsvc.dll
\WINDOWS\system32\msi.dll
\WINDOWS\system32\spoolss.dll
\WINDOWS\system32\localspl.dll
\WINDOWS\system32\cnbjmon.dll
\WINDOWS\system32\CNMLM81.DLL
\WINDOWS\system32\snmpapi.dll
\WINDOWS\system32\inetmib1.dll
\WINDOWS\system32\CNCF2Ld.DLL
\WINDOWS\system32\rassapi.dll
\WINDOWS\system32\LMIport.dll
\WINDOWS\system32\fxsmon.dll
\WINDOWS\system32\fxsevent.dll
\WINDOWS\system32\pjlmon.dll
\WINDOWS\system32\tcpmon.dll
\WINDOWS\system32\tcpmib.dll
\WINDOWS\system32\mgmtapi.dll
\WINDOWS\system32\wsnmp32.dll
\WINDOWS\system32\usbmon.dll
\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL
\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
\WINDOWS\system32\ieframe.dll
\WINDOWS\system32\win32spl.dll
\WINDOWS\system32\netrap.dll
\WINDOWS\system32\inetpp.dll
\WINDOWS\system32\perfos.dll
\WINDOWS\system32\perfdisk.dll
\WINDOWS\system32\loadperf.dll
\Program Files\Trend Micro\Client Server Security Agent\TimeString.dll
\Program Files\Trend Micro\Client Server Security Agent\OfcPIPC.dll
\Program Files\Trend Micro\Client Server Security Agent\OfcPlugInAPI.dll
\Program Files\Trend Micro\Client Server Security Agent\OfcDog.dll
\Program Files\Java\jre6\bin\awt.dll
\Program Files\Java\jre6\bin\client\jvm.dll
\Program Files\Java\jre6\bin\dcpr.dll
\Program Files\Java\jre6\bin\deploy.dll
\Program Files\Java\jre6\bin\fontmanager.dll
\WINDOWS\system32\powrprof.dll
\WINDOWS\system32\ipsecsvc.dll
\WINDOWS\system32\oakley.dll
\WINDOWS\system32\winipsec.dll
\WINDOWS\system32\pstorsvc.dll
\WINDOWS\system32\psbase.dll
\WINDOWS\system32\oleacc.dll
\WINDOWS\system32\regsvc.dll
\WINDOWS\system32\seclogon.dll
\WINDOWS\system32\srsvc.dll
\WINDOWS\system32\dssenh.dll
\WINDOWS\system32\sens.dll
\WINDOWS\system32\wiaservc.dll
\WINDOWS\system32\mscms.dll
\WINDOWS\system32\tapisrv.dll
\WINDOWS\system32\termsrv.dll
\WINDOWS\system32\icaapi.dll
\WINDOWS\system32\mstlsapi.dll
\WINDOWS\system32\trkwks.dll
\WINDOWS\system32\wbem\wmisvc.dll
\WINDOWS\system32\vssapi.dll
\WINDOWS\system32\fxstiff.dll
\WINDOWS\system32\wuauserv.dll
\WINDOWS\system32\fxsapi.dll
\WINDOWS\system32\wuaueng.dll
\WINDOWS\system32\cabinet.dll
\WINDOWS\system32\mspatcha.dll
\WINDOWS\system32\browser.dll
\WINDOWS\system32\comsvcs.dll
\WINDOWS\system32\colbact.dll
\WINDOWS\system32\mtxclu.dll
\WINDOWS\system32\clusapi.dll
\WINDOWS\system32\resutils.dll
\Program Files\Java\jre6\bin\hpi.dll
\Program Files\Java\jre6\bin\java.dll
\WINDOWS\system32\security.dll
\WINDOWS\system32\wups.dll
\WINDOWS\system32\wups2.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilCommon.dll
\Program Files\Java\jre6\bin\jp2native.dll
\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilDllMgr.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilThread.dll
\WINDOWS\system32\fxst30.dll
\WINDOWS\system32\fxsroute.dll
\WINDOWS\system32\unimdm.tsp
\WINDOWS\system32\uniplat.dll
\Program Files\Trend Micro\Client Server Security Agent\TmSock.dll
\Program Files\Trend Micro\Client Server Security Agent\loadhttp.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilRPC.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilAccessControl.dll
\WINDOWS\system32\wuapi.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilIPC.dll
\Program Files\Trend Micro\Client Server Security Agent\PWD.dll
\WINDOWS\system32\wdmaud.drv
\WINDOWS\system32\kmddsp.tsp
\WINDOWS\system32\ndptsp.tsp
\WINDOWS\system32\ipconf.tsp
\WINDOWS\system32\h323.tsp
\WINDOWS\system32\hidphone.tsp
\WINDOWS\system32\upnp.dll
\WINDOWS\system32\ssdpapi.dll
\WINDOWS\system32\cryptnet.dll
\WINDOWS\system32\sensapi.dll
\WINDOWS\system32\msacm32.drv
\WINDOWS\system32\midimap.dll
\WINDOWS\system32\rasmans.dll
\WINDOWS\system32\netcfgx.dll
\Program Files\Java\jre6\bin\jpeg.dll
\WINDOWS\system32\actxprxy.dll
\Program Files\Java\jre6\bin\net.dll
\Program Files\Java\jre6\bin\nio.dll
\Program Files\Trend Micro\Client Server Security Agent\NTSvcRes.dll
\Program Files\Trend Micro\Client Server Security Agent\OfcPlugInMain.dll
\Program Files\Trend Micro\Client Server Security Agent\OfcPluginTray.dll
\WINDOWS\system32\dsound.dll
\WINDOWS\system32\mscoree.dll
\WINDOWS\system32\ksuser.dll
\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
