Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Remove About Blank Hijacker, Trojans and Rogues


  • Please log in to reply
30 replies to this topic

#1 cherdon

cherdon

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 14 June 2010 - 01:13 PM

Hello everyone.
I know I'm not the only one with this problem but finding a solution that totally rids my computer of this virus/malware has been difficult and my granddaughters need it for school assignments etc and its running very slow considering we have high speed. When I do a search on google and click a link it gets redirected somewhere else, completely different of what I was searching for eg: I tried doing a search for "how do i disable avg internet security" and instead got the following: hxxp://www.caranddriver.com/news?cid=cd:loo:news:62983-100022: which you can clearly see has nothing to do with what I was searching for. At one point while I was posting this, I got re-directed but quickly x'd it out and got back here to what I was doing. Also when I'm on blog websites sometimes my browser will open up a new tab with a random website that was not featured on the site and these are forums or blogs that I go to regularly and never had that problem before. About Blank is becoming a real issue too. It just multiplies and multiplies and the only way to stop it is to ctrl alt del but it continues to re occur.

I have windows xp
1536 MB Total Memory
659 MB Free Memory

Internet Explorer 7
Service Pack 3

Currently installed and running on my computer is AVG Internet Security 9
Microsoft Security Essentials
MalwareBytes
Trojan Remover 6.8.1
Hijack This
RKill.com
Combo Fix - but have never ran it as cautioned by your forum

I tried STOPzilla which when scanned stated I have numerous trojans etc but could not fix problems as I did not have a registered version so it was no help. Ive tried spybot search and destroy, ad aware, ad aware away, cccleaner, hitman pro 3.5, along with many others that I cant remember at this time. I have spent the last few days working on this, doing searches on google, reading up on what others have tried but some fixes seemed to be for advanced users who know what they're doing in the registry. I am somewhat of a chicken (cautious) when it comes to doing certain things unless I am given step by step instructions that are easy to understand and follow.

Supposedly I have the following:
Search.Hijacker.H
Antimalware Doctor
Performance Platform
Vundo. A2
Vundo. A3
GASF
Gen Downloader.1

Wont allow me to do windows update for critical downloads (get the following) Internet Explorer cannot display the webpage
I even tried System Restore but it tells me it could not be restored.

I hope I have given you enough initial info to get some much needed help. Appreciate your time and effort. Cheryl

Edited by Orange Blossom, 14 June 2010 - 01:44 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 14 June 2010 - 11:16 PM

Thank you, lets see what an online scan shows.

ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-

click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on

    that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program

    Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components

of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 15 June 2010 - 07:55 AM

Here are the results from ESET Online Scanner

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0113cf120c7df844af432f010946b4d4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-15 12:50:29
# local_time=2010-06-15 08:50:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1031 16777189 100 98 0 0 0 0
# compatibility_mode=5891 16776869 100 100 0 16125152 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=56877
# found=3
# cleaned=3
# scan_time=2247
C:\Config.Msi\376f9c9.rbf a variant of Win32/Adware.ErrorRepair application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe Win32/Adware.Lifze.J application (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe Win32/Adware.Lifze.J application (deleted - quarantined) 00000000000000000000000000000000 C

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 15 June 2010 - 09:49 AM

Hi, let's do these now.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

*************************************************************

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 15 June 2010 - 04:53 PM

Here is the MalwareBytes Log as requested:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4201

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

6/15/2010 3:10:06 PM
mbam-log-2010-06-15 (15-10-06).txt

Scan type: Quick scan
Objects scanned: 128743
Time elapsed: 12 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ive got to tell you that I sure disagree with these findings as I am having more problems than I did when I first posted this which I will tell you about at the end of this posting.

Next I tried to run ATF and SAS in safe mode but after 3 attempts, I gave up as when I used arrow keys and highlighted safe mode it would go back to original screen and windows xp would be highlighted. Then I saw the following: Windows could not start because the following file is missing: windows root>\system32\hal.dll (this happened when I tried to exit out of safe mode and I had to shut down manually. I could only do the ATF and SAS scan in normal mode.
I followed your instructions and here is the SAS log below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2010 at 05:11 PM

Application Version : 4.39.1002

Core Rules Database Version : 5069
Trace Rules Database Version: 2881

Scan type : Complete Scan
Total Scan Time : 01:15:11

Memory items scanned : 378
Memory threats detected : 0
Registry items scanned : 6519
Registry threats detected : 3
File items scanned : 49875
File threats detected : 39

Adware.Flash Tracking Cookie
C:\Documents and Settings\Cheryl\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9TA2HQJ6\IA.MEDIA-IMDB.COM
C:\Documents and Settings\Cheryl\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9TA2HQJ6\VITAMINE.NETWORLDMEDIA.NET
C:\Documents and Settings\Cheryl\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9TA2HQJ6\TRACKSIMPLE.S3.AMAZONAWS.COM
C:\Documents and Settings\Cheryl\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9TA2HQJ6\SECURE-US.IMRWORLDWIDE.COM

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
cdn.insights.gravity.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
cdn4.specificclick.net [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
convoad.technoratimedia.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
core.insightexpressai.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
countdownpage.createyourcountdown.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
ia.media-imdb.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
imagec17.247realmedia.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
input.insights.gravity.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
insight.randomhouse.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
interclick.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media-natgeo.pictela.net [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.downy.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.dreamhost.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.mtvnservices.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.onsugar.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.podaddies.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.resulthost.org [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.scanscout.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.socialvibe.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.tattomedia.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media1.break.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
mediaforgews.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
objects.tremormedia.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
radio.pmd.rogersdigitalmedia.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
richmedia247.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
speed.pointroll.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
tracksimple.s3.amazonaws.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
udn.specificclick.net [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
vitamine.networldmedia.net [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
www.countrywidecontests.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
www.pornhub.com [ C:\Documents and Settings\Cheryl\Application Data\Macromedia\Flash Player\#SharedObjects\9TA2HQJ6 ]
media.wholesite.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\APVZ4CFM ]
vitamine.networldmedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\APVZ4CFM ]

I am constantly getting the following pop up on my screen:
Accessed file is infected
File Name - 91.188.60.232/new.exe
Threat Name - Trojan horse Generic 18.KYU
Process Name - C:\WINDOWS\System32\SVchost.exe
Process ID - 1384 and also 1396

I also cannot reply or send an email from my Outlook Express

I only can hear sound in Pogo, nothing else and I have checked everything and nothing is muted and speakers are working.

I am still getting re-directed to other sites continually, happened even when I was in here twice, but I quickly x it out which keeps me where I am. I sure hope this is fixable because my granddaughters need to use this puter. Thanks so much for your help so far...really appreciate it and will check back again. Just when I was signing off that darn Trojan horse Generic popped up. Arghhhhhhh

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 15 June 2010 - 07:58 PM

Hello do you have an XP Cd to repair files?

Can you riun this from a USB or CD drive if you cannot download it.
  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 15 June 2010 - 08:35 PM

Hi there. No I do not have an XP CD to repair files. I was however able to download it and below is the log:

21:23:06:984 5012 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
21:23:06:984 5012 ================================================================================
21:23:06:984 5012 SystemInfo:

21:23:06:984 5012 OS Version: 5.1.2600 ServicePack: 3.0
21:23:06:984 5012 Product type: Workstation
21:23:06:984 5012 ComputerName: CHERYL-08AUC4CT
21:23:06:984 5012 UserName: Cheryl
21:23:06:984 5012 Windows directory: C:\WINDOWS
21:23:06:984 5012 Processor architecture: Intel x86
21:23:06:984 5012 Number of processors: 1
21:23:06:984 5012 Page size: 0x1000
21:23:06:984 5012 Boot type: Normal boot
21:23:06:984 5012 ================================================================================
21:23:07:406 5012 Initialize success
21:23:07:406 5012
21:23:07:406 5012 Scanning Services ...
21:23:07:843 5012 Raw services enum returned 370 services
21:23:07:859 5012
21:23:07:859 5012 Scanning Drivers ...
21:23:09:265 5012 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:23:09:406 5012 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:23:09:578 5012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:23:09:703 5012 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:23:10:156 5012 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
21:23:10:562 5012 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:23:10:890 5012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:23:11:046 5012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:23:11:218 5012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:23:11:343 5012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:23:11:453 5012 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:23:11:468 5012 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:23:11:671 5012 AVGIDSDriverxpx (56206c641454aba963151329f9363003) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
21:23:11:828 5012 AVGIDSErHrxpx (5f76534d86f5d87902bd8cca3d651e8e) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
21:23:12:015 5012 AVGIDSFilterxpx (8ee3a628ea3c6d5569cc3b3a94ec86b8) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
21:23:12:218 5012 AVGIDSShimxpx (d5b81f9ee6361ebc8df702569da01370) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
21:23:12:609 5012 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
21:23:12:750 5012 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
21:23:12:875 5012 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
21:23:13:062 5012 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
21:23:13:234 5012 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
21:23:13:359 5012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:23:13:468 5012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:23:13:593 5012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:23:13:734 5012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:23:13:906 5012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:23:14:031 5012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:23:14:312 5012 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
21:23:14:687 5012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:23:14:796 5012 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:23:14:968 5012 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:23:15:109 5012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:23:15:234 5012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:23:15:390 5012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:15:531 5012 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\dddsk.sys
21:23:15:718 5012 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
21:23:15:906 5012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:23:16:015 5012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:23:16:140 5012 FET5X86V (52fa46ae36caafc6e1ff4fd617dfd25d) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
21:23:16:156 5012 FETND5BV (52fa46ae36caafc6e1ff4fd617dfd25d) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
21:23:16:265 5012 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
21:23:16:421 5012 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
21:23:16:562 5012 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:23:16:687 5012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:23:16:765 5012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:23:16:890 5012 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
21:23:17:015 5012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:17:218 5012 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:23:17:328 5012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:23:17:453 5012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:23:17:578 5012 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:23:17:734 5012 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:23:17:906 5012 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:23:18:015 5012 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:23:18:218 5012 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:23:18:421 5012 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
21:23:18:671 5012 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:23:18:921 5012 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
21:23:19:109 5012 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:23:19:406 5012 i8042prt (9c3ed3f5661b9dc2bc9a2a9288f291c5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:23:19:406 5012 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 9c3ed3f5661b9dc2bc9a2a9288f291c5, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
21:23:19:406 5012 File "C:\WINDOWS\system32\DRIVERS\i8042prt.sys" infected by TDSS rootkit ... 21:23:20:062 5012 Backup copy found, using it..
21:23:20:109 5012 will be cured on next reboot
21:23:20:265 5012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:23:20:484 5012 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:23:20:609 5012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:20:765 5012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:23:20:906 5012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:23:21:031 5012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:23:21:171 5012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:23:21:296 5012 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:23:21:437 5012 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
21:23:21:640 5012 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:23:21:750 5012 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:23:21:859 5012 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
21:23:21:984 5012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:23:22:109 5012 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:23:22:343 5012 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
