Inactive Iexplore.exe processes pop up, apparent rootkit infection
- Thread starter DoktrMik
- Start date
- Status
How sure would you be that a reinstall of C: would fix this issue? I'm assuming that the only thing that would survive would be: a) something on another drive/partition and b) anything in the MBR. If you believe that I'm 99% likely to be OK after a Windows reinstall, I think I'll just do that.
I've spent so much time on this already that I need to move on with my life!
I've spent so much time on this already that I need to move on with my life!
I'm just going to go with the reinstall. It's been a couple of years since the machine was built, and hopefully I can be more careful this time. Do you have recommendations for antivirus software and/or antimalware software, so I can be sure this doesn't happen again?
Many thanks.
Many thanks.
Broni
Posts: 56,041 +516
The fact is, there is no perfect security program.
The very first line of defense, is and always be your brain and your computer habits.
If you ask me about very good protection programs....here you go...
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
If you want good two-ways firewall...
- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.
As for antimalware, nothing better, than Malwarebytes.
That's all you need.
The very first line of defense, is and always be your brain and your computer habits.
If you ask me about very good protection programs....here you go...
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
If you want good two-ways firewall...
- free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.
As for antimalware, nothing better, than Malwarebytes.
That's all you need.
Well, I did the reinstall. Felt a heck of a lot less painful after going through all those debugging steps!
Broni, I want to thank you for your incredible dedication and quick responses to my problems. I really thought we might be able to solve this issue, but I wouldn't have even thought about trying if you hadn't been as responsive and helpful as you were. You rock!
Broni, I want to thank you for your incredible dedication and quick responses to my problems. I really thought we might be able to solve this issue, but I wouldn't have even thought about trying if you hadn't been as responsive and helpful as you were. You rock!
Agggghhhhh
So, I appear to have become infected again after a reinstall. MBAM found Rootkit.TDSS.Gen inside C:\Windows\Temp\12.tmp and now I can't go to Windows Update nor even Google for anything with 'windowsupdate' in the title.
I'm not sure if you want me to open a new thread, but since we never completely ruled out a router infection I suppose it could be related.
I think I know how it happened, though. I was looking for some drivers and clicked on a web site that proved to be a bit fake looking. Oh, man this sucks.
MBAM isn't finding anything, even in safe mode. But my system restore points (all 3 of them) have been corrupted.
So, I appear to have become infected again after a reinstall. MBAM found Rootkit.TDSS.Gen inside C:\Windows\Temp\12.tmp and now I can't go to Windows Update nor even Google for anything with 'windowsupdate' in the title.
I'm not sure if you want me to open a new thread, but since we never completely ruled out a router infection I suppose it could be related.
I think I know how it happened, though. I was looking for some drivers and clicked on a web site that proved to be a bit fake looking. Oh, man this sucks.
MBAM isn't finding anything, even in safe mode. But my system restore points (all 3 of them) have been corrupted.
Broni
Posts: 56,041 +516
Oh boy.....
Download TDSSKiller and save it to your desktop.
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
2010/08/24 20:11:38.0609 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/24 20:11:38.0609 ================================================================================
2010/08/24 20:11:38.0609 SystemInfo:
2010/08/24 20:11:38.0609
2010/08/24 20:11:38.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 20:11:38.0609 Product type: Workstation
2010/08/24 20:11:38.0609 ComputerName: CASTLEROCK
2010/08/24 20:11:38.0609 UserName: Mike
2010/08/24 20:11:38.0609 Windows directory: C:\WINDOWS
2010/08/24 20:11:38.0609 System windows directory: C:\WINDOWS
2010/08/24 20:11:38.0609 Processor architecture: Intel x86
2010/08/24 20:11:38.0609 Number of processors: 4
2010/08/24 20:11:38.0609 Page size: 0x1000
2010/08/24 20:11:38.0609 Boot type: Normal boot
2010/08/24 20:11:38.0609 ================================================================================
2010/08/24 20:11:40.0234 Initialize success
2010/08/24 20:11:42.0062 ================================================================================
2010/08/24 20:11:42.0062 Scan started
2010/08/24 20:11:42.0062 Mode: Manual;
2010/08/24 20:11:42.0062 ================================================================================
2010/08/24 20:11:45.0500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 20:11:45.0531 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/24 20:11:45.0562 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 20:11:45.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 20:11:45.0687 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/08/24 20:11:45.0796 ANIO (2953a157a783bfc06f42f99fefa5eb07) C:\WINDOWS\system32\ANIO.SYS
2010/08/24 20:11:45.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/24 20:11:45.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 20:11:45.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 20:11:45.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 20:11:45.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 20:11:45.0984 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/24 20:11:46.0000 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/24 20:11:46.0015 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/24 20:11:46.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 20:11:46.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 20:11:46.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 20:11:46.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 20:11:46.0125 Cdrom (9839006fc3112cc531ede542e67c55a5) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 20:11:46.0125 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9839006fc3112cc531ede542e67c55a5, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/08/24 20:11:46.0125 Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/24 20:11:46.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 20:11:46.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 20:11:46.0250 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 20:11:46.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 20:11:46.0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 20:11:46.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 20:11:46.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 20:11:46.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/24 20:11:46.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 20:11:46.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/24 20:11:46.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/24 20:11:46.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 20:11:46.0437 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 20:11:46.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 20:11:46.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/24 20:11:46.0515 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 20:11:46.0562 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 20:11:46.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/08/24 20:11:46.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 20:11:46.0750 IntcAzAudAddService (a109fe3ca1ee4e92292b349de1b32f7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/24 20:11:46.0812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/24 20:11:46.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/24 20:11:46.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 20:11:46.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 20:11:46.0921 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 20:11:46.0937 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 20:11:46.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 20:11:46.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 20:11:47.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 20:11:47.0015 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/24 20:11:47.0031 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 20:11:47.0078 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 20:11:47.0109 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/08/24 20:11:47.0125 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/08/24 20:11:47.0156 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/08/24 20:11:47.0171 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 20:11:47.0187 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 20:11:47.0234 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/08/24 20:11:47.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 20:11:47.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 20:11:47.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 20:11:47.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 20:11:47.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 20:11:47.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 20:11:47.0453 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 20:11:47.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 20:11:47.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 20:11:47.0515 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 20:11:47.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 20:11:47.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 20:11:47.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 20:11:47.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 20:11:47.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 20:11:47.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 20:11:47.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 20:11:47.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 20:11:47.0703 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/24 20:11:47.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 20:11:47.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 20:11:47.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 20:11:47.0984 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/24 20:11:48.0203 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 20:11:48.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 20:11:48.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/24 20:11:48.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/24 20:11:48.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 20:11:48.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 20:11:48.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 20:11:48.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 20:11:48.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 20:11:48.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 20:11:48.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 20:11:48.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 20:11:48.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 20:11:48.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 20:11:48.0546 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 20:11:48.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 20:11:48.0578 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 20:11:48.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 20:11:48.0609 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/24 20:11:48.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 20:11:48.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 20:11:48.0734 rt2870 (a6886caf9d03dade7144171e471eca6f) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2010/08/24 20:11:48.0750 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/24 20:11:48.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 20:11:48.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/24 20:11:48.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/24 20:11:48.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 20:11:48.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 20:11:48.0890 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 20:11:48.0921 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 20:11:48.0968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/24 20:11:48.0984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 20:11:49.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 20:11:49.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 20:11:49.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 20:11:49.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 20:11:49.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 20:11:49.0171 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 20:11:49.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 20:11:49.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 20:11:49.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 20:11:49.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 20:11:49.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 20:11:49.0343 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/24 20:11:49.0359 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 20:11:49.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 20:11:49.0406 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 20:11:49.0437 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/24 20:11:49.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 20:11:49.0531 ================================================================================
2010/08/24 20:11:49.0531 Scan finished
2010/08/24 20:11:49.0531 ================================================================================
2010/08/24 20:11:49.0546 Detected object count: 1
2010/08/24 20:11:54.0578 Cdrom (9839006fc3112cc531ede542e67c55a5) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 20:11:54.0578 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9839006fc3112cc531ede542e67c55a5, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/08/24 20:11:54.0812 Backup copy found, using it..
2010/08/24 20:11:54.0828 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot
2010/08/24 20:11:54.0828 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure
2010/08/24 20:11:59.0562 Deinitialize success
I let it do a 'cure' and after reboot can now visit windowsupdate...
2010/08/24 20:11:38.0609 ================================================================================
2010/08/24 20:11:38.0609 SystemInfo:
2010/08/24 20:11:38.0609
2010/08/24 20:11:38.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/24 20:11:38.0609 Product type: Workstation
2010/08/24 20:11:38.0609 ComputerName: CASTLEROCK
2010/08/24 20:11:38.0609 UserName: Mike
2010/08/24 20:11:38.0609 Windows directory: C:\WINDOWS
2010/08/24 20:11:38.0609 System windows directory: C:\WINDOWS
2010/08/24 20:11:38.0609 Processor architecture: Intel x86
2010/08/24 20:11:38.0609 Number of processors: 4
2010/08/24 20:11:38.0609 Page size: 0x1000
2010/08/24 20:11:38.0609 Boot type: Normal boot
2010/08/24 20:11:38.0609 ================================================================================
2010/08/24 20:11:40.0234 Initialize success
2010/08/24 20:11:42.0062 ================================================================================
2010/08/24 20:11:42.0062 Scan started
2010/08/24 20:11:42.0062 Mode: Manual;
2010/08/24 20:11:42.0062 ================================================================================
2010/08/24 20:11:45.0500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/24 20:11:45.0531 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/24 20:11:45.0562 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/24 20:11:45.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/24 20:11:45.0687 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/08/24 20:11:45.0796 ANIO (2953a157a783bfc06f42f99fefa5eb07) C:\WINDOWS\system32\ANIO.SYS
2010/08/24 20:11:45.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/24 20:11:45.0875 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/24 20:11:45.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/24 20:11:45.0906 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/24 20:11:45.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/24 20:11:45.0984 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/24 20:11:46.0000 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/24 20:11:46.0015 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/24 20:11:46.0046 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/24 20:11:46.0078 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/24 20:11:46.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/24 20:11:46.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/24 20:11:46.0125 Cdrom (9839006fc3112cc531ede542e67c55a5) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 20:11:46.0125 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9839006fc3112cc531ede542e67c55a5, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/08/24 20:11:46.0125 Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/24 20:11:46.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/24 20:11:46.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/24 20:11:46.0250 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/24 20:11:46.0281 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/24 20:11:46.0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/24 20:11:46.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/24 20:11:46.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/24 20:11:46.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/24 20:11:46.0390 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/24 20:11:46.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/24 20:11:46.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/24 20:11:46.0421 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/24 20:11:46.0437 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/24 20:11:46.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/24 20:11:46.0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/24 20:11:46.0515 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/24 20:11:46.0562 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/24 20:11:46.0609 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/08/24 20:11:46.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/24 20:11:46.0750 IntcAzAudAddService (a109fe3ca1ee4e92292b349de1b32f7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/24 20:11:46.0812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/24 20:11:46.0875 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/24 20:11:46.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/24 20:11:46.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/24 20:11:46.0921 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/24 20:11:46.0937 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/24 20:11:46.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/24 20:11:46.0984 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/24 20:11:47.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/24 20:11:47.0015 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/24 20:11:47.0031 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/24 20:11:47.0078 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/24 20:11:47.0109 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/08/24 20:11:47.0125 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/08/24 20:11:47.0156 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/08/24 20:11:47.0171 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/24 20:11:47.0187 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/24 20:11:47.0234 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/08/24 20:11:47.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/24 20:11:47.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/24 20:11:47.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/24 20:11:47.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/24 20:11:47.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/24 20:11:47.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/24 20:11:47.0453 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/24 20:11:47.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/24 20:11:47.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/24 20:11:47.0515 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/24 20:11:47.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/24 20:11:47.0546 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/24 20:11:47.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/24 20:11:47.0609 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/24 20:11:47.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/24 20:11:47.0625 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/24 20:11:47.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/24 20:11:47.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/24 20:11:47.0703 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/24 20:11:47.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/24 20:11:47.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/24 20:11:47.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/24 20:11:47.0984 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/24 20:11:48.0203 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/24 20:11:48.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/24 20:11:48.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/24 20:11:48.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/24 20:11:48.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/24 20:11:48.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/24 20:11:48.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/24 20:11:48.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/24 20:11:48.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/24 20:11:48.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/24 20:11:48.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/24 20:11:48.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/24 20:11:48.0515 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/24 20:11:48.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/24 20:11:48.0546 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/24 20:11:48.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/24 20:11:48.0578 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/24 20:11:48.0593 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/24 20:11:48.0609 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/24 20:11:48.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/24 20:11:48.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/24 20:11:48.0734 rt2870 (a6886caf9d03dade7144171e471eca6f) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2010/08/24 20:11:48.0750 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/08/24 20:11:48.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/24 20:11:48.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/24 20:11:48.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/24 20:11:48.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/24 20:11:48.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/24 20:11:48.0890 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/24 20:11:48.0921 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/24 20:11:48.0968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/24 20:11:48.0984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/24 20:11:49.0000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/24 20:11:49.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/24 20:11:49.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/24 20:11:49.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/24 20:11:49.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/24 20:11:49.0171 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/24 20:11:49.0218 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/24 20:11:49.0250 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/24 20:11:49.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/24 20:11:49.0312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/24 20:11:49.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/24 20:11:49.0343 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/24 20:11:49.0359 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/24 20:11:49.0375 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/24 20:11:49.0406 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/24 20:11:49.0437 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/08/24 20:11:49.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/24 20:11:49.0531 ================================================================================
2010/08/24 20:11:49.0531 Scan finished
2010/08/24 20:11:49.0531 ================================================================================
2010/08/24 20:11:49.0546 Detected object count: 1
2010/08/24 20:11:54.0578 Cdrom (9839006fc3112cc531ede542e67c55a5) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/24 20:11:54.0578 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9839006fc3112cc531ede542e67c55a5, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
2010/08/24 20:11:54.0812 Backup copy found, using it..
2010/08/24 20:11:54.0828 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot
2010/08/24 20:11:54.0828 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure
2010/08/24 20:11:59.0562 Deinitialize success
I let it do a 'cure' and after reboot can now visit windowsupdate...
Broni
Posts: 56,041 +516
Yeah, the infected file has been cured.
No logs zipping, please.
Update MBAM, re-run it. Post the log.
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
No logs zipping, please.
Update MBAM, re-run it. Post the log.
Download MBRCheck to your desktop
Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4473
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
8/24/2010 8:36:48 PM
mbam-log-2010-08-24 (20-36-48).txt
Scan type: Quick scan
Objects scanned: 129650
Time elapsed: 1 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 4473
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
8/24/2010 8:36:48 PM
mbam-log-2010-08-24 (20-36-48).txt
Scan type: Quick scan
Objects scanned: 129650
Time elapsed: 1 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x020107bc
Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB80A8000 klmdb.sys
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80B8000 isapnp.sys
0xB80C8000 ohci1394.sys
0xB80D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80E8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80F8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB8108000 disk.sys
0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB7DEE000 Mup.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6F16000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6F02000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6EDE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6EB6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8564000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6EA2000 \SystemRoot\system32\DRIVERS\parport.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8208000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6E7F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB86F2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB856C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E68000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6E40000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6C90000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85BC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6C32000 \SystemRoot\system32\DRIVERS\update.sys
0xB8588000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8278000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4431000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB440D000 \SystemRoot\system32\drivers\portcls.sys
0xB82A8000 \SystemRoot\system32\drivers\drmk.sys
0xB85D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8736000 \SystemRoot\System32\Drivers\Null.SYS
0xB85DA000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8408000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8410000 \SystemRoot\System32\drivers\vga.sys
0xB85DC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8418000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8420000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6B76000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB438A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4331000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4309000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB42E3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB42C1000 \SystemRoot\System32\drivers\afd.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8428000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB4296000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4226000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB82F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4204000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB85E2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB412D000 \SystemRoot\system32\DRIVERS\rt2870.sys
0xB4405000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8318000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB8148000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB40BC000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB43ED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB43E9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8458000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB8158000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB40A4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85E6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6B86000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8468000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8704000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB3D4F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3D3B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3A2A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB864A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB84A8000 \??\C:\WINDOWS\system32\ANIO.SYS
0xB87C0000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB38BB000 \SystemRoot\system32\DRIVERS\srv.sys
0xB355E000 \SystemRoot\system32\drivers\wdmaud.sys
0xB381B000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2769000 \SystemRoot\System32\Drivers\HTTP.sys
0xB25B4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 34):
0 System Idle Process
4 System
464 C:\WINDOWS\system32\smss.exe
684 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\nvsvc32.exe
992 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1260 svchost.exe
1516 C:\WINDOWS\system32\spoolsv.exe
1560 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1600 svchost.exe
1664 C:\WINDOWS\system32\ANIWConnService.exe
1696 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1716 C:\Program Files\Bonjour\mDNSResponder.exe
1964 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1436 alg.exe
1176 C:\WINDOWS\explorer.exe
168 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
172 C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
2016 C:\WINDOWS\system32\rundll32.exe
2060 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2072 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2084 C:\WINDOWS\RTHDCPL.EXE
2136 C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
2184 C:\WINDOWS\system32\ctfmon.exe
2660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
2248 C:\WINDOWS\system32\svchost.exe
3412 C:\Program Files\Mozilla Firefox\firefox.exe
1284 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x0000003d`093bfc00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000001e`84dcfe00 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x00000043`2432e400 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x0000005b`8e958000 (NTFS)
PhysicalDrive2 Model Number: WDCWD5000AAKS-00A7B0, Rev: 01.03B01
PhysicalDrive0 Model Number: WDCWD5000AAKS-00A7B0, Rev: 01.03B01
PhysicalDrive1 Model Number: SAMSUNGSP1213C, Rev: SV100-30
PhysicalDrive3 Model Number: ST3250823AS, Rev: 3.03
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 2B90DDCC668E70D6A429D4E56313F2A2532D922A
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 2B90DDCC668E70D6A429D4E56313F2A2532D922A
232 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: 2B90DDCC668E70D6A429D4E56313F2A2532D922A
Done!
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x020107bc
Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB80A8000 klmdb.sys
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80B8000 isapnp.sys
0xB80C8000 ohci1394.sys
0xB80D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80E8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80F8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB8108000 disk.sys
0xB8118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB7DEE000 Mup.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6F16000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB6F02000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6EDE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6EB6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB8564000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB6EA2000 \SystemRoot\system32\DRIVERS\parport.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8208000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8218000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6E7F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB86F2000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB856C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E68000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB6E40000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB6C90000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85BC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB6C32000 \SystemRoot\system32\DRIVERS\update.sys
0xB8588000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8278000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4431000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB440D000 \SystemRoot\system32\drivers\portcls.sys
0xB82A8000 \SystemRoot\system32\drivers\drmk.sys
0xB85D8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8736000 \SystemRoot\System32\Drivers\Null.SYS
0xB85DA000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8408000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8410000 \SystemRoot\System32\drivers\vga.sys
0xB85DC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85DE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8418000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8420000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6B76000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB438A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4331000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4309000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB42E3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB42C1000 \SystemRoot\System32\drivers\afd.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8428000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB4296000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4226000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB82F8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4204000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB85E2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB8430000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB412D000 \SystemRoot\system32\DRIVERS\rt2870.sys
0xB4405000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8318000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8450000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB8148000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB40BC000 \SystemRoot\System32\Drivers\wdf01000.sys
0xB43ED000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB43E9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8458000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB8158000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB40A4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85E6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6B86000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8468000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8704000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xB3D4F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB3D3B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3A2A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB864A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB84A8000 \??\C:\WINDOWS\system32\ANIO.SYS
0xB87C0000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB38BB000 \SystemRoot\system32\DRIVERS\srv.sys
0xB355E000 \SystemRoot\system32\drivers\wdmaud.sys
0xB381B000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2769000 \SystemRoot\System32\Drivers\HTTP.sys
0xB25B4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 34):
0 System Idle Process
4 System
464 C:\WINDOWS\system32\smss.exe
684 csrss.exe
708 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\nvsvc32.exe
992 C:\WINDOWS\system32\svchost.exe
1076 svchost.exe
1116 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1260 svchost.exe
1516 C:\WINDOWS\system32\spoolsv.exe
1560 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1600 svchost.exe
1664 C:\WINDOWS\system32\ANIWConnService.exe
1696 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1716 C:\Program Files\Bonjour\mDNSResponder.exe
1964 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1436 alg.exe
1176 C:\WINDOWS\explorer.exe
168 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
172 C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
2016 C:\WINDOWS\system32\rundll32.exe
2060 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2072 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2084 C:\WINDOWS\RTHDCPL.EXE
2136 C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
2184 C:\WINDOWS\system32\ctfmon.exe
2660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
2248 C:\WINDOWS\system32\svchost.exe
3412 C:\Program Files\Mozilla Firefox\firefox.exe
1284 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x0000003d`093bfc00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000001e`84dcfe00 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x00000043`2432e400 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x0000005b`8e958000 (NTFS)
PhysicalDrive2 Model Number: WDCWD5000AAKS-00A7B0, Rev: 01.03B01
PhysicalDrive0 Model Number: WDCWD5000AAKS-00A7B0, Rev: 01.03B01
PhysicalDrive1 Model Number: SAMSUNGSP1213C, Rev: SV100-30
PhysicalDrive3 Model Number: ST3250823AS, Rev: 3.03
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 2B90DDCC668E70D6A429D4E56313F2A2532D922A
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: 2B90DDCC668E70D6A429D4E56313F2A2532D922A
232 GB \\.\PhysicalDrive3 Windows XP MBR code detected
SHA1: 2B90DDCC668E70D6A429D4E56313F2A2532D922A
Done!
Broni
Posts: 56,041 +516
All looks good 
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
For a good measure, run TFC and Kaspersky online scan and you should be good to go
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
For a good measure, run TFC and Kaspersky online scan and you should be good to go
- Status