\WINDOWS\system32\msscntrs.dll
\PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL
\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
\WINDOWS\system32\pschdprf.dll
\WINDOWS\system32\traffic.dll
\WINDOWS\system32\rasctrs.dll
\WINDOWS\system32\rsvpperf.dll
\WINDOWS\system32\tapiperf.dll
\WINDOWS\system32\wbem\wbemprox.dll
\WINDOWS\system32\wbem\wbemcomn.dll
\WINDOWS\system32\wbem\wbemcore.dll
\WINDOWS\system32\wbem\esscli.dll
\WINDOWS\system32\wbem\fastprox.dll
\WINDOWS\system32\wbem\wbemsvc.dll
\WINDOWS\system32\wbem\wmiutils.dll
\WINDOWS\system32\wbem\repdrvfs.dll
\WINDOWS\system32\wbem\wmiprvsd.dll
\Program Files\Java\jre6\bin\regutils.dll
\Program Files\Java\jre6\bin\verify.dll
\Program Files\Java\jre6\bin\zip.dll
\WINDOWS\system32\wbem\wbemess.dll
\WINDOWS\system32\wbem\cimwin32.dll
\WINDOWS\system32\wbem\framedyn.dll
\WINDOWS\system32\dbghelp.dll
\WINDOWS\system32\crtdll.dll
\WINDOWS\system32\query.dll
\WINDOWS\system32\xmllite.dll
\Program Files\Trend Micro\Client Server Security Agent\TmUpdate.dll
\WINDOWS\system32\perfproc.dll
\WINDOWS\system32\cscui.dll
\WINDOWS\system32\dpcdll.dll
\WINDOWS\system32\browseui.dll
\WINDOWS\system32\shdocvw.dll
\WINDOWS\system32\desk.cpl
\WINDOWS\system32\themeui.dll
\WINDOWS\system32\msimg32.dll
\WINDOWS\system32\licwmi.dll
\WINDOWS\system32\licdll.dll
\WINDOWS\system32\msxml6.dll
\Program Files\Trend Micro\Client Server Security Agent\ssapi32.dll
\WINDOWS\system32\occache.dll
\WINDOWS\system32\ssdpsrv.dll
\WINDOWS\system32\linkinfo.dll
\WINDOWS\system32\ntshrui.dll
\WINDOWS\system32\httpapi.dll
\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
\WINDOWS\system32\mlang.dll
\WINDOWS\system32\rastapi.dll
\WINDOWS\system32\stobject.dll
\WINDOWS\system32\batmeter.dll
\WINDOWS\system32\WPDShServiceObj.dll
\WINDOWS\system32\mydocs.dll
\WINDOWS\system32\rasppp.dll
\WINDOWS\system32\wbem\wmipcima.dll
\WINDOWS\system32\ntlsapi.dll
\WINDOWS\system32\rasqec.dll
\WINDOWS\system32\PortableDeviceTypes.dll
\WINDOWS\system32\mfc42u.dll
\WINDOWS\system32\PortableDeviceApi.dll
\WINDOWS\system32\oledlg.dll
\WINDOWS\system32\riched32.dll
\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll
\WINDOWS\system32\mfc42.dll
\WINDOWS\system32\w3ssl.dll
\WINDOWS\system32\strmfilt.dll
\WINDOWS\system32\msvfw32.dll
\Program Files\Common Files\ArcSoft\Connection Service\Bin\msvcp60.dll
\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
\WINDOWS\system32\MSCTF.dll
\WINDOWS\system32\msutb.dll
\WINDOWS\system32\msisip.dll
\WINDOWS\system32\wshext.dll
\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
\Program Files\Trend Micro\Client Server Security Agent\NTMonRes_en.dll
\WINDOWS\system32\icm32.dll
\WINDOWS\system32\rasdlg.dll
\WINDOWS\ime\SPTIP.dll
\WINDOWS\system32\avifil32.dll
\WINDOWS\system32\mslbui.dll
\WINDOWS\system32\mssph.dll
\WINDOWS\system32\mapi32.dll
\Program Files\Outlook Express\msoe.dll
\WINDOWS\system32\msoert2.dll
\WINDOWS\system32\msoeacct.dll
\WINDOWS\system32\inetcomm.dll
\WINDOWS\system32\fxsst.dll
\WINDOWS\system32\msident.dll
\WINDOWS\system32\pstorec.dll
\Program Files\Common Files\System\directdb.dll
\WINDOWS\system32\wbem\wmiprov.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilNetwork.dll
\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilSecurity.dll
\WINDOWS\system32\drprov.dll
\WINDOWS\system32\ntlanman.dll
\WINDOWS\system32\netui0.dll
\WINDOWS\system32\netui1.dll
\WINDOWS\system32\davclnt.dll
\Program Files\Trend Micro\Client Server Security Agent\TmProxy.dll
\PROGRA~1\TRENDM~1\CLIENT~1\tmufeng.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmpxCfg.dll
\Program Files\Trend Micro\Client Server Security Agent\tmtdi.dll
\Program Files\Trend Micro\Client Server Security Agent\TmsmIm.dll
\Program Files\Trend Micro\Client Server Security Agent\TmpePDP.dll
\Program Files\Trend Micro\Client Server Security Agent\tmcfscan.dll
\Program Files\Trend Micro\Client Server Security Agent\TmphAim.dll
\Program Files\Trend Micro\Client Server Security Agent\TmsmHttp.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmpeVS.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmpeUrlF.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmphHttp.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmphIcq.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmphMsn.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmsmMail.dll