21:23:22:453 5012 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:23:22:562 5012 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:23:22:687 5012 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:23:22:796 5012 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:23:22:921 5012 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:23:23:031 5012 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:23:23:156 5012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:23:23:312 5012 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:23:23:468 5012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:23:23:625 5012 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:23:23:843 5012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:23:23:953 5012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:23:24:078 5012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:23:24:296 5012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:23:24:468 5012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:23:24:593 5012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:23:24:734 5012 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:23:24:828 5012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:23:24:984 5012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:23:25:171 5012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:23:25:609 5012 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:23:26:031 5012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:23:26:156 5012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:26:265 5012 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:23:26:421 5012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:23:26:546 5012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:23:26:703 5012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:23:26:828 5012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:23:26:984 5012 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\System32\ntsim.sys
21:23:27:140 5012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:23:27:390 5012 nv (c823d5e609762c075f26f7fc56690f34) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:23:27:656 5012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:23:27:812 5012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:23:27:937 5012 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:23:28:062 5012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:23:28:156 5012 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:23:28:250 5012 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:23:28:421 5012 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:23:28:781 5012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:23:28:859 5012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:23:28:953 5012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:23:29:328 5012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:23:29:453 5012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:23:29:609 5012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:23:29:734 5012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:23:29:859 5012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:23:29:968 5012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:23:30:093 5012 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:23:30:265 5012 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:23:30:390 5012 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
21:23:30:500 5012 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:23:30:515 5012 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:23:30:671 5012 SBRE (4019149e4e296072831c8855605d9fdc) C:\WINDOWS\system32\drivers\SBREdrv.sys
21:23:30:781 5012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:23:30:906 5012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:23:31:046 5012 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:23:31:125 5012 SetupNT (549ea830a5d9edd9cd14311126c2849b) C:\WINDOWS\system32\SetupNT.sys
21:23:31:281 5012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:23:31:500 5012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:23:31:656 5012 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
21:23:31:875 5012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:23:32:031 5012 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
21:23:32:156 5012 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:23:32:359 5012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:23:32:531 5012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:23:32:609 5012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:23:32:890 5012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:23:33:015 5012 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:23:33:218 5012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:23:33:328 5012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:23:33:390 5012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:23:33:515 5012 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
21:23:33:671 5012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:23:33:890 5012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:23:34:109 5012 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:23:34:234 5012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:23:34:359 5012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:23:34:515 5012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:23:34:640 5012 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:23:34:765 5012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:23:34:875 5012 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:23:35:000 5012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:23:35:140 5012 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
21:23:35:359 5012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:23:35:484 5012 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
21:23:35:593 5012 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:23:35:703 5012 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:23:35:812 5012 vulfnths (c9a8ba443f809b70bccccd60cc73fa5c) C:\WINDOWS\System32\Drivers\vulfnth.sys
21:23:35:937 5012 vulfntrs (2d8c55889616f7767e9fb8adee37a02a) C:\WINDOWS\System32\Drivers\vulfntr.sys
21:23:36:140 5012 VX3000 (88322300247273203665c3ffa892e425) C:\WINDOWS\system32\DRIVERS\VX3000.sys
21:23:36:390 5012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:23:36:609 5012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:23:36:875 5012 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:23:37:156 5012 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:23:37:281 5012 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:23:37:406 5012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:23:37:562 5012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:23:37:562 5012 Reboot required for cure complete..
21:23:38:015 5012 Cure on reboot scheduled successfully
21:23:38:015 5012
21:23:38:015 5012 Completed
21:23:38:015 5012
21:23:38:015 5012 Results:
21:23:38:015 5012 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:23:38:015 5012 File objects infected / cured / cured on reboot: 1 / 0 / 1
21:23:38:015 5012
21:23:38:031 5012 KLMD(ARK) unloaded successfully

