Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

No Internet Access Infected With XP Antivirus 2012

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

No Internet Access Infected With XP Antivirus 2012

Unread postby InfoGeek » January 12th, 2012, 3:25 pm

Hello To All Members,
Try to run DDS scan no logfile/report on computer. Computer freezes up when trying to scan

allso mouse will not work. I have no antivirus on computer, nothing install that can block

the scan. Allso there are strange sounds coming from my computer when scanning. So i ran 3

other scans list blow are the results. Please help me to remove this malware from my

computer. I'am infected with fake xp antivirus 2012. Please help me to remove this malware

from my computer. Thank You.

11:03:39.0859 2556 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
11:03:39.0875 2556 ============================================================
11:03:39.0875 2556 Current date / time: 2012/01/12 11:03:39.0875
11:03:39.0875 2556 SystemInfo:
11:03:39.0875 2556
11:03:39.0875 2556 OS Version: 5.1.2600 ServicePack: 3.0
11:03:39.0875 2556 Product type: Workstation
11:03:39.0875 2556 ComputerName: SAM-CCA40D27B71
11:03:39.0875 2556 UserName: sam
11:03:39.0875 2556 Windows directory: C:\WINDOWS
11:03:39.0875 2556 System windows directory: C:\WINDOWS
11:03:39.0875 2556 Processor architecture: Intel x86
11:03:39.0875 2556 Number of processors: 1
11:03:39.0875 2556 Page size: 0x1000
11:03:39.0875 2556 Boot type: Normal boot
11:03:39.0875 2556 ============================================================
11:03:41.0796 2556 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000, SectorSize: 0x200,

Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags

0x00000054
11:03:41.0796 2556 Drive \Device\Harddisk1\DR2 - Size: 0xEEE00000, SectorSize: 0x200,

Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:03:41.0890 2556 Initialize success
11:04:11.0968 3156 ============================================================
11:04:11.0968 3156 Scan started
11:04:11.0968 3156 Mode: Manual; SigCheck; TDLFS;
11:04:11.0968 3156 ============================================================
11:04:12.0250 3156 Abiosdsk - ok
11:04:12.0265 3156 abp480n5 - ok
11:04:12.0343 3156 ACPI (8fd99680a539792a30e97944fdaecf17)

C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:04:14.0281 3156 ACPI - ok
11:04:14.0390 3156 ACPIEC (9859c0f6936e723e4892d7141b1327d5)

C:\WINDOWS\system32\drivers\ACPIEC.sys
11:04:14.0546 3156 ACPIEC - ok
11:04:14.0546 3156 adpu160m - ok
11:04:14.0593 3156 aec (8bed39e3c35d6a489438b8141717a557)

C:\WINDOWS\system32\drivers\aec.sys
11:04:14.0750 3156 aec - ok
11:04:14.0812 3156 AFD (1e44bc1e83d8fd2305f8d452db109cf9)

C:\WINDOWS\System32\drivers\afd.sys
11:04:14.0875 3156 AFD - ok
11:04:14.0890 3156 Aha154x - ok
11:04:14.0921 3156 aic78u2 - ok
11:04:14.0937 3156 aic78xx - ok
11:04:14.0953 3156 AliIde - ok
11:04:14.0984 3156 amsint - ok
11:04:15.0046 3156 ApfiltrService (090880e9bf20f928bc341f96d27c019e)

C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:04:15.0109 3156 ApfiltrService - ok
11:04:15.0203 3156 APPDRV (ec94e05b76d033b74394e7b2175103cf)

C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
11:04:15.0234 3156 APPDRV ( UnsignedFile.Multi.Generic ) - warning
11:04:15.0234 3156 APPDRV - detected UnsignedFile.Multi.Generic (1)
11:04:15.0250 3156 asc - ok
11:04:15.0265 3156 asc3350p - ok
11:04:15.0281 3156 asc3550 - ok
11:04:15.0343 3156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc)

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:04:15.0546 3156 AsyncMac - ok
11:04:15.0609 3156 atapi (9f3a2f5aa6875c72bf062c712cfa2674)

C:\WINDOWS\system32\DRIVERS\atapi.sys
11:04:15.0843 3156 atapi - ok
11:04:15.0890 3156 Atdisk - ok
11:04:15.0921 3156 Atmarpc (9916c1225104ba14794209cfa8012159)

C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:04:16.0062 3156 Atmarpc - ok
11:04:16.0140 3156 audstub (d9f724aa26c010a217c97606b160ed68)

