Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet redirect problem in Internet Explorer & Safari !


  • Please log in to reply
9 replies to this topic

#1 happyseany

happyseany

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 June 2010 - 11:26 AM

Had the AV Security Suite virus and tried to remove it using Malwarebytes, AVG (Free Version) and Ad-Aware. Things seemed good because I was able to connect to the internet again and didn't have the annoying pop-ups associated with this virus but obviously all wasn't that good after all.

Whether I use Internet Explorer (8.0) or Safari to browse.. if I tried to click on recommended links in the search results it would redirect me in both browsers. Very annoying. Also.. if I clicked on a link thru an email in my Outlook Express - it would not open.

Then Internet Explorer wouldn't open anymore either!!! So I'm done trying to fix this. I need the pros at Bleeping Computer now more than ever...

Obviously I've heard about Combofix but have not run because of recommendations not to do so without supervision.

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 arknaz

arknaz

  • Members
  • 476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 30 June 2010 - 11:41 AM

I had a guy come to me with that virus the other day. I wasnt able to even boot up or load/update MBam as it wasnt allowing it to connect to the servers (so it was worthless for now). I eventually had to boot into an UBCD, ran Superantispyware which found about 65 entries. I then rebooted and tried safemode which worked. I was able to scan with Mbam (and update it) which found the files associated with AV security suite and the problem was all gone.

So I guess I would suggest running SAS and see if that finds anything, if anyone else has better advice feel free to correct me, thats just what I used to get rid of it.

Hope you get rid of it, its an annoying one (not as annoying as Virus:Win32/Alureon.H which another guy got..that was nasty)

-Scott
Samsung Chromebook +
  • Intel i5-2500K 3.3Ghz - Replaced with I7 3770k 3.5Ghz
  • 80G SSD, 640G/1TB/3TB Sata  
  • Palit GTX560 TI 2GB 
  • 16g G.Skill Sniper DDR3

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:42 AM

Posted 30 June 2010 - 11:56 AM

Have you tried from Safe Mode with Networking to run RKil,MBAM and SAS..??
How to remove AV Security Suite (Uninstall Guide)


Post the logs here when completed.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 happyseany

happyseany
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 June 2010 - 12:13 PM

Thanks..

Gonna try the SAS now...

I'll post an update..

#5 happyseany

happyseany
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 June 2010 - 09:42 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Hi boopme,

Here the report generated by SAS....

I'm standing by.

Thanks!
______________________________________________________________________________



Generated 06/30/2010 at 10:18 PM

Application Version : 4.39.1002

Core Rules Database Version : 5141
Trace Rules Database Version: 2953

Scan type : Complete Scan
Total Scan Time : 02:52:27

Memory items scanned : 303
Memory threats detected : 0
Registry items scanned : 7610
Registry threats detected : 24
File items scanned : 114821
File threats detected : 151

Trojan.Agent/Gen-Rootkit[Stealth]
HKLM\System\ControlSet001\Services\J87p5qa
C:\WINDOWS\SYSTEM32\DRIVERS\J87P5QA.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_J87p5qa
HKLM\System\ControlSet003\Services\J87p5qa
HKLM\System\ControlSet003\Enum\Root\LEGACY_J87p5qa
HKLM\System\CurrentControlSet\Services\J87p5qa
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_J87p5qa

Adware.Tracking Cookie
c:\documents and settings\sean sherman\cookies\sean_sherman@2o7[1].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@ads.m4internet[2].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@zedo[2].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@linksynergy.walmart[2].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@revsci[2].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@interclick[2].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@doubleclick[4].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@ad.yieldmanager[3].txt
c:\documents and settings\sean sherman\cookies\sean_sherman@trafficmp[2].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@ad.wsod[2].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@adinterax[1].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@bet.burstnet[1].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@content.yieldmanager[2].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@content.yieldmanager[3].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@dmtracker[1].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@media6degrees[2].txt
C:\Documents and Settings\Lisanne\Cookies\lisanne@specificmedia[1].txt
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VKVLGX6K ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VKVLGX6K ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VKVLGX6K ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\VKVLGX6K ]
C:\Documents and Settings\LocalService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adcloudmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@clickpayz9.91469.blueseek[1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@interclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\LocalService\Cookies\system@specificmedia[1].txt
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
media-glam.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
media.entertonement.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
service.twistage.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\X4E742E5 ]
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn4.specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@exoclick.40531.blueseek[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@exoclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tracking.admarketplace[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.titusmedia[1].txt
acvs.mediaonenetwork.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
bc.youporn.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
broadcast.piximedia.fr [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
cdn-www.pornhub.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
cdn4.specificclick.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
content.oddcast.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
core.insightexpressai.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
embed.pornrabbit.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
ia.media-imdb.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
interclick.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
m1.2mdn.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
macromedia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media-vs.pictela.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.miamiherald.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.mtvnservices.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.nbcmiami.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.nbcphiladelphia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.resulthost.org [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.scanscout.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.scrippsnewspapers.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.socialvibe.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.tattomedia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.thewb.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media.wwltv.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
media1.break.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
msnbcmedia.msn.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
naiadsystems.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
objects.tremormedia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
parksandresorts.wdpromedia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
speed.pointroll.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
static.2mdn.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
static.youporn.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
udn.specificclick.net [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
videomedia.ign.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
vidii.hardsextube.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
wdw2.wdpromedia.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
www.crackle.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
www.pornhost.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
www.pornhub.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
www.pornotube.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
wwwstatic.megaporn.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
xxxbunker.com [ C:\Documents and Settings\Sean Sherman\Application Data\Macromedia\Flash Player\#SharedObjects\X6WEPB74 ]
C:\Documents and Settings\Sean Sherman\Cookies\sean_sherman@ad.yieldmanager[2].txt
C:\Documents and Settings\Sean Sherman\Cookies\sean_sherman@doubleclick[1].txt
C:\Documents and Settings\Sean Sherman\Cookies\sean_sherman@doubleclick[2].txt
C:\Documents and Settings\Sean Sherman\Cookies\sean_sherman@interclick[1].txt
C:\Documents and Settings\Sean Sherman\Cookies\sean_sherman@trafficmp[1].txt
C:\Documents and Settings\Sean Sherman\Cookies\sean_sherman@zedo[1].txt

Trojan.Agent/Gen-SOPIDKC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPIDKC\0000#DeviceDesc

Trojan.Agent/Gen-MSNCache
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSNCACHE\0000#DeviceDesc

Adware.Flash Tracking Cookie
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\BANNERFARM.ACE.ADVERTISING.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\BC.YOUPORN.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\EMBED.PORNRABBIT.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\STATIC.YOUPORN.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\WWW.PORNHOST.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\WWW.PORNOTUBE.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\WWWSTATIC.MEGAPORN.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\ACVS.MEDIAONENETWORK.NET
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\BROADCAST.PIXIMEDIA.FR
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\IA.MEDIA-IMDB.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA.RESULTHOST.ORG
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA.SCANSCOUT.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA.SOCIALVIBE.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA.WWLTV.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MEDIA1.BREAK.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\MSNBCMEDIA.MSN.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\PARKSANDRESORTS.WDPROMEDIA.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\VIDEOMEDIA.IGN.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\WDW1.WDPROMEDIA.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\WDW2.WDPROMEDIA.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\INTERCLICK.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\WWW.CRACKLE.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\NAIADSYSTEMS.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\M1.2MDN.NET
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\SECURE-US.IMRWORLDWIDE.COM
C:\Documents and Settings\Sean Sherman\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\X6WEPB74\CONTENT.ODDCAST.COM

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:42 AM

Posted 30 June 2010 - 09:54 PM

Hi, a healthy removal there.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 happyseany

happyseany
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 June 2010 - 11:17 PM

Hey boopme...

Firstly..thanks so much for your time. I appreciate it greatly. Just want to note that when I run "msconfig" in Windows "Run" window and click on the "Startup" tab I notice a process running called "ucoxijumafu" & "ctfmon". Even when I disable them on "Startup" they become checked off (enabled) when I restart my computer. Just wanted to note that...

Here's my Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4262

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2010 12:00:45 AM
mbam-log-2010-07-01 (00-00-45).txt

Scan type: Quick scan
Objects scanned: 152300
Time elapsed: 15 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 happyseany

happyseany
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 June 2010 - 11:39 PM

Hi again boopme....

I ran TDSS twice.. this is the first log from the first time I ran it. I ran it twice because it ran itself before I could enter that command into the "run" area. I hope that wasn't a problem.

TDSS Log:



00:23:32:234 2696 TDSS rootkit removing tool 2.3.2.1 Jun 30 2010 09:28:26
00:23:32:234 2696 ================================================================================
00:23:32:234 2696 SystemInfo:

00:23:32:234 2696 OS Version: 5.1.2600 ServicePack: 3.0
00:23:32:234 2696 Product type: Workstation
00:23:32:234 2696 ComputerName: SEANMINI
00:23:32:234 2696 UserName: Sean Sherman
00:23:32:234 2696 Windows directory: C:\WINDOWS
00:23:32:234 2696 System windows directory: C:\WINDOWS
00:23:32:234 2696 Processor architecture: Intel x86
00:23:32:234 2696 Number of processors: 2
00:23:32:234 2696 Page size: 0x1000
00:23:32:234 2696 Boot type: Normal boot
00:23:32:234 2696 ================================================================================
00:23:32:562 2696 Initialize success
00:23:32:562 2696
00:23:32:562 2696 Scanning Services ...
00:23:33:234 2696 Raw services enum returned 357 services
00:23:33:250 2696
00:23:33:250 2696 Scanning Drivers ...
00:23:35:609 2696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:23:35:656 2696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:23:35:718 2696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:23:35:781 2696 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
00:23:35:937 2696 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
00:23:36:000 2696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:23:36:046 2696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:23:36:109 2696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:23:36:140 2696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:23:36:171 2696 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
00:23:36:218 2696 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
00:23:36:265 2696 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
00:23:36:328 2696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:23:36:390 2696 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
00:23:36:437 2696 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
00:23:36:515 2696 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:23:36:562 2696 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
00:23:36:593 2696 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
00:23:36:625 2696 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
00:23:36:656 2696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:23:36:687 2696 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:23:36:718 2696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:23:36:765 2696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:23:36:796 2696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:23:36:843 2696 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:23:36:875 2696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:23:36:906 2696 Disk (32e692e3e5c1aea099db8d7757fb75dd) C:\WINDOWS\system32\DRIVERS\disk.sys
00:23:36:906 2696 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: 32e692e3e5c1aea099db8d7757fb75dd, Fake md5: 044452051f3e02e7963599fc8f4f3e25
00:23:36:906 2696 File "C:\WINDOWS\system32\DRIVERS\disk.sys" infected by TDSS rootkit ... 00:23:37:968 2696 Backup copy found, using it..
00:23:37:968 2696 will be cured on next reboot
00:23:38:140 2696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:23:38:171 2696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:23:38:203 2696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:23:38:234 2696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:23:38:265 2696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:23:38:312 2696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:23:38:359 2696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:23:38:375 2696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:23:38:390 2696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:23:38:421 2696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:23:38:437 2696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:23:38:484 2696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:23:38:515 2696 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:23:38:546 2696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:23:38:578 2696 hcw72ADFilter (856a27fd46cac23fb48eac03ac8573eb) C:\WINDOWS\system32\DRIVERS\hcw72ADFilter.sys
00:23:38:671 2696 hcw72ATV (19172c17e19e65f485ff22bd4d7d2351) C:\WINDOWS\system32\DRIVERS\hcw72ATV.sys
00:23:38:781 2696 hcw72DTV (574c18496b9da37c925251daa60e3001) C:\WINDOWS\system32\DRIVERS\hcw72DTV.sys
00:23:38:843 2696 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:23:38:875 2696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:23:38:906 2696 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:23:38:953 2696 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:23:38:968 2696 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:23:39:000 2696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:23:39:078 2696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:23:39:312 2696 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:23:39:500 2696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:23:39:687 2696 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:23:39:796 2696 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:23:39:828 2696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:23:39:843 2696 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:23:39:890 2696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:23:39:906 2696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:23:39:968 2696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:23:40:015 2696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:23:40:062 2696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:23:40:125 2696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:23:40:156 2696 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
00:23:40:203 2696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:23:40:250 2696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:23:40:281 2696 Ktp (85b6d85c044e3df77e92b5a7b265008f) C:\WINDOWS\system32\DRIVERS\ETD.sys
00:23:40:359 2696 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
00:23:40:390 2696 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
00:23:40:453 2696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:23:40:484 2696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:23:40:531 2696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:23:40:562 2696 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:23:40:578 2696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:23:40:625 2696 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
00:23:40:671 2696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:23:40:734 2696 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:23:40:796 2696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:23:40:828 2696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:23:40:859 2696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:23:40:890 2696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:23:40:921 2696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:23:40:937 2696 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:23:40:968 2696 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
00:23:40:984 2696 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:23:41:031 2696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:23:41:062 2696 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:23:41:109 2696 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:23:41:140 2696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:23:41:171 2696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:23:41:281 2696 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:23:41:312 2696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:23:41:343 2696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:23:41:359 2696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:23:41:406 2696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:23:41:437 2696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:23:41:453 2696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:23:41:468 2696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:23:41:500 2696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:23:41:515 2696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:23:41:546 2696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:23:41:578 2696 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
00:23:41:640 2696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:23:41:703 2696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:23:41:734 2696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:23:41:843 2696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:23:41:859 2696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:23:41:890 2696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:23:41:953 2696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:23:41:968 2696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:23:42:000 2696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:23:42:015 2696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:23:42:093 2696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:23:42:125 2696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:23:42:171 2696 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
00:23:42:218 2696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:23:42:281 2696 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
00:23:42:375 2696 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:23:42:406 2696 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:23:42:515 2696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:23:42:531 2696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:23:42:562 2696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:23:42:609 2696 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:23:42:640 2696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:23:42:671 2696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:23:42:734 2696 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
00:23:42:781 2696 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:23:42:812 2696 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:23:42:828 2696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:23:42:906 2696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:23:42:968 2696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:23:43:078 2696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:23:43:406 2696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:23:43:468 2696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:23:43:484 2696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:23:43:828 2696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:23:44:562 2696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:23:44:671 2696 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:23:44:718 2696 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:23:44:750 2696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:23:44:781 2696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:23:44:796 2696 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:23:44:828 2696 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:23:44:859 2696 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:23:44:890 2696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:23:44:937 2696 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:23:44:968 2696 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:23:45:031 2696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:23:45:078 2696 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:23:45:125 2696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:23:45:187 2696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:23:45:234 2696 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:23:45:265 2696 Wpsnuio (904571ee28f8f7d98b3ef1635a77c6d4) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
00:23:45:296 2696 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:23:45:328 2696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:23:45:343 2696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:23:45:359 2696 Reboot required for cure complete..
00:23:45:953 2696 Cure on reboot scheduled successfully
00:23:45:953 2696
00:23:45:953 2696 Completed
00:23:45:953 2696
00:23:45:953 2696 Results:
00:23:45:953 2696 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:23:45:953 2696 File objects infected / cured / cured on reboot: 1 / 0 / 1
00:23:45:953 2696
00:23:45:968 2696 KLMD(ARK) unloaded successfully

#9 happyseany

happyseany
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 30 June 2010 - 11:42 PM

And here's the second log........ after I entered your command in the "run" area first....

TDSS Log:


00:34:26:187 0560 TDSS rootkit removing tool 2.3.2.1 Jun 30 2010 09:28:26
00:34:26:187 0560 ================================================================================
00:34:26:187 0560 SystemInfo:

00:34:26:187 0560 OS Version: 5.1.2600 ServicePack: 3.0
00:34:26:187 0560 Product type: Workstation
00:34:26:187 0560 ComputerName: SEANMINI
00:34:26:187 0560 UserName: Sean Sherman
00:34:26:187 0560 Windows directory: C:\WINDOWS
00:34:26:187 0560 System windows directory: C:\WINDOWS
00:34:26:187 0560 Processor architecture: Intel x86
00:34:26:187 0560 Number of processors: 2
00:34:26:187 0560 Page size: 0x1000
00:34:26:187 0560 Boot type: Normal boot
00:34:26:187 0560 ================================================================================
00:34:26:328 0560 Initialize success
00:34:26:328 0560
00:34:26:328 0560 Scanning Services ...
00:34:26:968 0560 Raw services enum returned 358 services
00:34:26:984 0560
00:34:26:984 0560 Scanning Drivers ...
00:34:27:921 0560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:34:27:953 0560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:34:27:984 0560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:34:28:031 0560 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
00:34:28:125 0560 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
00:34:28:156 0560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:34:28:203 0560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:34:28:234 0560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:34:28:265 0560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:34:28:312 0560 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\system32\Drivers\avgldx86.sys
00:34:28:390 0560 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
00:34:28:421 0560 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) C:\WINDOWS\system32\Drivers\avgtdix.sys
00:34:28:453 0560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:34:28:515 0560 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
00:34:28:593 0560 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
00:34:28:656 0560 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:34:28:703 0560 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
00:34:28:734 0560 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
00:34:28:781 0560 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
00:34:28:828 0560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:34:28:859 0560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:34:28:890 0560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:34:28:937 0560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:34:28:984 0560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:34:29:031 0560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:34:29:062 0560 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:34:29:140 0560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\drivers\tsk16.tmp
00:34:29:156 0560 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk16.tmp. md5: 044452051f3e02e7963599fc8f4f3e25
00:34:29:218 0560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:34:29:281 0560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:34:29:359 0560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:34:29:390 0560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:34:29:437 0560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:34:29:484 0560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:34:29:515 0560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:34:29:546 0560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:34:29:562 0560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:34:29:593 0560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:34:29:609 0560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:34:29:656 0560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:34:29:687 0560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:34:29:718 0560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:34:29:750 0560 hcw72ADFilter (856a27fd46cac23fb48eac03ac8573eb) C:\WINDOWS\system32\DRIVERS\hcw72ADFilter.sys
00:34:29:859 0560 hcw72ATV (19172c17e19e65f485ff22bd4d7d2351) C:\WINDOWS\system32\DRIVERS\hcw72ATV.sys
00:34:30:000 0560 hcw72DTV (574c18496b9da37c925251daa60e3001) C:\WINDOWS\system32\DRIVERS\hcw72DTV.sys
00:34:30:062 0560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:34:30:078 0560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:34:30:125 0560 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:34:30:171 0560 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:34:30:187 0560 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:34:30:218 0560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:34:30:281 0560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:34:30:515 0560 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:34:30:703 0560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:34:30:906 0560 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:34:31:015 0560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:34:31:046 0560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:34:31:062 0560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:34:31:140 0560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:34:31:156 0560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:34:31:203 0560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:34:31:250 0560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:34:31:281 0560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:34:31:312 0560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:34:31:328 0560 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
00:34:31:500 0560 klmdb (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmdb.sys
00:34:31:671 0560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:34:31:703 0560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:34:31:765 0560 Ktp (85b6d85c044e3df77e92b5a7b265008f) C:\WINDOWS\system32\DRIVERS\ETD.sys
00:34:31:812 0560 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
00:34:31:843 0560 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
00:34:31:890 0560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:34:31:921 0560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:34:31:953 0560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:34:31:984 0560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:34:32:015 0560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:34:32:046 0560 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
00:34:32:093 0560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:34:32:156 0560 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:34:32:203 0560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:34:32:234 0560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:34:32:250 0560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:34:32:265 0560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:34:32:296 0560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:34:32:328 0560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:34:32:375 0560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
00:34:32:406 0560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:34:32:453 0560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:34:32:500 0560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:34:32:515 0560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:34:32:562 0560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:34:32:609 0560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:34:32:640 0560 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
00:34:32:656 0560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:34:32:703 0560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:34:32:765 0560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:34:33:093 0560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:34:33:312 0560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:34:33:468 0560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:34:33:484 0560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:34:33:500 0560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:34:33:531 0560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:34:33:578 0560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:34:33:609 0560 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
00:34:33:640 0560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:34:33:734 0560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:34:33:765 0560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:34:33:875 0560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:34:33:890 0560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:34:33:921 0560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:34:34:031 0560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:34:34:046 0560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:34:34:078 0560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:34:34:125 0560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:34:34:156 0560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:34:34:234 0560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:34:34:281 0560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
00:34:34:343 0560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:34:34:406 0560 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
00:34:34:484 0560 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:34:34:515 0560 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:34:34:640 0560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:34:34:671 0560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:34:34:703 0560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:34:34:750 0560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:34:34:781 0560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:34:34:812 0560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:34:34:875 0560 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
00:34:34:968 0560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:34:35:015 0560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:34:35:046 0560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:34:35:093 0560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:34:35:156 0560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:34:35:203 0560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:34:35:234 0560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:34:35:265 0560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:34:35:296 0560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:34:35:343 0560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:34:35:390 0560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:34:35:453 0560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:34:35:500 0560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:34:35:546 0560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:34:35:625 0560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:34:35:640 0560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:34:35:671 0560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:34:35:703 0560 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:34:35:734 0560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:34:35:796 0560 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:34:35:828 0560 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
00:34:35:859 0560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:34:35:906 0560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:34:35:953 0560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:34:36:015 0560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:34:36:078 0560 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:34:36:109 0560 Wpsnuio (904571ee28f8f7d98b3ef1635a77c6d4) C:\WINDOWS\system32\DRIVERS\wpsnuio.sys
00:34:36:187 0560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:34:36:218 0560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:34:36:234 0560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:34:36:250 0560
00:34:36:250 0560 Completed
00:34:36:250 0560
00:34:36:250 0560 Results:
00:34:36:250 0560 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:34:36:250 0560 File objects infected / cured / cured on reboot: 0 / 0 / 0
00:34:36:250 0560
00:34:36:250 0560 KLMD(ARK) unloaded successfully

#10 happyseany

happyseany
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 01 July 2010 - 12:23 AM

Hi boopme..

No more redirects!! I still can only use Safari to browse though. Internet Explorer still won't respond and locks up.

Any ideas?

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users