I cant thank you enough for helping me with this. Sure hope we can somehow locate these culprits and get rid of them for good. Will check back again.

#8 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 15 June 2010 - 09:56 PM

Well since I ran TDSSKiller I was finally able to access windows update and download 12 critical updates..yipee. I called technician for my internet service provider (sympatico) and he said my outbox was corrupt. He still couldn't fix that problem but now at least I am able to reply and send emails..he said if any end up in my outbox to just drag it to drafts and then it will work. I still am not getting any sound, not sure why or what I can do to fix that problem. I am now going to do some google searches to see what happens and so far that Trojan horse Generic hasn't popped up on my screen. I will check back again to view your reply. :-)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 15 June 2010 - 09:56 PM

Ok this is clean, Do the other issues still exist.. The missing: windows root>\system32\hal.dll

Do you still have a popup issue??


EDIT: we posted at the same time
Do you use Outlook?


We could try SFC for the others.
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe

To Repair System Files


NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.

Edited by boopme, 15 June 2010 - 10:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 15 June 2010 - 11:33 PM

So far so good with NO POP UPS. I did a few google searches and didn't get re-directed which is awesome. I do use Outlook Express. Since I do not have a windows xp cd, I will not be able to repair system files but hopefully that wasn't needed as things are looking up on my end..even got some speed back because with all thats been going on, my puter was really lagging..almost felt like I had dial up instead of high speed. I have tried unplugging everything and rebooting in hopes that my sound would return but it hasn't. My speakers are definantly working, green light is on and before I had problems, it was working just fine. I checked my sound card according to instructions for C-Media AC907 Audio Device and everything I have checked says hardware is working but it really isn't. I'm at a loss as what I can do to bring my sound back..can you possibly help me on that since you've done such an excellent job so far with my other issues. I CANT run System File Checker sfc /scannow because I dont have an XP CD.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 15 June 2010 - 11:49 PM

Ok you should ask about the sound in AUdio. Just check ... right click the Volume icon and make sure the Mute boxes are unchecked.
Missing or lost sound in Windows

There was a way to reset Outlook I saw it the other ady... I'll have totry to find it..


Now on here do this ,It will also free up some space.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 16 June 2010 - 01:42 PM

Hi boopme..I made a hugeeeeeeeee mistake. I had already created a restore point and did all the audio checks to no avail so stupid me did a search on google for how to restore missing system tray and was told to go into the registry editor and change name and value...then it happened. Got the blue screen...would not go past welcome screen, safe mode could not be accessed. Ended up having to call a computer guy to reinstall and back up my files. He will be here tonight at 7pm and should get it back sometime tomorrow afternoon. I am currently using my brother in laws laptop. Just wanted you to know so you wouldn't think Ive ditched or ignored you. Thanks again for all your help.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 16 June 2010 - 02:13 PM

Ok, thanks for telling me. Sorry for the bad ews... So in the furure..First you MUST BACK UP the registry. Whenever a step step involves making changes in the registry. Always back up your registry before making any changes.

Go to Start Run and type: regedit
Click OK.
On the left side, click to highlight My Computer at the top.
Go up to File Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click save and then go to File Exit.

Or you can download and use ERUNT which is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 cherdon

cherdon
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 16 June 2010 - 10:10 PM

Thanks boopme for the heads up. I had heard it said before about backing up the registry but never quite knew how to do so and I also figured what good would it do if ones computer ended up crashing...my question to you is, with the situation I was in with my puter where I couldn't go into safe mode or do anything how would backing up the registry have made a difference and how does one get to the backup. I would love to know this so I can do so to save myself grief in the future. I'm embarrassed by how stupid this must sound to you and everyone else here.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:33 AM

Posted 16 June 2010 - 10:42 PM

Hello, there are ways into an unbootable PC .. an example..
http://www.bleepingcomputer.com/forums/t/321246/used-combofix-pc-seriously-messed-up-now/

we can make rescue disks etc... Once in we can access.. Now if it wasn't that bad just say not working proper you could go in yourself and restore the ReG and booted normally.

You can also back up to a USB or a CD for another copy.
In the 1st backup methd you only neede to go to C:\RegBackup.
and opened th file.

ERUNT ,,, here's a better tutorial, I stole from our extremboy.
Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

How to Restore from the ERUNT Backup

Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.


To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.




Another option Avira AntiVir Rescue System

Hope this helped

Edited by boopme, 17 June 2010 - 06:43 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users