C:\WINDOWS\system32\DRIVERS\audstub.sys
11:04:16.0281 3156 audstub - ok
11:04:16.0343 3156 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9)

C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:04:16.0390 3156 b57w2k - ok
11:04:16.0437 3156 BASFND (3d87b0484be1093c6614062701f375c5)

C:\WINDOWS\system32\Drivers\BASFND.sys
11:04:16.0453 3156 BASFND ( UnsignedFile.Multi.Generic ) - warning
11:04:16.0453 3156 BASFND - detected UnsignedFile.Multi.Generic (1)
11:04:16.0515 3156 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37)

C:\WINDOWS\system32\Drivers\BCOREUSB.sys
11:04:16.0515 3156 BCOREUSB ( UnsignedFile.Multi.Generic ) - warning
11:04:16.0515 3156 BCOREUSB - detected UnsignedFile.Multi.Generic (1)
11:04:16.0578 3156 Beep (da1f27d85e0d1525f6621372e7b685e9)

C:\WINDOWS\system32\drivers\Beep.sys
11:04:16.0937 3156 Beep - ok
11:04:16.0984 3156 BthEnum (b279426e3c0c344893ed78a613a73bde)

C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:04:17.0140 3156 BthEnum - ok
11:04:17.0187 3156 BthPan (80602b8746d3738f5886ce3d67ef06b6)

C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:04:17.0359 3156 BthPan - ok
11:04:17.0437 3156 BTHPORT (662bfd909447dd9cc15b1a1c366583b4)

C:\WINDOWS\system32\Drivers\BTHport.sys
11:04:17.0562 3156 BTHPORT - ok
11:04:17.0609 3156 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa)

C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:04:17.0781 3156 BTHUSB - ok
11:04:17.0796 3156 bvrp_pci - ok
11:04:17.0843 3156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9)

C:\WINDOWS\system32\drivers\cbidf2k.sys
11:04:18.0078 3156 cbidf2k - ok
11:04:18.0093 3156 cd20xrnt - ok
11:04:18.0156 3156 Cdaudio (c1b486a7658353d33a10cc15211a873b)

C:\WINDOWS\system32\drivers\Cdaudio.sys
11:04:18.0281 3156 Cdaudio - ok
11:04:18.0328 3156 Cdfs (c885b02847f5d2fd45a24e219ed93b32)

C:\WINDOWS\system32\drivers\Cdfs.sys
11:04:18.0468 3156 Cdfs - ok
11:04:18.0515 3156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe)

C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:04:18.0656 3156 Cdrom - ok
11:04:18.0671 3156 cerc6 - ok
11:04:18.0687 3156 Changer - ok
11:04:18.0750 3156 CmBatt (0f6c187d38d98f8df904589a5f94d411)

C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:04:18.0906 3156 CmBatt - ok
11:04:18.0921 3156 CmdIde - ok
11:04:18.0937 3156 Compbatt (6e4c9f21f0fae8940661144f41b13203)

C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:04:19.0093 3156 Compbatt - ok
11:04:19.0125 3156 Cpqarray - ok
11:04:19.0140 3156 dac2w2k - ok
11:04:19.0156 3156 dac960nt - ok
11:04:19.0187 3156 Disk (044452051f3e02e7963599fc8f4f3e25)

C:\WINDOWS\system32\DRIVERS\disk.sys
11:04:19.0328 3156 Disk - ok
11:04:19.0421 3156 dmboot (d992fe1274bde0f84ad826acae022a41)

C:\WINDOWS\system32\drivers\dmboot.sys
11:04:19.0703 3156 dmboot - ok
11:04:19.0734 3156 dmio (7c824cf7bbde77d95c08005717a95f6f)

C:\WINDOWS\system32\drivers\dmio.sys
11:04:19.0890 3156 dmio - ok
11:04:19.0937 3156 dmload (e9317282a63ca4d188c0df5e09c6ac5f)

C:\WINDOWS\system32\drivers\dmload.sys
11:04:20.0093 3156 dmload - ok
11:04:20.0171 3156 DMusic (8a208dfcf89792a484e76c40e5f50b45)

C:\WINDOWS\system32\drivers\DMusic.sys
11:04:20.0359 3156 DMusic - ok
11:04:20.0390 3156 dpti2o - ok
11:04:20.0437 3156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8)

C:\WINDOWS\system32\drivers\drmkaud.sys
11:04:20.0609 3156 drmkaud - ok
11:04:20.0687 3156 Fastfat (38d332a6d56af32635675f132548343e)