\Program Files\Trend Micro\Client Server Security Agent\TmMsg.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmphPop3.dll
\PROGRA~1\TRENDM~1\CLIENT~1\TmphYmsg.dll
\Program Files\Trend Micro\Client Server Security Agent\TmPfwApi.dll
\Program Files\Trend Micro\Client Server Security Agent\TmPfwCtl.dll
\Program Files\Trend Micro\Client Server Security Agent\tmCfwApi.dll
\Program Files\Trend Micro\Client Server Security Agent\tmHash.dll
\Program Files\Trend Micro\Client Server Security Agent\TmPfwRul.dll
\WINDOWS\system32\wbem\ncprov.dll
\WINDOWS\system32\wbem\wbemcons.dll
\WINDOWS\system32\advpack.dll
\Program Files\Trend Micro\Client Server Security Agent\tmdbg20.dll
\Program Files\Trend Micro\Client Server Security Agent\tmuninst.dll
\WINDOWS\AppPatch\aclayers.dll
\Program Files\Internet Explorer\xpshims.dll
\Program Files\Internet Explorer\ieproxy.dll
\WINDOWS\system32\MSIMTF.dll
\WINDOWS\system32\msfeeds.dll
\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
\Program Files\Java\jre6\bin\jp2ssv.dll
\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
\WINDOWS\system32\usp10.dll
\WINDOWS\system32\mshtml.dll
\WINDOWS\system32\jscript.dll
\WINDOWS\system32\iepeers.dll
\WINDOWS\system32\dxtrans.dll
\WINDOWS\system32\ddraw.dll
\WINDOWS\system32\dciman32.dll
\WINDOWS\system32\dxtmsft.dll
\WINDOWS\system32\imgutil.dll
\WINDOWS\system32\pngfilt.dll
\WINDOWS\system32\langwrbk.dll
\WINDOWS\system32\infosoft.dll
\WINDOWS\system32\d3dim700.dll
\WINDOWS\system32\winshfhc.dll
\WINDOWS\system32\WMVCore.dll
\WINDOWS\system32\wmasf.dll
\WINDOWS\system32\zipfldr.dll
\WINDOWS\system32\duser.dll
\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
\WINDOWS\system32\WpdShext.dll
\WINDOWS\system32\shgina.dll
\WINDOWS\system32\audiodev.dll
\WINDOWS\system32\wiashext.dll
\WINDOWS\system32\sti.dll
\WINDOWS\system32\qmgrprxy.dll
\WINDOWS\system32\mstask.dll
\WINDOWS\system32\sendmail.dll
\WINDOWS\system32\vbscript.dll
\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\Program Files\Microsoft Office\OFFICE11\1033\SRINTL.DLL
\Program Files\Common Files\Microsoft Shared\OFFICE11\RICHED20.DLL
\Program Files\ScanSoft\OmniPageSE4\OfficeAddInSE4.dll
\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR8Z.DLL
\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI8Z.DLL
\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP8Z.DLL
\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL
\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\STINTL.DLL
\Documents and Settings\Anyone\Desktop\mbar-1.05.0.1001\mbar\msvcp100.dll
\Documents and Settings\Anyone\Desktop\mbar-1.05.0.1001\mbar\msvcr100.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a8f09c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port0Path0Target0Lun0\
Lower Device Object: 0xffffffff8a844030
Lower Device Driver Name: \Driver\nvgts\
Driver name found: nvgts
Initialization returned 0x0
Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.23.02
Downloaded database version: v2013.04.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a8f09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a8f0798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a8f09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a8c4720, DeviceName: \Device\0000006a\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a844030, DeviceName: \Device\Scsi\nvgts1Port0Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe16905c0, 0xffffffff8a8f09c0, 0xffffffff89c8f040
Lower DeviceData: 0xffffffffe188cb80, 0xffffffff8a844030, 0xffffffff89c16c98
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_OPT_740.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ABP480N5.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adpu160m.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGPCPQ.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aha154x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aic78u2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aic78xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\aliide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ALIM1541.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AMDAGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amsint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc3350p.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hpn.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\i2omp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ini910u.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\BrScnUsb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cd20xrnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cmdide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqarray.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dac2w2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dac960nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\DLACDBHM.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dpti2o.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\DRVMCDB.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fltMgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mraid35x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSKSSRV.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSPCLOCK.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\MSPQM.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nvatabus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nvraid.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asc3550.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\perc2hib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pxhelp20.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1080.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql10wnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql12160.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1240.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ql1280.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816cm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816cmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816cr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816mdfl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816mdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816mgmt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816nd5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816obex.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816unic.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816wh.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s816whnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\SISAGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sparrow.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\symc810.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\symc8xx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sym_hi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sym_u3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\toside.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ultra.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbscan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\VIAAGP.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A42D04A3

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 160587

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 160650 Numsec = 312335730
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)
Read Fil

 

[Sparks]

Hi Fiery,

Here are the TDSS killer files

Thanks alot.

Sparks

 

[Fiery]

Hi,

Can you boot into OTLPE again but this time:

• 
  While in OTLPE, double click the OTLPE icon.
  
• Select the Windows folder of the infected drive if it asks for a location.
• When asked Do you wish to load the remote registry, select Yes.
• When asked Do you wish to load remote user profile(s) for scanning, select Yes.
• Ensure the box Automatically Load All Remaining Users is checked and press OK.
• OTL should now start
• Check the boxes beside LOP Check and Purity Check
• Press the Run Scan button
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to a USB drive if you do not have internet connection on the system.
• Please attach the content of OTL.txt in your next reply.