Help
This topic is locked
Hello
I would like you to run this tool for me - fixTDSS
download it to your desktop and start the program
Follow the prompts and Ok any security prompts
when it is complete it will say the infection was cleared or no infection was found - let me know what it says
after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report
Gringo
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
System Restore and Google redirect infection cannot run TDSSkiller
#16
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,524
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 07 November 2011 - 11:04 PM
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
Back to top
#17
- New Member
-
- Group: Members
- Posts: 10
- Joined: 02-November 11
Posted 07 November 2011 - 11:29 PM
FixTDSS ran without incident. I don't remember if it reported anything interesting; I think it said it fixed one problem. Sorry I wasn't paying closer attention.
TDSSkiller ran this time (finally). The only item it reported an issue with was sptd process, which I believe is related to Daemon Tools, so I let TDSSkiller skip it.
Watching the machine for a few minutes, I haven't seen an iexplore.exe process start up. I also tried several google search results in firefox, and was not redirected this time.
Anything else I should check for?
20:21:00.0796 2324 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
20:21:01.0343 2324 ============================================================
20:21:01.0343 2324 Current date / time: 2011/11/07 20:21:01.0343
20:21:01.0343 2324 SystemInfo:
20:21:01.0343 2324
20:21:01.0343 2324 OS Version: 5.1.2600 ServicePack: 3.0
20:21:01.0343 2324 Product type: Workstation
20:21:01.0343 2324 ComputerName: UMHOEFER
20:21:01.0343 2324 UserName: jumhoefer
20:21:01.0343 2324 Windows directory: C:\WINDOWS
20:21:01.0343 2324 System windows directory: C:\WINDOWS
20:21:01.0343 2324 Processor architecture: Intel x86
20:21:01.0343 2324 Number of processors: 2
20:21:01.0343 2324 Page size: 0x1000
20:21:01.0343 2324 Boot type: Normal boot
20:21:01.0343 2324 ============================================================
20:21:02.0093 2324 Initialize success
20:21:18.0828 3616 ============================================================
20:21:18.0828 3616 Scan started
20:21:18.0828 3616 Mode: Manual;
20:21:18.0828 3616 ============================================================
20:21:19.0296 3616 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:21:19.0296 3616 Aavmker4 - ok
20:21:19.0312 3616 Abiosdsk - ok
20:21:19.0328 3616 abp480n5 - ok
20:21:19.0390 3616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:21:19.0390 3616 ACPI - ok
20:21:19.0437 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:21:19.0437 3616 ACPIEC - ok
20:21:19.0453 3616 adpu160m - ok
20:21:19.0484 3616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:21:19.0484 3616 aec - ok
20:21:19.0515 3616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:21:19.0531 3616 AFD - ok
20:21:19.0531 3616 Aha154x - ok
20:21:19.0546 3616 aic78u2 - ok
20:21:19.0562 3616 aic78xx - ok
20:21:19.0593 3616 AliIde - ok
20:21:19.0609 3616 amsint - ok
20:21:19.0625 3616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:21:19.0625 3616 Arp1394 - ok
20:21:19.0640 3616 asc - ok
20:21:19.0656 3616 asc3350p - ok
20:21:19.0671 3616 asc3550 - ok
20:21:19.0718 3616 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:21:19.0718 3616 aswFsBlk - ok
20:21:19.0765 3616 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
20:21:19.0765 3616 aswMon2 - ok
20:21:19.0796 3616 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
20:21:19.0796 3616 aswRdr - ok
20:21:19.0859 3616 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
20:21:19.0875 3616 aswSnx - ok
20:21:19.0906 3616 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
20:21:19.0921 3616 aswSP - ok
20:21:19.0953 3616 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
20:21:19.0953 3616 aswTdi - ok
20:21:20.0000 3616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:21:20.0000 3616 AsyncMac - ok
20:21:20.0031 3616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:21:20.0031 3616 atapi - ok
20:21:20.0046 3616 Atdisk - ok
20:21:20.0078 3616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:21:20.0078 3616 Atmarpc - ok
20:21:20.0125 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:21:20.0125 3616 audstub - ok
20:21:20.0171 3616 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:21:20.0187 3616 b57w2k - ok
20:21:20.0203 3616 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:21:20.0218 3616 BANTExt - ok
20:21:20.0375 3616 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:21:20.0484 3616 BCM43XX - ok
20:21:20.0515 3616 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys
20:21:20.0515 3616 BCOREUSB - ok
20:21:20.0578 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:21:20.0578 3616 Beep - ok
20:21:20.0625 3616 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:21:20.0625 3616 BthEnum - ok
20:21:20.0640 3616 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
20:21:20.0656 3616 BTHMODEM - ok
20:21:20.0671 3616 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:21:20.0671 3616 BthPan - ok
20:21:20.0734 3616 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
20:21:20.0750 3616 BTHPORT - ok
20:21:20.0765 3616 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:21:20.0765 3616 BTHUSB - ok
20:21:20.0796 3616 C751BUS (82d55313cba91bb399840b93d6be79a5) C:\WINDOWS\system32\DRIVERS\C751BUS.sys
20:21:20.0796 3616 C751BUS - ok
20:21:20.0812 3616 C751Mdm (307ff3cccc9d683c3ec6a9b7737e9e8b) C:\WINDOWS\system32\DRIVERS\C751Mdm.sys
20:21:20.0828 3616 C751Mdm - ok
20:21:20.0843 3616 C751Vsp (e1e7c808eab9791e0dbb3f6c0e99ad62) C:\WINDOWS\system32\DRIVERS\C751Vsp.sys
20:21:20.0843 3616 C751Vsp - ok
20:21:20.0937 3616 catchme - ok
20:21:21.0031 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:21:21.0031 3616 cbidf2k - ok