C:\WINDOWS\system32\drivers\Fastfat.sys
11:04:20.0875 3156 Fastfat - ok
11:04:20.0937 3156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81)

C:\WINDOWS\system32\drivers\Fdc.sys
11:04:21.0109 3156 Fdc - ok
11:04:21.0140 3156 Fips (d45926117eb9fa946a6af572fbe1caa3)

C:\WINDOWS\system32\drivers\Fips.sys
11:04:21.0328 3156 Fips - ok
11:04:21.0343 3156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0)

C:\WINDOWS\system32\drivers\Flpydisk.sys
11:04:21.0531 3156 Flpydisk - ok
11:04:21.0578 3156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0)

C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:04:21.0703 3156 FltMgr - ok
11:04:21.0734 3156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)

C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:04:21.0875 3156 Fs_Rec - ok
11:04:21.0890 3156 Ftdisk (6ac26732762483366c3969c9e4d2259d)

C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:04:22.0031 3156 Ftdisk - ok
11:04:22.0109 3156 Gpc (0a02c63c8b144bd8c86b103dee7c86a2)

C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:04:22.0250 3156 Gpc - ok
11:04:22.0312 3156 GTIPCI21 (ca835331825599b938e37525796d3549)

C:\WINDOWS\system32\DRIVERS\gtipci21.sys
11:04:22.0343 3156 GTIPCI21 - ok
11:04:22.0468 3156 HidUsb (ccf82c5ec8a7326c3066de870c06daf1)

C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:04:22.0593 3156 HidUsb - ok
11:04:22.0656 3156 hpn - ok
11:04:22.0734 3156 HSFHWICH (a84bbbdd125d370593004f6429f8445c)

C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
11:04:22.0812 3156 HSFHWICH - ok
11:04:22.0890 3156 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab)

C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
11:04:23.0031 3156 HSF_DPV - ok
11:04:23.0109 3156 HTTP (f80a415ef82cd06ffaf0d971528ead38)

C:\WINDOWS\system32\Drivers\HTTP.sys
11:04:23.0234 3156 HTTP - ok
11:04:23.0250 3156 i2omgmt - ok
11:04:23.0265 3156 i2omp - ok
11:04:23.0343 3156 i8042prt (4a0b06aa8943c1e332520f7440c0aa30)

C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:04:23.0578 3156 i8042prt - ok
11:04:23.0687 3156 ialm (643162fbc619e35d3f1a90a095a5bb42)

C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:04:23.0890 3156 ialm - ok
11:04:23.0937 3156 Imapi (083a052659f5310dd8b6a6cb05edcf8e)

C:\WINDOWS\system32\DRIVERS\imapi.sys
11:04:24.0093 3156 Imapi - ok
11:04:24.0109 3156 ini910u - ok
11:04:24.0171 3156 IntelIde (b5466a9250342a7aa0cd1fba13420678)

C:\WINDOWS\system32\DRIVERS\intelide.sys
11:04:24.0406 3156 IntelIde - ok
11:04:24.0468 3156 intelppm (8c953733d8f36eb2133f5bb58808b66b)

C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:04:24.0609 3156 intelppm - ok
11:04:24.0656 3156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0)

C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:04:24.0781 3156 Ip6Fw - ok
11:04:24.0812 3156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182)

C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:04:24.0968 3156 IpFilterDriver - ok
11:04:25.0000 3156 IpInIp (b87ab476dcf76e72010632b5550955f5)

C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:04:25.0156 3156 IpInIp - ok
11:04:25.0187 3156 IpNat (cc748ea12c6effde940ee98098bf96bb)

C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:04:25.0343 3156 IpNat - ok
11:04:25.0390 3156 IRENUM (c93c9ff7b04d772627a3646d89f7bf89)

C:\WINDOWS\system32\DRIVERS\irenum.sys
11:04:25.0453 3156 IRENUM - ok
11:04:25.0531 3156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7)

C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:04:25.0687 3156 isapnp - ok
11:04:25.0718 3156 Kbdclass (463c1ec80cd17420a542b7f36a36f128)

C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:04:25.0890 3156 Kbdclass - ok
11:04:25.0953 3156 kmixer (692bcf44383d056aed41b045a323d378)

C:\WINDOWS\system32\drivers\kmixer.sys
11:04:26.0125 3156 kmixer - ok
11:04:26.0187 3156 KSecDD (b467646c54cc746128904e1654c750c1)

