Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rundll32.exe and Explorer.exe errors


  • This topic is locked This topic is locked
14 replies to this topic

#1 Geegal

Geegal

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 31 July 2010 - 09:23 AM

Every time i login i get error on startup. The error is Microsoft Visual Runtime Library Error and it says that rundll32.exe has requested runtime to terminate it in unusual way

when i right click on empty desktop, i get same error for Explorer.exe and right click on empty desktop does not work.

I have been reading lots of forums and i tried lots of things mentioned to previous victims of this error. I tried SuperBot Anit Spyware, Malwarebytes, Litter Registry Cleaner, AVG Free Root kit remover

I cant fix this problem yet. Here is my HijackThis log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:23 AM, on 7/31/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_...d2-41fde8d1391d
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

--
End of file - 4229 bytes

Edited by hamluis, 31 July 2010 - 12:13 PM.
Moved from XP to Malware Removal Logs forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 08 August 2010 - 11:29 AM

Hi Geegal
Not so sure this is virus related, what makes you think it might be?

This can happen if you downloaded a program that is not compatable with Vista.
What was the last downloads programs you did?

Lets see a uninstall list.

To get an Uninstall List from HijackThis:
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 11 August 2010 - 10:02 AM

Hi
If you still require help. please respond to this thread or it will be closed in 48 hours.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 Geegal

Geegal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 August 2010 - 09:50 PM

Hi Marantha,

Thanks for your reply. Here is my unintall_list

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced Video FX Engine
Apache HTTP Server 2.2.11
Audacity 1.2.6
AVG Anti-Rootkit Free
AVG Free 9.0
Browser Address Error Redirector
Canon MP Navigator 3.1
Canon MP140 series
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
CGW-P3
CodeStuff Starter
Compatibility Pack for the 2007 Office system
Creative MediaSource 5
Dell Dock
Dell Getting Started Guide
Dell Mobile Broadband Card Utility
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
DING!
DirectXInstallService
DivX Converter
DivX Plus DirectShow Filters
EarthLink Setup Files
EDocs
FileZilla Client 3.1.6
Fingerprint Reader Suite 5.6
FlashDevelop 3.0.6
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.4.2
Google Talk Plugin
Google Update Helper
Guru's GRE Wordlist 0.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HUAWEI Mobile Connect
Idea Net Setter
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
Java Application Platform SDK
Java™ 6 Update 18
Java™ 6 Update 5
Java™ 6 Update 7
Junk Mail filter update
Laptop Integrated Webcam Driver (1.04.01.1011)
Lenovo 4330
LG USB Modem driver
Little Registry Cleaner
Macromedia Extension Manager
Malwarebytes' Anti-Malware
McAfee Security Scan
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Close Combat III
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mMHouse
Mozilla Firefox (3.6.7)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
MySQL Server 5.0
NetBeans IDE 6.0.1
NirSoft ShellExView
oDesk MiniCam 2.0.73
oDesk ScreenSnap 2.0.113
oDesk Share 2.0.69
oDesk Team 2.0.140
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
OutlookAddinSetup
Paragon Partition Manager 9.0 Professional
Picasa 3
Pool Sharks
PowerQuest PartitionMagic 8.0
QualXServ Service Agreement
QuickSet
ScanSoft OmniPage SE 4
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Serious Sam 2
Skype Toolbars
Skype™ Beta 5.0
SoundTap Streaming Audio Recorder
StickyPad
strt
SUPERAntiSpyware
Switch Sound File Converter
TATA Indicom Dialer
TataIndicom
TeamViewer 3
TortoiseSVN 1.4.5.10425 (32 bit)
Ultimate Extras sounds from Microsoft® Tinker™
United Football
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Vim 7.1 (self-installing)
VLC media player 0.9.4
WavePad Sound Editor
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
WinHTTrack Website Copier 3.43-9C
WinRAR archiver
WinSCP 4.1.6
Yahoo! Messenger



#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 12 August 2010 - 12:56 AM

Hi
What was the last downloads programs you did?

Lets also get a scan.