20:21:21.0062 3616 cd20xrnt - ok
20:21:21.0093 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:21:21.0109 3616 Cdaudio - ok
20:21:21.0156 3616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:21:21.0171 3616 Cdfs - ok
20:21:21.0203 3616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:21:21.0203 3616 Cdrom - ok
20:21:21.0250 3616 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:21:21.0265 3616 cercsr6 - ok
20:21:21.0296 3616 Changer - ok
20:21:21.0328 3616 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:21:21.0343 3616 CmBatt - ok
20:21:21.0343 3616 CmdIde - ok
20:21:21.0375 3616 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:21:21.0375 3616 Compbatt - ok
20:21:21.0406 3616 Cpqarray - ok
20:21:21.0421 3616 dac2w2k - ok
20:21:21.0437 3616 dac960nt - ok
20:21:21.0468 3616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:21:21.0468 3616 Disk - ok
20:21:21.0531 3616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:21:21.0578 3616 dmboot - ok
20:21:21.0609 3616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:21:21.0625 3616 dmio - ok
20:21:21.0671 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:21:21.0671 3616 dmload - ok
20:21:21.0703 3616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:21:21.0703 3616 DMusic - ok
20:21:21.0765 3616 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:21:21.0781 3616 dot4 - ok
20:21:21.0796 3616 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:21:21.0812 3616 Dot4Print - ok
20:21:21.0828 3616 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:21:21.0828 3616 dot4usb - ok
20:21:21.0843 3616 dpti2o - ok
20:21:21.0890 3616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:21:21.0890 3616 drmkaud - ok
20:21:21.0937 3616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:21:21.0953 3616 Fastfat - ok
20:21:21.0968 3616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:21:21.0984 3616 Fdc - ok
20:21:22.0000 3616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:21:22.0000 3616 Fips - ok
20:21:22.0015 3616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:21:22.0031 3616 Flpydisk - ok
20:21:22.0078 3616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:21:22.0078 3616 FltMgr - ok
20:21:22.0109 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:21:22.0109 3616 Fs_Rec - ok
20:21:22.0140 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:21:22.0140 3616 Ftdisk - ok
20:21:22.0187 3616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:21:22.0203 3616 Gpc - ok
20:21:22.0250 3616 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:21:22.0250 3616 HDAudBus - ok
20:21:22.0281 3616 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:21:22.0281 3616 hidusb - ok
20:21:22.0296 3616 hpn - ok
20:21:22.0359 3616 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:21:22.0375 3616 HSFHWAZL - ok
20:21:22.0437 3616 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:21:22.0484 3616 HSF_DPV - ok
20:21:22.0546 3616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:21:22.0562 3616 HTTP - ok
20:21:22.0578 3616 i2omgmt - ok
20:21:22.0593 3616 i2omp - ok
20:21:22.0640 3616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:21:22.0640 3616 i8042prt - ok
20:21:22.0671 3616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:21:22.0671 3616 Imapi - ok
20:21:22.0687 3616 ini910u - ok
20:21:22.0718 3616 IntelIde - ok
20:21:22.0765 3616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:21:22.0765 3616 intelppm - ok
20:21:22.0796 3616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:21:22.0796 3616 Ip6Fw - ok
20:21:22.0843 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:21:22.0843 3616 IpFilterDriver - ok
20:21:22.0890 3616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:21:22.0890 3616 IpInIp - ok
20:21:22.0921 3616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:21:22.0937 3616 IpNat - ok
20:21:22.0968 3616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:21:22.0968 3616 IPSec - ok
20:21:23.0000 3616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:21:23.0000 3616 IRENUM - ok
20:21:23.0031 3616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:21:23.0031 3616 isapnp - ok
20:21:23.0062 3616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:21:23.0062 3616 Kbdclass - ok
20:21:23.0093 3616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:21:23.0093 3616 kbdhid - ok
20:21:23.0125 3616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:21:23.0140 3616 kmixer - ok
20:21:23.0187 3616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:21:23.0187 3616 KSecDD - ok
20:21:23.0312 3616 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:21:23.0312 3616 Lavasoft Kernexplorer - ok
20:21:23.0406 3616 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:21:23.0421 3616 Lbd - ok
20:21:23.0437 3616 lbrtfdc - ok
20:21:23.0453 3616 MBAMSwissArmy - ok
20:21:23.0500 3616 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:21:23.0500 3616 mdmxsdk - ok
20:21:23.0546 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:21:23.0546 3616 mnmdd - ok
20:21:23.0593 3616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:21:23.0593 3616 Modem - ok
20:21:23.0625 3616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:21:23.0625 3616 Mouclass - ok
20:21:23.0671 3616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:21:23.0671 3616 mouhid - ok
20:21:23.0703 3616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:21:23.0703 3616 MountMgr - ok
20:21:23.0718 3616 mraid35x - ok
20:21:23.0734 3616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:21:23.0750 3616 MRxDAV - ok
20:21:23.0796 3616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:21:23.0828 3616 MRxSmb - ok
20:21:23.0859 3616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:21:23.0859 3616 Msfs - ok
20:21:23.0890 3616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:21:23.0890 3616 MSKSSRV - ok