C:\WINDOWS\system32\drivers\KSecDD.sys
11:04:26.0234 3156 KSecDD - ok
11:04:26.0296 3156 Lavasoft Kernexplorer - ok
11:04:26.0328 3156 Lbd - ok
11:04:26.0359 3156 lbrtfdc - ok
11:04:26.0406 3156 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963)

C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:04:26.0484 3156 MBAMSwissArmy - ok
11:04:26.0546 3156 mdmxsdk (3c318b9cd391371bed62126581ee9961)

C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:04:26.0578 3156 mdmxsdk - ok
11:04:26.0656 3156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6)

C:\WINDOWS\system32\drivers\mnmdd.sys
11:04:26.0875 3156 mnmdd - ok
11:04:26.0937 3156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1)

C:\WINDOWS\system32\drivers\Modem.sys
11:04:27.0046 3156 Modem - ok
11:04:27.0125 3156 Mouclass (35c9e97194c8cfb8430125f8dbc34d04)

C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:04:27.0250 3156 Mouclass - ok
11:04:27.0296 3156 mouhid (b1c303e17fb9d46e87a98e4ba6769685)

C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:04:27.0437 3156 mouhid - ok
11:04:27.0453 3156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd)

C:\WINDOWS\system32\drivers\MountMgr.sys
11:04:27.0625 3156 MountMgr - ok
11:04:27.0765 3156 MpKsl35650175 - ok
11:04:27.0781 3156 MpKslb84144e5 - ok
11:04:27.0796 3156 MpKslcd94cbba - ok
11:04:27.0812 3156 MpKslf01832af - ok
11:04:27.0828 3156 MpKslf7068664 - ok
11:04:27.0843 3156 mraid35x - ok
11:04:27.0875 3156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd)

C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:04:28.0031 3156 MRxDAV - ok
11:04:28.0125 3156 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0)

C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:04:28.0250 3156 MRxSmb - ok
11:04:28.0281 3156 Msfs (c941ea2454ba8350021d774daf0f1027)

C:\WINDOWS\system32\drivers\Msfs.sys
11:04:28.0562 3156 Msfs - ok
11:04:28.0593 3156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1)

C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:04:28.0750 3156 MSKSSRV - ok
11:04:28.0781 3156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e)

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:04:28.0937 3156 MSPCLOCK - ok
11:04:28.0984 3156 MSPQM (bad59648ba099da4a17680b39730cb3d)

C:\WINDOWS\system32\drivers\MSPQM.sys
11:04:29.0140 3156 MSPQM - ok
11:04:29.0187 3156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136)

C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:04:29.0328 3156 mssmbios - ok
11:04:29.0390 3156 Mup (de6a75f5c270e756c5508d94b6cf68f5)

C:\WINDOWS\system32\drivers\Mup.sys
11:04:29.0421 3156 Mup - ok
11:04:29.0500 3156 NDIS (1df7f42665c94b825322fae71721130d)

C:\WINDOWS\system32\drivers\NDIS.sys
11:04:29.0640 3156 NDIS - ok
11:04:29.0703 3156 NdisTapi (0109c4f3850dfbab279542515386ae22)

C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:04:29.0734 3156 NdisTapi - ok
11:04:29.0796 3156 Ndisuio (f927a4434c5028758a842943ef1a3849)

C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:04:29.0921 3156 Ndisuio - ok
11:04:29.0984 3156 NdisWan (edc1531a49c80614b2cfda43ca8659ab)

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:04:30.0187 3156 NdisWan - ok
11:04:30.0250 3156 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b)

C:\WINDOWS\system32\drivers\NDProxy.sys
11:04:30.0296 3156 NDProxy - ok
11:04:30.0328 3156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0)

C:\WINDOWS\system32\DRIVERS\netbios.sys
11:04:30.0531 3156 NetBIOS - ok
11:04:30.0578 3156 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d)

C:\WINDOWS\system32\DRIVERS\netbt.sys
11:04:30.0765 3156 NetBT - ok
11:04:30.0812 3156 Npfs (3182d64ae053d6fb034f44b6def8034a)

C:\WINDOWS\system32\drivers\Npfs.sys
11:04:31.0000 3156 Npfs - ok
11:04:31.0093 3156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca)

C:\WINDOWS\system32\drivers\Ntfs.sys
11:04:31.0296 3156 Ntfs - ok
11:04:31.0328 3156 Null (73c1e1f395918bc2c6dd67af7591a3ad)

C:\WINDOWS\system32\drivers\Null.sys
11:04:31.0531 3156 Null - ok
11:04:31.0609 3156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57)

C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:04:31.0781 3156 NwlnkFlt - ok
11:04:31.0843 3156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9)