Please Run the ESET Online Scanner and post the ScanLog..
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Click on the ESET on line scanner button.
    [^] Check the “YES, I accept the Terms of Use” box. And click “Start”
    If your Pop=up blocker comes up, please allow the Add-ON
  • Be sure the option to Remove found threats is Un-checked and click Start.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log.


Thanks
maranatha

Edited by maranatha, 12 August 2010 - 12:58 AM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#6 Geegal

Geegal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 12 August 2010 - 07:59 PM

Here are the logs :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f54eeb58effda540ae4d6ff2348c1329
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-13 12:44:30
# local_time=2010-08-12 08:44:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 179190 179190 0 0
# compatibility_mode=1024 16777215 100 0 1145972 1145972 0 0
# compatibility_mode=5892 16776574 100 100 1167058 118264662 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=268344
# found=4
# cleaned=0
# scan_time=3262
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RDPCDD.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\RDPCDD.sys.vir_ Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\D\autorun.inf.vir Win32/AutoRun.Autoit.U worm 00000000000000000000000000000000 I
C:\Users\Satyarth\Desktop\autorun.ini Win32/AutoRun.Autoit.U worm 00000000000000000000000000000000 I


#7 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 12 August 2010 - 09:44 PM

Hi
OK, please answer any and all quextions asked, I need infromation so I can make the right decisions to best resolve your problem.

maranatha

Edited by maranatha, 12 August 2010 - 09:45 PM.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#8 Geegal

Geegal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 13 August 2010 - 03:59 PM

Marantha,

I have been facing the problem for over a month now. I do not exactly know what i downloaded when i started getting this problem. But i somehow suspect Adobe Flash CS4. Because first my adobe started quitting unexpectedly, then i uninstalled and reinstalled another adobe version from torrent. And i guess i have this problem from around that time. However this is not sure as i am do not remember exactly.

Further, when i right click on my empty desktop, my Windows explorer crashes. It does NOT crash when i right click inside C folder.

#9 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 13 August 2010 - 08:59 PM

Hi
OK please do this in the order given. We need to uninstall Combofix and install the new version.

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

This will uninstall ComboFix and remove the files/folders it created.
This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file. If they weren't please delete them manually.

Now please do this.


Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    [list]
  • If Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
[*]Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Now this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista and Windows 7 users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Please post the TDSSKiller log and the Combofix log.

FYI.
P2P software ( Limewire, BitTorrent, uTorrent, Vuse etc… )
We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file sharing as a major conduit to spread their wares and their infections. See here and here

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall any P2P programs you have on your system,

Thanks
maranatha


Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#10 Geegal

Geegal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 14 August 2010 - 05:01 PM

When i run ComboFix /Uninstall

I get an error that Windows cant find ComboFix please make sure you typed the name correctly :-(



#11 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 14 August 2010 - 09:35 PM

Hi
OK please delete them manually, then proceed.

maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#12 Geegal

Geegal
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 15 August 2010 - 11:40 AM

I did,

Here are the logs for TDSKiller. When i run ComboFix it never finishes, i have to reboot my system. I tried a couple of times and i made sure that i am running it as admin:


2010/08/14 19:17:58.0128 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/14 19:17:58.0128 ================================================================================
2010/08/14 19:17:58.0128 SystemInfo:
2010/08/14 19:17:58.0128
2010/08/14 19:17:58.0128 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/14 19:17:58.0128 Product type: Workstation
2010/08/14 19:17:58.0128 ComputerName: SATYARTH-PC
2010/08/14 19:17:58.0128 UserName: Satyarth
2010/08/14 19:17:58.0128 Windows directory: C:\Windows
2010/08/14 19:17:58.0128 System windows directory: C:\Windows
2010/08/14 19:17:58.0128 Processor architecture: Intel x86
2010/08/14 19:17:58.0128 Number of processors: 2
2010/08/14 19:17:58.0128 Page size: 0x1000
2010/08/14 19:17:58.0128 Boot type: Normal boot
2010/08/14 19:17:58.0128 ================================================================================
2010/08/14 19:18:12.0706 Initialize success
2010/08/14 19:18:16.0078 ================================================================================
2010/08/14 19:18:16.0078 Scan started
2010/08/14 19:18:16.0078 Mode: Manual;
2010/08/14 19:18:16.0078 ================================================================================
2010/08/14 19:18:18.0601 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/14 19:18:18.0705 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/14 19:18:18.0733 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/14 19:18:18.0770 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/14 19:18:18.0800 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/14 19:18:18.0895 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/14 19:18:18.0950 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/14 19:18:19.0016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/14 19:18:19.0055 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/14 19:18:19.0088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/14 19:18:19.0117 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/14 19:18:19.0142 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/14 19:18:19.0166 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/14 19:18:19.0221 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/08/14 19:18:19.0293 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/14 19:18:19.0322 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/14 19:18:19.0372 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/14 19:18:19.0413 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2010/08/14 19:18:19.0506 AVerBDA6x (53353c02e973f8889aa2e7239418a447) C:\Windows\system32\DRIVERS\AVerBDA716x.sys
2010/08/14 19:18:19.0577 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
2010/08/14 19:18:19.0658 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
2010/08/14 19:18:19.0748 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/08/14 19:18:19.0808 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/08/14 19:18:19.0834 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/08/14 19:18:19.0887 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/14 19:18:19.0943 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/14 19:18:19.0969 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/14 19:18:19.0991 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/14 19:18:20.0016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/14 19:18:20.0071 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/14 19:18:20.0174 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/14 19:18:20.0198 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/14 19:18:20.0221 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/14 19:18:20.0282 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/14 19:18:20.0332 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/14 19:18:20.0373 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/14 19:18:20.0412 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys
2010/08/14 19:18:20.0432 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/14 19:18:20.0488 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2010/08/14 19:18:20.0520 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2010/08/14 19:18:20.0575 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/08/14 19:18:20.0854 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/14 19:18:20.0932 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/14 19:18:20.0971 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/14 19:18:21.0010 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/08/14 19:18:21.0066 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/14 19:18:21.0099 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/14 19:18:21.0129 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/14 19:18:21.0167 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/14 19:18:21.0216 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/14 19:18:21.0284 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2010/08/14 19:18:21.0329 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/14 19:18:21.0404 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/14 19:18:21.0490 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/14 19:18:21.0533 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/14 19:18:21.0598 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/08/14 19:18:21.0659 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/14 19:18:21.0763 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/14 19:18:21.0819 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/14 19:18:21.0864 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/14 19:18:21.0930 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/14 19:18:21.0966 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/14 19:18:22.0001 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/14 19:18:22.0072 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/14 19:18:22.0109 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/14 19:18:22.0172 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/14 19:18:22.0240 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/14 19:18:22.0274 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/14 19:18:22.0336 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/14 19:18:22.0367 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/14 19:18:22.0461 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/14 19:18:22.0487 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/14 19:18:22.0505 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/14 19:18:22.0561 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/14 19:18:22.0670 hotcore3 (45afa1226e57123ae68696813b1da213) C:\Windows\system32\drivers\hotcore3.sys
2010/08/14 19:18:22.0698 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/14 19:18:22.0737 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys
2010/08/14 19:18:22.0864 hwusbser (947c340b57bb7d7cf6345769044b3bbe) C:\Windows\system32\DRIVERS\ewusbser.sys
2010/08/14 19:18:22.0889 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/14 19:18:22.0939 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/14 19:18:22.0981 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
2010/08/14 19:18:23.0049 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