20:21:23.0906 3616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:21:23.0906 3616 MSPCLOCK - ok
20:21:23.0937 3616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:21:23.0937 3616 MSPQM - ok
20:21:23.0968 3616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:21:23.0968 3616 mssmbios - ok
20:21:24.0015 3616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:21:24.0015 3616 Mup - ok
20:21:24.0078 3616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:21:24.0093 3616 NDIS - ok
20:21:24.0140 3616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:21:24.0140 3616 NdisTapi - ok
20:21:24.0187 3616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:21:24.0187 3616 Ndisuio - ok
20:21:24.0218 3616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:21:24.0218 3616 NdisWan - ok
20:21:24.0265 3616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:21:24.0265 3616 NDProxy - ok
20:21:24.0296 3616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:21:24.0296 3616 NetBIOS - ok
20:21:24.0328 3616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:21:24.0328 3616 NetBT - ok
20:21:24.0359 3616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:21:24.0375 3616 NIC1394 - ok
20:21:24.0390 3616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:21:24.0390 3616 Npfs - ok
20:21:24.0421 3616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:21:24.0453 3616 Ntfs - ok
20:21:24.0500 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:21:24.0500 3616 Null - ok
20:21:24.0828 3616 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:21:25.0125 3616 nv - ok
20:21:25.0187 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:21:25.0187 3616 NwlnkFlt - ok
20:21:25.0265 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:21:25.0265 3616 NwlnkFwd - ok
20:21:25.0359 3616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:21:25.0359 3616 ohci1394 - ok
20:21:25.0406 3616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:21:25.0421 3616 Parport - ok
20:21:25.0421 3616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:21:25.0437 3616 PartMgr - ok
20:21:25.0484 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:21:25.0484 3616 ParVdm - ok
20:21:25.0531 3616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:21:25.0546 3616 PCI - ok
20:21:25.0546 3616 PCIDump - ok
20:21:25.0562 3616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:21:25.0578 3616 PCIIde - ok
20:21:25.0609 3616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:21:25.0609 3616 Pcmcia - ok
20:21:25.0625 3616 PDCOMP - ok
20:21:25.0640 3616 PDFRAME - ok
20:21:25.0656 3616 PDRELI - ok
20:21:25.0671 3616 PDRFRAME - ok
20:21:25.0687 3616 perc2 - ok
20:21:25.0703 3616 perc2hib - ok
20:21:25.0765 3616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:21:25.0765 3616 PptpMiniport - ok
20:21:25.0781 3616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:21:25.0796 3616 PSched - ok
20:21:25.0828 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:21:25.0828 3616 Ptilink - ok
20:21:25.0875 3616 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:21:25.0890 3616 PxHelp20 - ok
20:21:25.0890 3616 ql1080 - ok
20:21:25.0906 3616 Ql10wnt - ok
20:21:25.0921 3616 ql12160 - ok
20:21:25.0937 3616 ql1240 - ok
20:21:25.0953 3616 ql1280 - ok
20:21:25.0984 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:21:25.0984 3616 RasAcd - ok
20:21:26.0046 3616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:21:26.0046 3616 Rasl2tp - ok
20:21:26.0062 3616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:21:26.0078 3616 RasPppoe - ok
20:21:26.0093 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:21:26.0093 3616 Raspti - ok
20:21:26.0125 3616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:21:26.0140 3616 Rdbss - ok
20:21:26.0156 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:21:26.0171 3616 RDPCDD - ok
20:21:26.0218 3616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:21:26.0234 3616 rdpdr - ok
20:21:26.0328 3616 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:21:26.0343 3616 RDPWD - ok
20:21:26.0375 3616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:21:26.0375 3616 redbook - ok
20:21:26.0437 3616 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:21:26.0453 3616 RFCOMM - ok
20:21:26.0500 3616 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:21:26.0500 3616 rimmptsk - ok
20:21:26.0515 3616 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:21:26.0515 3616 rimsptsk - ok
20:21:26.0531 3616 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:21:26.0546 3616 rismxdp - ok
20:21:26.0625 3616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:21:26.0625 3616 SASDIFSV - ok
20:21:26.0625 3616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:21:26.0640 3616 SASKUTIL - ok
20:21:26.0718 3616 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:21:26.0718 3616 sdbus - ok
20:21:26.0765 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:21:26.0765 3616 Secdrv - ok
20:21:26.0812 3616 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:21:26.0812 3616 seehcri - ok
20:21:26.0843 3616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:21:26.0843 3616 serenum - ok
20:21:26.0875 3616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:21:26.0875 3616 Serial - ok
20:21:26.0937 3616 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:21:26.0937 3616 sffdisk - ok
20:21:26.0953 3616 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:21:26.0953 3616 sffp_sd - ok
20:21:26.0984 3616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:21:26.0984 3616 Sfloppy - ok
20:21:27.0015 3616 Simbad - ok
20:21:27.0046 3616 SIUSBXP (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\SiUSBXp.sys
20:21:27.0062 3616 SIUSBXP - ok
20:21:27.0078 3616 Sparrow - ok
20:21:27.0125 3616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:21:27.0125 3616 splitter - ok