C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:04:32.0046 3156 NwlnkFwd - ok
11:04:32.0140 3156 Parport (5575faf8f97ce5e713d108c2a58d7c7c)

C:\WINDOWS\system32\DRIVERS\parport.sys
11:04:32.0343 3156 Parport - ok
11:04:32.0343 3156 Partizan - ok
11:04:32.0375 3156 PartMgr (beb3ba25197665d82ec7065b724171c6)

C:\WINDOWS\system32\drivers\PartMgr.sys
11:04:32.0562 3156 PartMgr - ok
11:04:32.0593 3156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1)

C:\WINDOWS\system32\drivers\ParVdm.sys
11:04:32.0796 3156 ParVdm - ok
11:04:32.0828 3156 PCI (a219903ccf74233761d92bef471a07b1)

C:\WINDOWS\system32\DRIVERS\pci.sys
11:04:33.0046 3156 PCI - ok
11:04:33.0062 3156 PCIDump - ok
11:04:33.0125 3156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0)

C:\WINDOWS\system32\drivers\PCIIde.sys
11:04:33.0296 3156 PCIIde - ok
11:04:33.0312 3156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1)

C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:04:33.0500 3156 Pcmcia - ok
11:04:33.0500 3156 PDCOMP - ok
11:04:33.0515 3156 PDFRAME - ok
11:04:33.0531 3156 PDRELI - ok
11:04:33.0546 3156 PDRFRAME - ok
11:04:33.0562 3156 perc2 - ok
11:04:33.0578 3156 perc2hib - ok
11:04:33.0625 3156 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99)

C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:04:33.0781 3156 PptpMiniport - ok
11:04:33.0796 3156 PROCEXP151 - ok
11:04:33.0812 3156 PSched (09298ec810b07e5d582cb3a3f9255424)

C:\WINDOWS\system32\DRIVERS\psched.sys
11:04:33.0953 3156 PSched - ok
11:04:33.0984 3156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd)

C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:04:34.0109 3156 Ptilink - ok
11:04:34.0171 3156 PxHelp20 (153d02480a0a2f45785522e814c634b6)

C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:04:34.0187 3156 PxHelp20 - ok
11:04:34.0203 3156 ql1080 - ok
11:04:34.0218 3156 Ql10wnt - ok
11:04:34.0234 3156 ql12160 - ok
11:04:34.0250 3156 ql1240 - ok
11:04:34.0265 3156 ql1280 - ok
11:04:34.0281 3156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c)

C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:04:34.0437 3156 RasAcd - ok
11:04:34.0578 3156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6)

C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:04:34.0765 3156 Rasl2tp - ok
11:04:34.0812 3156 RasPppoe (5bc962f2654137c9909c3d4603587dee)

C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:04:35.0000 3156 RasPppoe - ok
11:04:35.0062 3156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242)

C:\WINDOWS\system32\DRIVERS\raspti.sys
11:04:35.0250 3156 Raspti - ok
11:04:35.0296 3156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a)

C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:04:35.0484 3156 Rdbss - ok
11:04:35.0500 3156 RDPCDD (4912d5b403614ce99c28420f75353332)

C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:04:35.0687 3156 RDPCDD - ok
11:04:35.0750 3156 rdpdr (15cabd0f7c00c47c70124907916af3f1)

C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:04:35.0906 3156 rdpdr - ok
11:04:35.0953 3156 RDPWD (fc105dd312ed64eb66bff111e8ec6eac)

C:\WINDOWS\system32\drivers\RDPWD.sys
11:04:36.0046 3156 RDPWD - ok
11:04:36.0109 3156 redbook (f828dd7e1419b6653894a8f97a0094c5)

C:\WINDOWS\system32\DRIVERS\redbook.sys
11:04:36.0265 3156 redbook - ok
11:04:36.0328 3156 RFCOMM (851c30df2807fcfa21e4c681a7d6440e)