2010/08/14 19:18:23.0102 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/14 19:18:23.0132 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/14 19:18:23.0180 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/14 19:18:23.0204 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/14 19:18:23.0247 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/14 19:18:23.0299 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/14 19:18:23.0340 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/14 19:18:23.0371 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/14 19:18:23.0398 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/14 19:18:23.0440 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/14 19:18:23.0475 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/14 19:18:23.0502 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/14 19:18:23.0536 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/14 19:18:23.0603 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/14 19:18:23.0714 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/14 19:18:23.0779 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/14 19:18:23.0836 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/14 19:18:23.0871 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/14 19:18:23.0939 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/14 19:18:23.0970 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/14 19:18:24.0078 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/14 19:18:24.0121 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/14 19:18:24.0165 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/14 19:18:24.0193 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/14 19:18:24.0228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/14 19:18:24.0253 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/14 19:18:24.0298 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/14 19:18:24.0329 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/14 19:18:24.0356 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/14 19:18:24.0381 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/14 19:18:24.0395 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/14 19:18:24.0429 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/14 19:18:24.0467 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/14 19:18:24.0494 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/14 19:18:24.0534 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2010/08/14 19:18:24.0561 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/14 19:18:24.0602 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/14 19:18:24.0769 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/14 19:18:24.0835 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/14 19:18:24.0856 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/14 19:18:24.0876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/14 19:18:24.0912 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/14 19:18:24.0935 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/14 19:18:24.0985 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/14 19:18:25.0030 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/14 19:18:25.0075 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/14 19:18:25.0193 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2010/08/14 19:18:25.0215 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/14 19:18:25.0240 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/14 19:18:25.0294 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/14 19:18:25.0319 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/14 19:18:25.0368 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/14 19:18:25.0442 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/14 19:18:25.0573 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/08/14 19:18:25.0656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/14 19:18:25.0688 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/14 19:18:25.0727 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/14 19:18:25.0772 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/14 19:18:25.0823 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/14 19:18:25.0837 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/14 19:18:26.0027 nvlddmkm (26e48523accb361bd81cd64b14424b18) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/14 19:18:26.0166 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/14 19:18:26.0193 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/14 19:18:26.0289 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/14 19:18:26.0328 NWADI (9edf6fd48a9eb4afdf225eb9c5111df6) C:\Windows\system32\drivers\nwadienum.sys
2010/08/14 19:18:26.0359 NWDellModem (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\DRIVERS\nwdelmdm.sys
2010/08/14 19:18:26.0382 NWDellPort (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\DRIVERS\nwdelser.sys
2010/08/14 19:18:26.0412 NWDellPort2 (1a859f70728cad712f90f9953667ad7f) C:\Windows\system32\drivers\nwdelser2.sys
2010/08/14 19:18:26.0486 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2010/08/14 19:18:26.0504 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2010/08/14 19:18:26.0557 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/14 19:18:26.0626 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/14 19:18:26.0689 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/14 19:18:26.0720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/14 19:18:26.0756 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2010/08/14 19:18:26.0816 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/14 19:18:26.0854 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/08/14 19:18:26.0879 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/08/14 19:18:26.0941 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/14 19:18:26.0999 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/14 19:18:27.0068 PQNTDrv (4228630829c0e521c43d882a00533374) C:\Windows\system32\drivers\PQNTDrv.sys
2010/08/14 19:18:27.0090 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/14 19:18:27.0148 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/14 19:18:27.0197 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/14 19:18:27.0258 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/14 19:18:27.0309 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/14 19:18:27.0337 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/14 19:18:27.0424 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/08/14 19:18:27.0499 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/14 19:18:27.0527 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/14 19:18:27.0555 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/14 19:18:27.0576 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/14 19:18:27.0648 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/14 19:18:27.0690 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/14 19:18:27.0721 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/08/14 19:18:27.0752 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/14 19:18:27.0789 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/14 19:18:27.0852 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/14 19:18:27.0907 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/08/14 19:18:27.0930 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/08/14 19:18:27.0955 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/08/14 19:18:27.0986 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/14 19:18:28.0097 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/14 19:18:28.0164 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/14 19:18:28.0200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/14 19:18:28.0227 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/14 19:18:28.0255 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/14 19:18:28.0278 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/14 19:18:28.0313 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/14 19:18:28.0331 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/14 19:18:28.0357 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/14 19:18:28.0382 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/14 19:18:28.0407 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/14 19:18:28.0430 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/14 19:18:28.0454 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/14 19:18:28.0493 sit_bus (fe6d65b9f395ce4244a0b5a9e42ca08d) C:\Windows\system32\Drivers\sit_bus.sys
2010/08/14 19:18:28.0558 sit_flt (2d09aebd20d42a61734bd7e14e655616) C:\Windows\system32\DRIVERS\sit_flt.sys
2010/08/14 19:18:28.0583 sit_mdm (3a6503cb63f02f817515bcee4b589f76) C:\Windows\system32\Drivers\sit_mdm.sys
2010/08/14 19:18:28.0645 sit_prt (e3229c409b0e65247de3e1b437b90d33) C:\Windows\system32\Drivers\sit_prt.sys
2010/08/14 19:18:28.0700 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/14 19:18:28.0736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/14 19:18:28.0819 srv (9a0163e7fbe59da0591bb1ad77d92e63) C:\Windows\system32\DRIVERS\srv.sys
2010/08/14 19:18:28.0874 srv2 (c7da26d2c7d480b1dd38ca19cc90b821) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/14 19:18:28.0919 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/14 19:18:28.0997 stdriver (aff9b72822e0f17a6889b386d05e569a) C:\Windows\system32\DRIVERS\stdriver32.sys
2010/08/14 19:18:29.0030 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2010/08/14 19:18:29.0063 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/14 19:18:29.0096 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/14 19:18:29.0128 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/14 19:18:29.0153 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/14 19:18:29.0220 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/08/14 19:18:29.0279 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/14 19:18:29.0302 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/14 19:18:29.0360 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
2010/08/14 19:18:29.0386 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/14 19:18:29.0411 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/14 19:18:29.0473 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/14 19:18:29.0554 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/14 19:18:29.0632 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/14 19:18:29.0681 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/14 19:18:29.0716 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/14 19:18:29.0740 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/14 19:18:29.0766 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/14 19:18:29.0814 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/14 19:18:29.0845 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/14 19:18:29.0875 UlSata (185836fbfa5c229a943fe9d4354a1c23) C:\Windows\system32\drivers\ulsata.sys
2010/08/14 19:18:29.0898 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/14 19:18:29.0930 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/14 19:18:30.0019 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2010/08/14 19:18:30.0057 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
2010/08/14 19:18:30.0095 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/14 19:18:30.0120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/14 19:18:30.0160 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2010/08/14 19:18:30.0220 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/14 19:18:30.0258 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/14 19:18:30.0286 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2010/08/14 19:18:30.0311 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/14 19:18:30.0363 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/14 19:18:30.0437 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/14 19:18:30.0477 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/14 19:18:30.0504 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/14 19:18:30.0551 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/14 19:18:30.0666 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/14 19:18:30.0701 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/14 19:18:30.0723 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/14 19:18:30.0746 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/14 19:18:30.0788 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/14 19:18:30.0846 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/14 19:18:30.0930 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/14 19:18:30.0987 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/14 19:18:31.0022 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/14 19:18:31.0071 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/14 19:18:31.0122 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/14 19:18:31.0146 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/14 19:18:31.0205 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/14 19:18:31.0291 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/14 19:18:31.0367 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/14 19:18:31.0451 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/14 19:18:31.0479 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/14 19:18:31.0557 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/14 19:18:31.0610 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/08/14 19:18:31.0736 {2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\Dell\MediaDirect\000.fcl
2010/08/14 19:18:31.0786 ================================================================================
2010/08/14 19:18:31.0786 Scan finished
2010/08/14 19:18:31.0786 ================================================================================
2010/08/14 19:18:38.0094 Deinitialize success


#13 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 15 August 2010 - 08:48 PM

Hi
OK please delete the combofix you have

Now follow these instructions to download it.

Download ComboFix from Here

Before saving it rename it to Mobofix.com then download it to your Desktop.

Please run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click Mobofcix.exe and follow the prompts.
  • Vista/Windows7 users right click Mobofcix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Note - It's recommended to disable realtime protection applications, such as your antivirus program, while running ComboFix. They can sometimes interfere with the tool. Check this link for your applicable programs.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#14 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 24 August 2010 - 10:14 PM

Hi
If you still require help. please respond to this thread or it will be closed in 48 hours.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#15 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:08:45 PM

Posted 28 August 2010 - 10:30 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users