20:21:27.0203 3616 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:21:27.0203 3616 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:21:27.0218 3616 sptd ( LockedFile.Multi.Generic ) - warning
20:21:27.0218 3616 sptd - detected LockedFile.Multi.Generic (1)
20:21:27.0250 3616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:21:27.0250 3616 sr - ok
20:21:27.0312 3616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:21:27.0328 3616 Srv - ok
20:21:27.0375 3616 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
20:21:27.0375 3616 StarOpen - ok
20:21:27.0468 3616 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
20:21:27.0484 3616 STHDA - ok
20:21:27.0531 3616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:21:27.0546 3616 swenum - ok
20:21:27.0578 3616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:21:27.0578 3616 swmidi - ok
20:21:27.0625 3616 sxuptp (d31070c9d6f285dafdae9ef92163e5f0) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
20:21:27.0640 3616 sxuptp - ok
20:21:27.0656 3616 symc810 - ok
20:21:27.0671 3616 symc8xx - ok
20:21:27.0687 3616 sym_hi - ok
20:21:27.0703 3616 sym_u3 - ok
20:21:27.0765 3616 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:21:27.0765 3616 SynTP - ok
20:21:27.0812 3616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:21:27.0812 3616 sysaudio - ok
20:21:27.0890 3616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:21:27.0906 3616 Tcpip - ok
20:21:27.0937 3616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:21:27.0937 3616 TDPIPE - ok
20:21:27.0968 3616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:21:27.0968 3616 TDTCP - ok
20:21:28.0000 3616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:21:28.0000 3616 TermDD - ok
20:21:28.0046 3616 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
20:21:28.0062 3616 toshidpt - ok
20:21:28.0062 3616 TosIde - ok
20:21:28.0109 3616 tosporte (aeb0a824ddb4f3cc7b476174c8692d47) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:21:28.0125 3616 tosporte - ok
20:21:28.0140 3616 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:21:28.0156 3616 Tosrfbd - ok
20:21:28.0171 3616 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:21:28.0171 3616 Tosrfbnp - ok
20:21:28.0218 3616 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:21:28.0218 3616 Tosrfcom - ok
20:21:28.0234 3616 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:21:28.0234 3616 Tosrfhid - ok
20:21:28.0265 3616 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:21:28.0281 3616 tosrfnds - ok
20:21:28.0312 3616 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
20:21:28.0312 3616 TosRfSnd - ok
20:21:28.0343 3616 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:21:28.0343 3616 Tosrfusb - ok
20:21:28.0390 3616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:21:28.0406 3616 Udfs - ok
20:21:28.0406 3616 ultra - ok
20:21:28.0468 3616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:21:28.0484 3616 Update - ok
20:21:28.0515 3616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:21:28.0531 3616 usbccgp - ok
20:21:28.0562 3616 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
20:21:28.0578 3616 USBCCID - ok
20:21:28.0625 3616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:21:28.0625 3616 usbehci - ok
20:21:28.0671 3616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:21:28.0671 3616 usbhub - ok
20:21:28.0718 3616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:21:28.0718 3616 usbprint - ok
20:21:28.0765 3616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:21:28.0765 3616 usbscan - ok
20:21:28.0812 3616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:21:28.0828 3616 USBSTOR - ok
20:21:28.0859 3616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:21:28.0859 3616 usbuhci - ok
20:21:28.0875 3616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:21:28.0890 3616 VgaSave - ok
20:21:28.0906 3616 ViaIde - ok
20:21:28.0937 3616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:21:28.0937 3616 VolSnap - ok
20:21:28.0984 3616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:21:28.0984 3616 Wanarp - ok
20:21:29.0000 3616 WDICA - ok
20:21:29.0031 3616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:21:29.0031 3616 wdmaud - ok
20:21:29.0109 3616 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:21:29.0140 3616 winachsf - ok
20:21:29.0187 3616 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:21:29.0203 3616 WmiAcpi - ok
20:21:29.0250 3616 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:21:29.0265 3616 WpdUsb - ok
20:21:29.0312 3616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:21:29.0312 3616 WudfPf - ok
20:21:29.0343 3616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:21:29.0359 3616 WudfRd - ok
20:21:29.0406 3616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:21:29.0546 3616 \Device\Harddisk0\DR0 - ok
20:21:29.0562 3616 Boot (0x1200) (288e72f2df7d225d01a1a5f3af453819) \Device\Harddisk0\DR0\Partition0
20:21:29.0562 3616 \Device\Harddisk0\DR0\Partition0 - ok
20:21:29.0578 3616 Boot (0x1200) (da757588c8d13e5a6475c19ca2562222) \Device\Harddisk0\DR0\Partition1
20:21:29.0578 3616 \Device\Harddisk0\DR0\Partition1 - ok
20:21:29.0578 3616 ============================================================
20:21:29.0593 3616 Scan finished
20:21:29.0593 3616 ============================================================
20:21:29.0609 3608 Detected object count: 1
20:21:29.0609 3608 Actual detected object count: 1
20:22:31.0843 3608 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:22:31.0843 3608 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
TDSSkiller ran this time (finally). The only item it reported an issue with was sptd process, which I believe is related to Daemon Tools, so I let TDSSkiller skip it.
Watching the machine for a few minutes, I haven't seen an iexplore.exe process start up. I also tried several google search results in firefox, and was not redirected this time.
Anything else I should check for?
20:21:00.0796 2324 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
20:21:01.0343 2324 ============================================================
20:21:01.0343 2324 Current date / time: 2011/11/07 20:21:01.0343
20:21:01.0343 2324 SystemInfo:
20:21:01.0343 2324
20:21:01.0343 2324 OS Version: 5.1.2600 ServicePack: 3.0
20:21:01.0343 2324 Product type: Workstation
20:21:01.0343 2324 ComputerName: UMHOEFER
20:21:01.0343 2324 UserName: jumhoefer
20:21:01.0343 2324 Windows directory: C:\WINDOWS
20:21:01.0343 2324 System windows directory: C:\WINDOWS
20:21:01.0343 2324 Processor architecture: Intel x86
20:21:01.0343 2324 Number of processors: 2
20:21:01.0343 2324 Page size: 0x1000
20:21:01.0343 2324 Boot type: Normal boot
20:21:01.0343 2324 ============================================================
20:21:02.0093 2324 Initialize success
20:21:18.0828 3616 ============================================================
20:21:18.0828 3616 Scan started
20:21:18.0828 3616 Mode: Manual;
20:21:18.0828 3616 ============================================================
20:21:19.0296 3616 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:21:19.0296 3616 Aavmker4 - ok
20:21:19.0312 3616 Abiosdsk - ok
20:21:19.0328 3616 abp480n5 - ok
20:21:19.0390 3616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:21:19.0390 3616 ACPI - ok
20:21:19.0437 3616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:21:19.0437 3616 ACPIEC - ok
20:21:19.0453 3616 adpu160m - ok
20:21:19.0484 3616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:21:19.0484 3616 aec - ok
20:21:19.0515 3616 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:21:19.0531 3616 AFD - ok
20:21:19.0531 3616 Aha154x - ok
20:21:19.0546 3616 aic78u2 - ok
20:21:19.0562 3616 aic78xx - ok
20:21:19.0593 3616 AliIde - ok
20:21:19.0609 3616 amsint - ok
20:21:19.0625 3616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:21:19.0625 3616 Arp1394 - ok
20:21:19.0640 3616 asc - ok
20:21:19.0656 3616 asc3350p - ok
20:21:19.0671 3616 asc3550 - ok
20:21:19.0718 3616 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:21:19.0718 3616 aswFsBlk - ok
20:21:19.0765 3616 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
20:21:19.0765 3616 aswMon2 - ok
20:21:19.0796 3616 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
20:21:19.0796 3616 aswRdr - ok
20:21:19.0859 3616 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
20:21:19.0875 3616 aswSnx - ok
20:21:19.0906 3616 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
20:21:19.0921 3616 aswSP - ok
20:21:19.0953 3616 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
20:21:19.0953 3616 aswTdi - ok
20:21:20.0000 3616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:21:20.0000 3616 AsyncMac - ok
20:21:20.0031 3616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:21:20.0031 3616 atapi - ok
20:21:20.0046 3616 Atdisk - ok
20:21:20.0078 3616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:21:20.0078 3616 Atmarpc - ok
20:21:20.0125 3616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:21:20.0125 3616 audstub - ok
20:21:20.0171 3616 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:21:20.0187 3616 b57w2k - ok
20:21:20.0203 3616 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:21:20.0218 3616 BANTExt - ok
20:21:20.0375 3616 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:21:20.0484 3616 BCM43XX - ok
20:21:20.0515 3616 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys
20:21:20.0515 3616 BCOREUSB - ok
20:21:20.0578 3616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:21:20.0578 3616 Beep - ok
20:21:20.0625 3616 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:21:20.0625 3616 BthEnum - ok
20:21:20.0640 3616 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
20:21:20.0656 3616 BTHMODEM - ok
20:21:20.0671 3616 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:21:20.0671 3616 BthPan - ok
20:21:20.0734 3616 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
20:21:20.0750 3616 BTHPORT - ok
20:21:20.0765 3616 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:21:20.0765 3616 BTHUSB - ok
20:21:20.0796 3616 C751BUS (82d55313cba91bb399840b93d6be79a5) C:\WINDOWS\system32\DRIVERS\C751BUS.sys
20:21:20.0796 3616 C751BUS - ok
20:21:20.0812 3616 C751Mdm (307ff3cccc9d683c3ec6a9b7737e9e8b) C:\WINDOWS\system32\DRIVERS\C751Mdm.sys
20:21:20.0828 3616 C751Mdm - ok
20:21:20.0843 3616 C751Vsp (e1e7c808eab9791e0dbb3f6c0e99ad62) C:\WINDOWS\system32\DRIVERS\C751Vsp.sys
20:21:20.0843 3616 C751Vsp - ok
20:21:20.0937 3616 catchme - ok
20:21:21.0031 3616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:21:21.0031 3616 cbidf2k - ok
20:21:21.0062 3616 cd20xrnt - ok
20:21:21.0093 3616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:21:21.0109 3616 Cdaudio - ok
20:21:21.0156 3616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:21:21.0171 3616 Cdfs - ok
20:21:21.0203 3616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:21:21.0203 3616 Cdrom - ok
20:21:21.0250 3616 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:21:21.0265 3616 cercsr6 - ok
20:21:21.0296 3616 Changer - ok
20:21:21.0328 3616 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:21:21.0343 3616 CmBatt - ok
20:21:21.0343 3616 CmdIde - ok
20:21:21.0375 3616 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:21:21.0375 3616 Compbatt - ok
20:21:21.0406 3616 Cpqarray - ok
20:21:21.0421 3616 dac2w2k - ok
20:21:21.0437 3616 dac960nt - ok
20:21:21.0468 3616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:21:21.0468 3616 Disk - ok
20:21:21.0531 3616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:21:21.0578 3616 dmboot - ok
20:21:21.0609 3616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:21:21.0625 3616 dmio - ok
20:21:21.0671 3616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:21:21.0671 3616 dmload - ok
20:21:21.0703 3616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:21:21.0703 3616 DMusic - ok
20:21:21.0765 3616 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:21:21.0781 3616 dot4 - ok
20:21:21.0796 3616 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:21:21.0812 3616 Dot4Print - ok
20:21:21.0828 3616 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:21:21.0828 3616 dot4usb - ok
20:21:21.0843 3616 dpti2o - ok
20:21:21.0890 3616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:21:21.0890 3616 drmkaud - ok
20:21:21.0937 3616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:21:21.0953 3616 Fastfat - ok
20:21:21.0968 3616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:21:21.0984 3616 Fdc - ok
20:21:22.0000 3616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:21:22.0000 3616 Fips - ok
20:21:22.0015 3616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:21:22.0031 3616 Flpydisk - ok
20:21:22.0078 3616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:21:22.0078 3616 FltMgr - ok
20:21:22.0109 3616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:21:22.0109 3616 Fs_Rec - ok
20:21:22.0140 3616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:21:22.0140 3616 Ftdisk - ok
20:21:22.0187 3616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:21:22.0203 3616 Gpc - ok
20:21:22.0250 3616 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:21:22.0250 3616 HDAudBus - ok
20:21:22.0281 3616 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:21:22.0281 3616 hidusb - ok
20:21:22.0296 3616 hpn - ok
20:21:22.0359 3616 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:21:22.0375 3616 HSFHWAZL - ok
20:21:22.0437 3616 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:21:22.0484 3616 HSF_DPV - ok
20:21:22.0546 3616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:21:22.0562 3616 HTTP - ok
20:21:22.0578 3616 i2omgmt - ok
20:21:22.0593 3616 i2omp - ok
20:21:22.0640 3616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:21:22.0640 3616 i8042prt - ok
20:21:22.0671 3616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:21:22.0671 3616 Imapi - ok
20:21:22.0687 3616 ini910u - ok
20:21:22.0718 3616 IntelIde - ok
20:21:22.0765 3616 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:21:22.0765 3616 intelppm - ok
20:21:22.0796 3616 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:21:22.0796 3616 Ip6Fw - ok
20:21:22.0843 3616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:21:22.0843 3616 IpFilterDriver - ok
20:21:22.0890 3616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:21:22.0890 3616 IpInIp - ok
20:21:22.0921 3616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:21:22.0937 3616 IpNat - ok
20:21:22.0968 3616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:21:22.0968 3616 IPSec - ok
20:21:23.0000 3616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:21:23.0000 3616 IRENUM - ok
20:21:23.0031 3616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:21:23.0031 3616 isapnp - ok
20:21:23.0062 3616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:21:23.0062 3616 Kbdclass - ok
20:21:23.0093 3616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:21:23.0093 3616 kbdhid - ok
20:21:23.0125 3616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:21:23.0140 3616 kmixer - ok
20:21:23.0187 3616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:21:23.0187 3616 KSecDD - ok
20:21:23.0312 3616 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:21:23.0312 3616 Lavasoft Kernexplorer - ok
20:21:23.0406 3616 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:21:23.0421 3616 Lbd - ok
20:21:23.0437 3616 lbrtfdc - ok
20:21:23.0453 3616 MBAMSwissArmy - ok
20:21:23.0500 3616 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:21:23.0500 3616 mdmxsdk - ok
20:21:23.0546 3616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:21:23.0546 3616 mnmdd - ok
20:21:23.0593 3616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:21:23.0593 3616 Modem - ok
20:21:23.0625 3616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:21:23.0625 3616 Mouclass - ok
20:21:23.0671 3616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:21:23.0671 3616 mouhid - ok
20:21:23.0703 3616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:21:23.0703 3616 MountMgr - ok
20:21:23.0718 3616 mraid35x - ok
20:21:23.0734 3616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:21:23.0750 3616 MRxDAV - ok
20:21:23.0796 3616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:21:23.0828 3616 MRxSmb - ok
20:21:23.0859 3616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:21:23.0859 3616 Msfs - ok
20:21:23.0890 3616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:21:23.0890 3616 MSKSSRV - ok
20:21:23.0906 3616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:21:23.0906 3616 MSPCLOCK - ok
20:21:23.0937 3616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:21:23.0937 3616 MSPQM - ok
20:21:23.0968 3616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:21:23.0968 3616 mssmbios - ok
20:21:24.0015 3616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:21:24.0015 3616 Mup - ok
20:21:24.0078 3616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:21:24.0093 3616 NDIS - ok
20:21:24.0140 3616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:21:24.0140 3616 NdisTapi - ok
20:21:24.0187 3616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:21:24.0187 3616 Ndisuio - ok
20:21:24.0218 3616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:21:24.0218 3616 NdisWan - ok
20:21:24.0265 3616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:21:24.0265 3616 NDProxy - ok
20:21:24.0296 3616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:21:24.0296 3616 NetBIOS - ok
20:21:24.0328 3616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:21:24.0328 3616 NetBT - ok
20:21:24.0359 3616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:21:24.0375 3616 NIC1394 - ok
20:21:24.0390 3616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:21:24.0390 3616 Npfs - ok
20:21:24.0421 3616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:21:24.0453 3616 Ntfs - ok
20:21:24.0500 3616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:21:24.0500 3616 Null - ok
20:21:24.0828 3616 nv (77f427e51479c66c09f967d15b639b37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:21:25.0125 3616 nv - ok
20:21:25.0187 3616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:21:25.0187 3616 NwlnkFlt - ok
20:21:25.0265 3616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:21:25.0265 3616 NwlnkFwd - ok
20:21:25.0359 3616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:21:25.0359 3616 ohci1394 - ok
20:21:25.0406 3616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:21:25.0421 3616 Parport - ok
20:21:25.0421 3616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:21:25.0437 3616 PartMgr - ok
20:21:25.0484 3616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:21:25.0484 3616 ParVdm - ok
20:21:25.0531 3616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:21:25.0546 3616 PCI - ok
20:21:25.0546 3616 PCIDump - ok
20:21:25.0562 3616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:21:25.0578 3616 PCIIde - ok
20:21:25.0609 3616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:21:25.0609 3616 Pcmcia - ok
20:21:25.0625 3616 PDCOMP - ok
20:21:25.0640 3616 PDFRAME - ok
20:21:25.0656 3616 PDRELI - ok
20:21:25.0671 3616 PDRFRAME - ok
20:21:25.0687 3616 perc2 - ok
20:21:25.0703 3616 perc2hib - ok
20:21:25.0765 3616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:21:25.0765 3616 PptpMiniport - ok
20:21:25.0781 3616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:21:25.0796 3616 PSched - ok
20:21:25.0828 3616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:21:25.0828 3616 Ptilink - ok
20:21:25.0875 3616 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:21:25.0890 3616 PxHelp20 - ok
20:21:25.0890 3616 ql1080 - ok
20:21:25.0906 3616 Ql10wnt - ok
20:21:25.0921 3616 ql12160 - ok
20:21:25.0937 3616 ql1240 - ok
20:21:25.0953 3616 ql1280 - ok
20:21:25.0984 3616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:21:25.0984 3616 RasAcd - ok
20:21:26.0046 3616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:21:26.0046 3616 Rasl2tp - ok
20:21:26.0062 3616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:21:26.0078 3616 RasPppoe - ok
20:21:26.0093 3616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:21:26.0093 3616 Raspti - ok
20:21:26.0125 3616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:21:26.0140 3616 Rdbss - ok
20:21:26.0156 3616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:21:26.0171 3616 RDPCDD - ok
20:21:26.0218 3616 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:21:26.0234 3616 rdpdr - ok
20:21:26.0328 3616 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:21:26.0343 3616 RDPWD - ok
20:21:26.0375 3616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:21:26.0375 3616 redbook - ok
20:21:26.0437 3616 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:21:26.0453 3616 RFCOMM - ok
20:21:26.0500 3616 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:21:26.0500 3616 rimmptsk - ok
20:21:26.0515 3616 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:21:26.0515 3616 rimsptsk - ok
20:21:26.0531 3616 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:21:26.0546 3616 rismxdp - ok
20:21:26.0625 3616 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:21:26.0625 3616 SASDIFSV - ok
20:21:26.0625 3616 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:21:26.0640 3616 SASKUTIL - ok
20:21:26.0718 3616 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:21:26.0718 3616 sdbus - ok
20:21:26.0765 3616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:21:26.0765 3616 Secdrv - ok
20:21:26.0812 3616 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:21:26.0812 3616 seehcri - ok
20:21:26.0843 3616 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:21:26.0843 3616 serenum - ok
20:21:26.0875 3616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:21:26.0875 3616 Serial - ok
20:21:26.0937 3616 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:21:26.0937 3616 sffdisk - ok
20:21:26.0953 3616 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:21:26.0953 3616 sffp_sd - ok
20:21:26.0984 3616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:21:26.0984 3616 Sfloppy - ok
20:21:27.0015 3616 Simbad - ok
20:21:27.0046 3616 SIUSBXP (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\SiUSBXp.sys
20:21:27.0062 3616 SIUSBXP - ok
20:21:27.0078 3616 Sparrow - ok
20:21:27.0125 3616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:21:27.0125 3616 splitter - ok
20:21:27.0203 3616 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:21:27.0203 3616 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:21:27.0218 3616 sptd ( LockedFile.Multi.Generic ) - warning
20:21:27.0218 3616 sptd - detected LockedFile.Multi.Generic (1)
20:21:27.0250 3616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:21:27.0250 3616 sr - ok
20:21:27.0312 3616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:21:27.0328 3616 Srv - ok
20:21:27.0375 3616 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
20:21:27.0375 3616 StarOpen - ok
20:21:27.0468 3616 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
20:21:27.0484 3616 STHDA - ok
20:21:27.0531 3616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:21:27.0546 3616 swenum - ok
20:21:27.0578 3616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:21:27.0578 3616 swmidi - ok
20:21:27.0625 3616 sxuptp (d31070c9d6f285dafdae9ef92163e5f0) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
20:21:27.0640 3616 sxuptp - ok
20:21:27.0656 3616 symc810 - ok
20:21:27.0671 3616 symc8xx - ok
20:21:27.0687 3616 sym_hi - ok
20:21:27.0703 3616 sym_u3 - ok
20:21:27.0765 3616 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:21:27.0765 3616 SynTP - ok
20:21:27.0812 3616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:21:27.0812 3616 sysaudio - ok
20:21:27.0890 3616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:21:27.0906 3616 Tcpip - ok
20:21:27.0937 3616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:21:27.0937 3616 TDPIPE - ok
20:21:27.0968 3616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:21:27.0968 3616 TDTCP - ok
20:21:28.0000 3616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:21:28.0000 3616 TermDD - ok
20:21:28.0046 3616 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
20:21:28.0062 3616 toshidpt - ok
20:21:28.0062 3616 TosIde - ok
20:21:28.0109 3616 tosporte (aeb0a824ddb4f3cc7b476174c8692d47) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:21:28.0125 3616 tosporte - ok
20:21:28.0140 3616 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:21:28.0156 3616 Tosrfbd - ok
20:21:28.0171 3616 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:21:28.0171 3616 Tosrfbnp - ok
20:21:28.0218 3616 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:21:28.0218 3616 Tosrfcom - ok
20:21:28.0234 3616 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:21:28.0234 3616 Tosrfhid - ok
20:21:28.0265 3616 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:21:28.0281 3616 tosrfnds - ok
20:21:28.0312 3616 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
20:21:28.0312 3616 TosRfSnd - ok
20:21:28.0343 3616 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:21:28.0343 3616 Tosrfusb - ok
20:21:28.0390 3616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:21:28.0406 3616 Udfs - ok
20:21:28.0406 3616 ultra - ok
20:21:28.0468 3616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:21:28.0484 3616 Update - ok
20:21:28.0515 3616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:21:28.0531 3616 usbccgp - ok
20:21:28.0562 3616 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
20:21:28.0578 3616 USBCCID - ok
20:21:28.0625 3616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:21:28.0625 3616 usbehci - ok
20:21:28.0671 3616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:21:28.0671 3616 usbhub - ok
20:21:28.0718 3616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:21:28.0718 3616 usbprint - ok
20:21:28.0765 3616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:21:28.0765 3616 usbscan - ok
20:21:28.0812 3616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:21:28.0828 3616 USBSTOR - ok
20:21:28.0859 3616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:21:28.0859 3616 usbuhci - ok
20:21:28.0875 3616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:21:28.0890 3616 VgaSave - ok
20:21:28.0906 3616 ViaIde - ok
20:21:28.0937 3616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:21:28.0937 3616 VolSnap - ok
20:21:28.0984 3616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:21:28.0984 3616 Wanarp - ok
20:21:29.0000 3616 WDICA - ok
20:21:29.0031 3616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:21:29.0031 3616 wdmaud - ok
20:21:29.0109 3616 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:21:29.0140 3616 winachsf - ok
20:21:29.0187 3616 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:21:29.0203 3616 WmiAcpi - ok
20:21:29.0250 3616 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:21:29.0265 3616 WpdUsb - ok
20:21:29.0312 3616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:21:29.0312 3616 WudfPf - ok
20:21:29.0343 3616 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:21:29.0359 3616 WudfRd - ok
20:21:29.0406 3616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:21:29.0546 3616 \Device\Harddisk0\DR0 - ok
20:21:29.0562 3616 Boot (0x1200) (288e72f2df7d225d01a1a5f3af453819) \Device\Harddisk0\DR0\Partition0
20:21:29.0562 3616 \Device\Harddisk0\DR0\Partition0 - ok
20:21:29.0578 3616 Boot (0x1200) (da757588c8d13e5a6475c19ca2562222) \Device\Harddisk0\DR0\Partition1
20:21:29.0578 3616 \Device\Harddisk0\DR0\Partition1 - ok
20:21:29.0578 3616 ============================================================
20:21:29.0593 3616 Scan finished
20:21:29.0593 3616 ============================================================
20:21:29.0609 3608 Detected object count: 1
20:21:29.0609 3608 Actual detected object count: 1
20:22:31.0843 3608 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:22:31.0843 3608 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
#18
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,524
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 08 November 2011 - 08:05 AM
Greetings
These logs are looking very good, we are almost done!!! Just one more scan to go.
:Remove unneeded startup entries:
This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
If you have any problems running Hijackthis.
sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator
Eset Online Scanner
**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go Eset web page to run an online scannner from ESET.
Click Scan
Wait for the scan to finish
Click on copy to clipboard and paste the results here in this topic
you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic
Gringo
These logs are looking very good, we are almost done!!! Just one more scan to go.
:Remove unneeded startup entries:
This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
- NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brakets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]
If you have any problems running Hijackthis.
sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator
Eset Online Scanner
**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go Eset web page to run an online scannner from ESET.
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- click on the ESET Online Scanner button
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options
- Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Copy and paste that log as a reply to this topic
Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#19
- New Member
-
- Group: Members
- Posts: 10
- Joined: 02-November 11
Posted 08 November 2011 - 04:45 PM
Done and done.
C:\System Volume Information\_restore{DDE2764D-D5E9-4FFD-92FC-557D954FD67D}\RP2\A0001576.exe a variant of Win32/Kryptik.UVJ trojan
C:\System Volume Information\_restore{DDE2764D-D5E9-4FFD-92FC-557D954FD67D}\RP2\A0001751.exe a variant of Win32/Kryptik.UVN trojan
That is the extent of the log it generated.
C:\System Volume Information\_restore{DDE2764D-D5E9-4FFD-92FC-557D954FD67D}\RP2\A0001576.exe a variant of Win32/Kryptik.UVJ trojan
C:\System Volume Information\_restore{DDE2764D-D5E9-4FFD-92FC-557D954FD67D}\RP2\A0001751.exe a variant of Win32/Kryptik.UVN trojan
That is the extent of the log it generated.
#20
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,524
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 08 November 2011 - 08:02 PM
Hello
The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.
Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.
The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.
:DeFogger:
:Uninstall ComboFix:
:remove tools:
Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
:Make your Internet Explorer more secure:
:Make Firefox more secure:
Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector
:Turn On Automatic Updates:
:antispyware programs:
I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
Here is some great reading about how to be safer online:
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.
I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
Gringo
The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.
Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.
The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.
:DeFogger:
- To re-enable your Emulation drivers, double click DeFogger to run the tool.
- The application window will appear
- Click the Re-enable button to re-enable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:
- turn off all active protection software
- push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
- please copy and past the following into the box ComboFix /Uninstall and click OK.
- Note the space between the X and the /Uninstall, it needs to be there.
:remove tools:
Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
- Double-click OTCleanIt.exe.
- Click the CleanUp! button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
- If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
:Make your Internet Explorer more secure:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialise and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
:Make Firefox more secure:
- please visit this page to explain how to make Firefox more secure - How to Secure Firefox
Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector
:Turn On Automatic Updates:
- Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.
or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
:antispyware programs:
I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
- WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
- Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
- Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.
Here is some great reading about how to be safer online:
- PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal
I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.
I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.Gringo
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
#21
- Bleepin Gringo
-
- Group: Malware Response Team
- Posts: 85,524
- Joined: 03-July 08
- Gender:Male
- Location:Puerto rico
Posted 10 November 2011 - 11:54 PM
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I will be online from 5-31 to 6-4 in a very limited amount
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->
<-- Don't worry every little bit helps.