C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:04:36.0531 3156 RFCOMM - ok
11:04:36.0546 3156 rkhdrv40 - ok
11:04:36.0578 3156 RkPavproc1 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc1.sys
11:04:36.0593 3156 RkPavproc1 - ok
11:04:36.0640 3156 RkPavproc2 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc2.sys
11:04:36.0656 3156 RkPavproc2 - ok
11:04:36.0687 3156 RkPavproc3 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc3.sys
11:04:36.0703 3156 RkPavproc3 - ok
11:04:36.0750 3156 RkPavproc4 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc4.sys
11:04:36.0765 3156 RkPavproc4 - ok
11:04:36.0796 3156 RkPavproc5 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc5.sys
11:04:36.0812 3156 RkPavproc5 - ok
11:04:36.0843 3156 RkPavproc6 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc6.sys
11:04:36.0859 3156 RkPavproc6 - ok
11:04:36.0906 3156 RkPavproc7 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc7.sys
11:04:36.0921 3156 RkPavproc7 - ok
11:04:36.0953 3156 RkPavproc8 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc8.sys
11:04:36.0968 3156 RkPavproc8 - ok
11:04:37.0015 3156 RkPavproc9 (53f647be062c55e3a18c68608ffd105b)

C:\WINDOWS\system32\drivers\RkPavproc9.sys
11:04:37.0015 3156 RkPavproc9 - ok
11:04:37.0093 3156 s24trans (96b4494d4734970f47c566e098c4f527)

C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:04:37.0140 3156 s24trans - ok
11:04:37.0281 3156 SASDIFSV (39763504067962108505bff25f024345) C:\Program

Files\SUPERAntiSpyware\SASDIFSV.SYS
11:04:37.0296 3156 SASDIFSV - ok
11:04:37.0296 3156 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program

Files\SUPERAntiSpyware\SASKUTIL.SYS
11:04:37.0328 3156 SASKUTIL - ok
11:04:37.0390 3156 Secdrv (90a3935d05b494a5a39d37e71f09a677)

C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:04:37.0515 3156 Secdrv - ok
11:04:37.0578 3156 serenum (0f29512ccd6bead730039fb4bd2c85ce)

C:\WINDOWS\system32\DRIVERS\serenum.sys
11:04:37.0812 3156 serenum - ok
11:04:37.0828 3156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7)

C:\WINDOWS\system32\DRIVERS\serial.sys
11:04:37.0953 3156 Serial - ok
11:04:38.0000 3156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562)

C:\WINDOWS\system32\drivers\Sfloppy.sys
11:04:38.0125 3156 Sfloppy - ok
11:04:38.0156 3156 Simbad - ok
11:04:38.0171 3156 Sparrow - ok
11:04:38.0234 3156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f)

C:\WINDOWS\system32\drivers\splitter.sys
11:04:38.0359 3156 splitter - ok
11:04:38.0437 3156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d)

C:\WINDOWS\system32\DRIVERS\sr.sys
11:04:38.0500 3156 sr - ok
11:04:38.0593 3156 Srv (47ddfc2f003f7f9f0592c6874962a2e7)

C:\WINDOWS\system32\DRIVERS\srv.sys
11:04:38.0703 3156 Srv - ok
11:04:38.0781 3156 STAC97 (305cc42945a713347f978d78566113f3)

C:\WINDOWS\system32\drivers\STAC97.sys
11:04:38.0859 3156 STAC97 - ok
11:04:38.0906 3156 swenum (3941d127aef12e93addf6fe6ee027e0f)

C:\WINDOWS\system32\DRIVERS\swenum.sys
11:04:39.0093 3156 swenum - ok
11:04:39.0140 3156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01)

C:\WINDOWS\system32\drivers\swmidi.sys
11:04:39.0359 3156 swmidi - ok
11:04:39.0375 3156 symc810 - ok
11:04:39.0406 3156 symc8xx - ok
11:04:39.0421 3156 sym_hi - ok
11:04:39.0437 3156 sym_u3 - ok
11:04:39.0468 3156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290)

C:\WINDOWS\system32\drivers\sysaudio.sys
11:04:39.0609 3156 sysaudio - ok
11:04:39.0703 3156 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d)

C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:04:39.0812 3156 Tcpip - ok
11:04:39.0859 3156 TDPIPE (6471a66807f5e104e4885f5b67349397)

C:\WINDOWS\system32\drivers\TDPIPE.sys
11:04:40.0000 3156 TDPIPE - ok
11:04:40.0046 3156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61)

C:\WINDOWS\system32\drivers\TDTCP.sys
11:04:40.0171 3156 TDTCP - ok
11:04:40.0218 3156 TermDD (88155247177638048422893737429d9e)

C:\WINDOWS\system32\DRIVERS\termdd.sys
11:04:40.0406 3156 TermDD - ok
11:04:40.0468 3156 tmcomm (ad866d83b4f0391aecceb4e507011831)

C:\WINDOWS\system32\drivers\tmcomm.sys
11:04:40.0500 3156 tmcomm - ok
11:04:40.0546 3156 toshidpt (e362d54fd394999c4178936396664e57)

C:\WINDOWS\system32\drivers\Toshidpt.sys
11:04:40.0578 3156 toshidpt ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0578 3156 toshidpt - detected UnsignedFile.Multi.Generic (1)
11:04:40.0593 3156 TosIde - ok
11:04:40.0640 3156 tosporte (aeb0a824ddb4f3cc7b476174c8692d47)

C:\WINDOWS\system32\DRIVERS\tosporte.sys
11:04:40.0656 3156 tosporte ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0656 3156 tosporte - detected UnsignedFile.Multi.Generic (1)
11:04:40.0703 3156 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1)

C:\WINDOWS\system32\Drivers\tosrfbd.sys
11:04:40.0703 3156 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0703 3156 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
11:04:40.0718 3156 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30)

C:\WINDOWS\system32\Drivers\tosrfbnp.sys
11:04:40.0734 3156 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0734 3156 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
11:04:40.0796 3156 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2)

C:\WINDOWS\system32\Drivers\tosrfcom.sys
11:04:40.0812 3156 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0812 3156 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
11:04:40.0828 3156 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2)

C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
11:04:40.0828 3156 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0828 3156 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
11:04:40.0875 3156 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb)

C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
11:04:40.0875 3156 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0875 3156 tosrfnds - detected UnsignedFile.Multi.Generic (1)
11:04:40.0906 3156 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696)

C:\WINDOWS\system32\drivers\TosRfSnd.sys
11:04:40.0937 3156 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
11:04:40.0937 3156 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
11:04:40.0968 3156 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6)

C:\WINDOWS\system32\Drivers\tosrfusb.sys
11:04:41.0000 3156 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
11:04:41.0000 3156 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
11:04:41.0015 3156 TrueSight - ok
11:04:41.0093 3156 TrufosAlt (d7e5ea5e740b566344a41fd9c525dccd)

C:\WINDOWS\system32\DRIVERS\TrufosAlt.sys
11:04:41.0125 3156 TrufosAlt - ok
11:04:41.0171 3156 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9)

C:\WINDOWS\system32\drivers\Udfs.sys
11:04:41.0437 3156 Udfs - ok
11:04:41.0453 3156 UIUSys - ok
11:04:41.0468 3156 ultra - ok
11:04:41.0531 3156 Update (402ddc88356b1bac0ee3dd1580c76a31)

C:\WINDOWS\system32\DRIVERS\update.sys
11:04:41.0671 3156 Update - ok
11:04:41.0734 3156 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7)

C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:04:41.0875 3156 usbehci - ok
11:04:41.0890 3156 usbhub (1ab3cdde553b6e064d2e754efe20285c)

C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:04:42.0031 3156 usbhub - ok
11:04:42.0078 3156 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9)

C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:04:42.0250 3156 USBSTOR - ok
11:04:42.0281 3156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:04:42.0437 3156 usbuhci - ok
11:04:42.0484 3156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1)

C:\WINDOWS\System32\drivers\vga.sys
11:04:42.0656 3156 VgaSave - ok
11:04:42.0671 3156 ViaIde - ok
11:04:42.0734 3156 VolSnap (4c8fcb5cc53aab716d810740fe59d025)

C:\WINDOWS\system32\drivers\VolSnap.sys
11:04:42.0890 3156 VolSnap - ok
11:04:43.0046 3156 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b)

C:\WINDOWS\system32\DRIVERS\w29n51.sys
11:04:43.0343 3156 w29n51 - ok
11:04:43.0406 3156 Wanarp (e20b95baedb550f32dd489265c1da1f6)

C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:04:43.0640 3156 Wanarp - ok
11:04:43.0656 3156 WDICA - ok
11:04:43.0718 3156 wdmaud (6768acf64b18196494413695f0c3a00f)

C:\WINDOWS\system32\drivers\wdmaud.sys
11:04:43.0859 3156 wdmaud - ok
11:04:43.0968 3156 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac)

C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:04:44.0015 3156 winachsf - ok
11:04:44.0078 3156 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8)

C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:04:44.0234 3156 WS2IFSL - ok
11:04:44.0281 3156 WudfPf (f15feafffbb3644ccc80c5da584e6311)

C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:04:44.0343 3156 WudfPf - ok
11:04:44.0375 3156 WudfRd (28b524262bce6de1f7ef9f510ba3985b)

C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:04:44.0421 3156 WudfRd - ok
11:04:44.0500 3156 MBR (0x1B8) (8f558eb6672622401da993e1e865c861)

\Device\Harddisk0\DR0
11:04:44.0734 3156 \Device\Harddisk0\DR0 - ok
11:04:44.0750 3156 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e)

\Device\Harddisk1\DR2
11:04:45.0750 3156 \Device\Harddisk1\DR2 - ok
11:04:45.0750 3156 Boot (0x1200) (fc1dc95c9bef5f90fdb91f0ddf540f15)

\Device\Harddisk0\DR0\Partition0
11:04:45.0750 3156 \Device\Harddisk0\DR0\Partition0 - ok
11:04:45.0765 3156 Boot (0x1200) (576ddde0156bb723b6db0c7bf1de6155)

\Device\Harddisk1\DR2\Partition0
11:04:45.0765 3156 \Device\Harddisk1\DR2\Partition0 - ok
11:04:45.0765 3156 ============================================================
11:04:45.0765 3156 Scan finished
11:04:45.0765 3156 ============================================================
11:04:45.0875 3216 Detected object count: 12
11:04:45.0875 3216 Actual detected object count: 12
11:06:12.0734 3216 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0734 3216 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0734 3216 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0734 3216 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0734 3216 BCOREUSB ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0734 3216 BCOREUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:06:12.0750 3216 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
11:06:12.0750 3216 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-12 11:51:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9408114A

rev.8.03
Running: gmer.exe; Driver: C:\DOCUME~1\sam\LOCALS~1\Temp\agxiafow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys

(Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB2125$\1170689418 0 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\bckfg.tmp 852 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\cfg.ini 77 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\L 0 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\L\ommxohya 75264 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U 0 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB2125$\1170689418\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB2125$\2703768717 0 bytes

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF8972000 \WINDOWS\system32\KDCOM.DLL
0xF8882000 \WINDOWS\system32\BOOTVID.dll
0xF8343000 ACPI.sys
0xF8974000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8332000 pci.sys
0xF8472000 isapnp.sys
0xF8886000 compbatt.sys
0xF888A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A3A000 PCIIde.sys
0xF86F2000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF8976000 intelide.sys
0xF8314000 pcmcia.sys
0xF8482000 MountMgr.sys
0xF82F5000 ftdisk.sys
0xF86FA000 PartMgr.sys
0xF8492000 VolSnap.sys
0xF82DD000 atapi.sys
0xF84A2000 disk.sys
0xF84B2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82BD000 fltMgr.sys
0xF84C2000 PxHelp20.sys
0xF82A6000 KSecDD.sys
0xF8219000 Ntfs.sys
0xF81EC000 NDIS.sys
0xF81D2000 Mup.sys
0xF85B2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8195000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF803C000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8028000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7FFE000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF878A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7FDA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8792000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7FC4000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xF8191000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xF7DA6000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7D63000 \SystemRoot\system32\drivers\STAC97.sys
0xF7D3F000 \SystemRoot\system32\drivers\portcls.sys
0xF85C2000 \SystemRoot\system32\drivers\drmk.sys
0xF7D1C000 \SystemRoot\system32\drivers\ks.sys
0xF7CE9000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF7BEC000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS

Allso here is my hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:03 PM, on 1/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\RunOnce: [DelContextmenu] cmd.exe /c del C:\Program" "Files\Best" "Removal" "Tool\Contextmenu.dll
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://my.verizon.com/micro/speedoptimi ... Config.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: GXTXS - Unknown owner - C:\DOCUME~1\HARVEY~1\LOCALS~1\Temp\GXTXS.exe (file missing)
O23 - Service: HHL - Unknown owner - C:\DOCUME~1\HARVEY~1\LOCALS~1\Temp\HHL.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 6261 bytes
InfoGeek
Active Member
 
Posts: 1
Joined: January 12th, 2012, 3:20 pm
Advertisement
Register to Remove

Re: No Internet Access Infected With XP Antivirus 2012

Unread postby deltalima » January 13th, 2012, 3:54 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: No Internet Access Infected With XP Antivirus 2012

Unread postby deltalima » January 13th, 2012, 4:02 pm

Hi InfoGeek,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Word Wrap in Notepad

In order to make the reports I ask for, more readable, I need you to make sure Word Wrap is off in Notepad:
  • Open Notepad ... on the Commands Toolbar click Format.
  • Make sure Word Wrap is unchecked, then close Notepad.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.

  1. avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  2. Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.


Installing a new AV product.
Do NOT uninstall any existing anti-virus product yet!
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.



Please post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: No Internet Access Infected With XP Antivirus 2012

Unread postby deltalima » January 16th, 2012, 3:14 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware