Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redbook Antivirus 2010


  • This topic is locked This topic is locked
29 replies to this topic

#1 gzm

gzm

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 28 November 2010 - 06:00 AM

I use ESET to check my computer only to find out that I have been infected with 130 different trojans and worms.
ESET clean all of the virus etc. with the exception of redbook.sys antivirus 2010.
I proceed to use different programs to remove it. Non of the programs will run. They will stop working!
I do appreciate any help
Thanks

This is the TDSSKiller report!


2010/11/28 18:01:22.0485 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31
2010/11/28 18:01:22.0485 ================================================================================
2010/11/28 18:01:22.0485 SystemInfo:
2010/11/28 18:01:22.0485
2010/11/28 18:01:22.0485 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/28 18:01:22.0485 Product type: Workstation
2010/11/28 18:01:22.0485 ComputerName: CX130109
2010/11/28 18:01:22.0485 UserName: user
2010/11/28 18:01:22.0485 Windows directory: C:\WINDOWS
2010/11/28 18:01:22.0485 System windows directory: C:\WINDOWS
2010/11/28 18:01:22.0485 Processor architecture: Intel x86
2010/11/28 18:01:22.0485 Number of processors: 1
2010/11/28 18:01:22.0485 Page size: 0x1000
2010/11/28 18:01:22.0485 Boot type: Normal boot
2010/11/28 18:01:22.0485 ================================================================================
2010/11/28 18:01:23.0006 Initialize success
2010/11/28 18:01:30.0837 ================================================================================
2010/11/28 18:01:30.0837 Scan started
2010/11/28 18:01:30.0837 Mode: Manual;
2010/11/28 18:01:30.0837 ================================================================================
2010/11/28 18:01:31.0688 ACPI (1c3c72c504f312c19426cc7cb9ad8e98) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/28 18:01:31.0849 ACPIEC (99f9466c2611e379c88fbbfc8df89b17) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/28 18:01:32.0169 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/28 18:01:32.0379 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/28 18:01:32.0950 ALCXWDM (812a5b176ca59cc31ed9962d27240e46) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/11/28 18:01:33.0761 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/28 18:01:33.0862 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/28 18:01:34.0132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/28 18:01:34.0302 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/28 18:01:34.0442 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/28 18:01:34.0673 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/28 18:01:34.0903 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/28 18:01:35.0023 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/28 18:01:35.0163 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/28 18:01:36.0435 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/28 18:01:36.0616 dmboot (fd983f66eeb5245ef9b28ea3444b2e20) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/28 18:01:36.0766 dmio (a732fc0d3b930e2539018eb8ec9314c2) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/28 18:01:36.0926 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/28 18:01:37.0096 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/28 18:01:37.0427 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/28 18:01:37.0677 ENETHUSB (c37b713737c60fa46cf249507722d68c) C:\WINDOWS\system32\DRIVERS\enethusb.sys
2010/11/28 18:01:37.0967 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/28 18:01:38.0118 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/28 18:01:38.0298 Fips (418d3078a9b107de75c9ba9b56cba035) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/28 18:01:38.0428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/28 18:01:38.0618 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/28 18:01:38.0819 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/28 18:01:38.0999 Ftdisk (9c798fdc0d53dfba6f4c4059a11fbfe8) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/28 18:01:39.0169 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/28 18:01:39.0339 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/28 18:01:39.0710 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/28 18:01:40.0211 i8042prt (f8d6633482e0bd81766c74441b134fdf) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/28 18:01:40.0922 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/28 18:01:41.0432 intelppm (bb055e429e9f54aa3fba2dd33beb0935) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/28 18:01:41.0553 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/28 18:01:41.0733 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/28 18:01:41.0913 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/28 18:01:42.0073 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/28 18:01:42.0204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/28 18:01:42.0324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/28 18:01:42.0464 isapnp (d3715a2dba29215be59dcfc11294d493) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/28 18:01:42.0584 Kbdclass (af1fd8035b4a34eaf25f8bb1cd3c95ff) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/28 18:01:42.0704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/28 18:01:42.0865 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/28 18:01:43.0355 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/28 18:01:43.0546 Modem (4c84460a6bc9a5bf60555c04be55792e) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/28 18:01:43.0676 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/28 18:01:43.0826 Mouclass (6be02786a7c13cceae728298effa0730) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/28 18:01:43.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/28 18:01:44.0116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/28 18:01:44.0297 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/28 18:01:44.0557 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/28 18:01:44.0707 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/28 18:01:44.0827 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/28 18:01:44.0948 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/28 18:01:45.0108 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/28 18:01:45.0248 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2010/11/28 18:01:45.0478 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2010/11/28 18:01:45.0679 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/28 18:01:45.0829 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/28 18:01:45.0969 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/28 18:01:46.0089 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/28 18:01:46.0209 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/28 18:01:46.0350 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/28 18:01:46.0470 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/28 18:01:46.0600 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/28 18:01:46.0900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/28 18:01:47.0051 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/28 18:01:47.0271 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/11/28 18:01:47.0391 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/28 18:01:47.0601 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/28 18:01:47.0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/28 18:01:47.0912 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/28 18:01:48.0202 Parport (3d383486b2d3b97cd44334a406ae3418) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/28 18:01:48.0332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/28 18:01:48.0473 ParVdm (cbc2a624a1dac81bd1a2932985a8955f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/28 18:01:48.0633 PCI (dcb32b61125e35af33cb8cd54a1e7737) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/28 18:01:48.0953 Pcmcia (1e052d2d5a43c0d097fd96b1490d6083) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/28 18:01:49.0855 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/28 18:01:49.0995 Processor (b7f6b49187ea0254076bbbeef59e200b) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/28 18:01:50.0145 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/28 18:01:50.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/28 18:01:50.0435 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/28 18:01:51.0056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/28 18:01:51.0257 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/28 18:01:51.0457 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/28 18:01:51.0597 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/28 18:01:51.0747 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/28 18:01:51.0918 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/28 18:01:52.0108 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/28 18:01:52.0258 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/28 18:01:52.0478 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2010/11/28 18:01:52.0629 redbook (528d533566b76023467a633ca35830d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/28 18:01:52.0949 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/28 18:01:53.0069 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys
2010/11/28 18:01:53.0239 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
2010/11/28 18:01:53.0390 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys
2010/11/28 18:01:53.0580 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
2010/11/28 18:01:53.0700 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\WINDOWS\system32\DRIVERS\s117nd5.sys
2010/11/28 18:01:53.0860 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\WINDOWS\system32\DRIVERS\s117obex.sys
2010/11/28 18:01:54.0001 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\WINDOWS\system32\DRIVERS\s117unic.sys
2010/11/28 18:01:54.0231 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/28 18:01:54.0361 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/11/28 18:01:54.0551 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/28 18:01:54.0641 Serial (ad994a88bbfa3c686397951b11a701a5) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/28 18:01:54.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/28 18:01:55.0122 Slnt7554 (d9673011648a71ed1e1f77b831bc85e6) C:\WINDOWS\system32\DRIVERS\slnt7554.sys
2010/11/28 18:01:55.0252 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2010/11/28 18:01:55.0443 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2010/11/28 18:01:55.0833 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/28 18:01:55.0993 sr (a41ac0d87dc3054db716f1456c84391c) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/28 18:01:56.0144 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/28 18:01:56.0364 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/28 18:01:56.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/28 18:01:56.0945 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/28 18:01:57.0045 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/28 18:01:57.0215 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/28 18:01:57.0365 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/28 18:01:57.0496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/28 18:01:57.0916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/28 18:01:58.0257 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/28 18:01:58.0477 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/28 18:01:58.0647 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/28 18:01:58.0797 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/28 18:01:58.0898 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/28 18:01:59.0068 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/11/28 18:01:59.0078 Suspicious service (NoAccess): vbma1aed
2010/11/28 18:01:59.0168 vbma1aed (9fc1f4efeb5db611fb99e7ea138a7481) C:\WINDOWS\system32\drivers\vbma1aed.sys
2010/11/28 18:01:59.0168 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma1aed.sys. md5: 9fc1f4efeb5db611fb99e7ea138a7481
2010/11/28 18:01:59.0228 vbma1aed - detected Locked service (1)
2010/11/28 18:01:59.0378 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/28 18:01:59.0498 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/28 18:01:59.0649 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/28 18:01:59.0869 VolSnap (3cf5dc3fdf17ae17d488d4548ac33741) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/28 18:02:00.0079 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/28 18:02:00.0330 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/28 18:02:00.0750 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/28 18:02:00.0991 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/28 18:02:01.0091 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/28 18:02:01.0531 ================================================================================
2010/11/28 18:02:01.0531 Scan finished
2010/11/28 18:02:01.0531 ================================================================================
2010/11/28 18:02:01.0621 Detected object count: 1
2010/11/28 18:02:06.0248 Locked service(vbma1aed) - User select action: Skip

This is the ESET scan report.

C:\WINDOWS\system32\drivers\redbook.sys Win32/Rootkit.Agent.NSF trojan unable to clean

Merged posts. ~ OB

Edited by Orange Blossom, 28 November 2010 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 29 November 2010 - 05:11 PM

Can someone help me out with the virus?
I appreciate your help!

Edited by gzm, 29 November 2010 - 05:11 PM.


#3 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 01 December 2010 - 11:06 AM

DDS (Ver_10-11-27.01) - NTFSx86
Run by user at 17:39:01,31 on ’œ« 01/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.511.238 [GMT 2:00]


============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [spydig.exe] c:\program files\spydig\spydig.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm022YYGR
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yd1skkwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://gr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={69579026-5ADD-C133-DCB2-E28A74E8918F}&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-12-15 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-15 27632]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\cnxetp.sys --> c:\windows\system32\drivers\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\cnxetu.sys --> c:\windows\system32\drivers\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\cnxtgnp.sys --> c:\windows\system32\drivers\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\cnxtgnw.sys --> c:\windows\system32\drivers\CnxTgNW.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00026.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00026.sys [?]
S3 ids00102;ids00102;\??\c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00102.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00102.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00118.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0014f.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0014f.sys [?]
S3 ids0015d;ids0015d;\??\c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0015d.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0015d.sys [?]
S3 ids0018a;ids0018a;\??\c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0018a.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0018a.sys [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2003-2-5 129535]

=============== Created Last 30 ================

2010-11-28 21:10:10 -------- d-----w- c:\program files\SpyDig
2010-11-28 10:08:25 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-11-28 10:08:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 18:00:19 -------- d-----w- c:\program files\ESET
2010-11-27 17:42:17 -------- d-----w- c:\windows\system32\drivers\nss\0300000.067
2010-11-27 17:42:17 -------- d-----w- c:\windows\system32\drivers\NSS
2010-11-27 17:42:17 -------- d-----w- c:\program files\Norton Security Scan
2010-11-27 17:42:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-11-27 17:41:49 -------- d-----w- c:\program files\NortonInstaller
2010-11-27 17:41:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-11-27 17:22:06 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2010-11-27 15:14:55 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-11-27 14:57:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-27 14:56:03 -------- d-----w- c:\windows\ie8updates
2010-11-27 14:54:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-27 14:54:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-27 14:54:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-27 14:51:45 -------- dc-h--w- c:\windows\ie8
2010-11-27 14:11:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-27 13:40:00 -------- d-----w- c:\program files\nobrand
2010-11-27 13:39:39 -------- d-----w- c:\windows\Downloaded Installations
2010-11-27 13:21:21 -------- d-----w- C:\9352154507fab6a6dbba645e

==================== Find3M ====================

2010-09-18 09:22:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52:55 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52:55 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52:55 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49:29 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0411N rev.TW100-07 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF7C5511B]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0xf7c58888]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8235CAB8]
3 CLASSPNP[0xF8575FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x81D36030]
\Driver\Disk[0x8223BF38] -> IRP_MJ_CREATE -> 0xF7C5511B
error: Read Δεν είναι δυνατή η εύρεση του καθορισμένου αρχείου από το σύστημα.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0411N_________________________TW100-07#30534a31314a5830383135393839202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 17:40:11,78 ===============



--------It will NOT let Gmer run and scan my pc!!!

Edited by gzm, 01 December 2010 - 11:06 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 PM

Posted 05 December 2010 - 02:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply



Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had
[/list]
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 05 December 2010 - 04:40 AM

Thank you so much for your reply.
Here is the information you requested.

Log report from DDS.

DDS (Ver_10-11-27.01) - NTFSx86
Run by user at 11:19:41,24 on ‰¬¨ 05/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.511.240 [GMT 2:00]


============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [spydig.exe] c:\program files\spydig\spydig.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm022YYGR
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\yd1skkwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://gr.yahoo.com/
FF - prefs.js: keyword.URL -

hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={69579026-5ADD-C133-DCB2-E28A74E8918F}&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc

suite\SupServ.exe [2009-12-15 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-12-15 27632]
S2 KillTheHooker;KillTheHooker;\??\c:\documents and settings\user\επιφάνεια εργασίας\tdl3 razor\tdl3

razor\tizerbruteforceex.sys --> c:\documents and settings\user\επιφάνεια εργασίας\tdl3 razor\tdl3 razor\TizerBruteForceEx.sys

[?]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\cnxetp.sys -->

c:\windows\system32\drivers\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\cnxetu.sys -->

c:\windows\system32\drivers\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\cnxtgnp.sys -->

c:\windows\system32\drivers\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\drivers\cnxtgnw.sys -->

c:\windows\system32\drivers\CnxTgNW.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-12-4 16968]
S3 ids00026;ids00026;\??\c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids00026.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids00026.sys [?]
S3 ids00102;ids00102;\??\c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids00102.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids00102.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids00118.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids0014f.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids0014f.sys [?]
S3 ids0015d;ids0015d;\??\c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids0015d.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids0015d.sys [?]
S3 ids0018a;ids0018a;\??\c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids0018a.sys --> c:\documents and settings\all users\application data\kaspersky anti-virus

personal\5.0\bases\ids0018a.sys [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2003-2-5 129535]

=============== Created Last 30 ================

2010-12-04 17:38:02 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-04 17:36:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-12-03 13:29:23 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-11-28 21:10:10 -------- d-----w- c:\program files\SpyDig
2010-11-28 10:08:25 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-11-28 10:08:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 18:00:19 -------- d-----w- c:\program files\ESET
2010-11-27 17:42:17 -------- d-----w- c:\windows\system32\drivers\nss\0300000.067
2010-11-27 17:42:17 -------- d-----w- c:\windows\system32\drivers\NSS
2010-11-27 17:42:17 -------- d-----w- c:\program files\Norton Security Scan
2010-11-27 17:42:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-11-27 17:41:49 -------- d-----w- c:\program files\NortonInstaller
2010-11-27 17:41:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-11-27 17:22:06 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2010-11-27 15:14:55 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-11-27 14:57:45 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-27 14:56:03 -------- d-----w- c:\windows\ie8updates
2010-11-27 14:54:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-27 14:54:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-27 14:54:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-27 14:51:45 -------- dc-h--w- c:\windows\ie8
2010-11-27 14:11:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-27 13:40:00 -------- d-----w- c:\program files\nobrand
2010-11-27 13:39:39 -------- d-----w- c:\windows\Downloaded Installations
2010-11-27 13:21:21 -------- d-----w- C:\9352154507fab6a6dbba645e

==================== Find3M ====================

2010-09-18 09:22:56 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52:55 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52:55 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52:55 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49:29 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0411N rev.TW100-07 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8236CAB8]
3 CLASSPNP[0xF8575FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x81D59218]
\Driver\Disk[0x8221E608] -> IRP_MJ_CREATE -> 0xF85DA11B
error: Read Δεν είναι δυνατή η εύρεση του καθορισμένου αρχείου από το σύστημα.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b;

PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 ->

\??\IDE#DiskSAMSUNG_SP0411N_________________________TW100-07#30534a31314a5830383135393839202020202020#{53f56307-b6bf-11d0-94f

2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK

============= FINISH: 11:20:06,88 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 18/3/2006 21:09:48
System Uptime: 12/5/2010 11:05:54 (4968 hours ago)

Motherboard: | | P4X266-8233
Processor: Intel® Celeron® CPU 2.40GHz | Socket 478 | 2395/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 12,493 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP462: 16/9/2010 11:31:24 - Σημείο ελέγχου συστήματος
RP463: 17/9/2010 0:08:23 - Software Distribution Service 3.0
RP464: 18/9/2010 13:30:20 - Σημείο ελέγχου συστήματος
RP465: 19/9/2010 14:35:31 - Σημείο ελέγχου συστήματος
RP466: 20/9/2010 19:56:27 - Σημείο ελέγχου συστήματος
RP467: 21/9/2010 21:04:07 - Σημείο ελέγχου συστήματος
RP468: 22/9/2010 21:44:14 - Σημείο ελέγχου συστήματος
RP469: 25/9/2010 12:25:09 - Σημείο ελέγχου συστήματος
RP470: 26/9/2010 12:43:14 - Σημείο ελέγχου συστήματος
RP471: 27/9/2010 14:22:19 - Σημείο ελέγχου συστήματος
RP472: 28/9/2010 15:14:39 - Σημείο ελέγχου συστήματος
RP473: 29/9/2010 15:43:44 - Σημείο ελέγχου συστήματος
RP474: 29/9/2010 17:17:36 - Software Distribution Service 3.0
RP475: 30/9/2010 22:06:26 - Σημείο ελέγχου συστήματος
RP476: 1/10/2010 22:41:11 - Σημείο ελέγχου συστήματος
RP477: 2/10/2010 23:18:54 - Σημείο ελέγχου συστήματος
RP478: 4/10/2010 15:28:47 - Σημείο ελέγχου συστήματος
RP479: 6/10/2010 15:46:25 - Σημείο ελέγχου συστήματος
RP480: 7/10/2010 15:55:26 - Σημείο ελέγχου συστήματος
RP481: 7/10/2010 23:33:53 - Software Distribution Service 3.0
RP482: 8/10/2010 23:09:51 - Software Distribution Service 3.0
RP483: 10/10/2010 13:39:42 - Σημείο ελέγχου συστήματος
RP484: 11/10/2010 15:11:34 - Σημείο ελέγχου συστήματος
RP485: 12/10/2010 17:43:40 - Σημείο ελέγχου συστήματος
RP486: 13/10/2010 17:57:23 - Σημείο ελέγχου συστήματος
RP487: 15/10/2010 20:41:29 - Σημείο ελέγχου συστήματος
RP488: 15/10/2010 22:57:01 - Software Distribution Service 3.0
RP489: 17/10/2010 21:06:37 - Σημείο ελέγχου συστήματος
RP490: 20/10/2010 13:45:43 - Σημείο ελέγχου συστήματος
RP491: 22/10/2010 23:03:01 - Σημείο ελέγχου συστήματος
RP492: 25/10/2010 15:20:57 - Σημείο ελέγχου συστήματος
RP493: 27/10/2010 14:54:23 - Σημείο ελέγχου συστήματος
RP494: 28/10/2010 21:32:37 - Σημείο ελέγχου συστήματος
RP495: 30/10/2010 14:41:50 - Σημείο ελέγχου συστήματος
RP496: 1/11/2010 14:28:48 - Σημείο ελέγχου συστήματος
RP497: 2/11/2010 15:30:10 - Σημείο ελέγχου συστήματος
RP498: 3/11/2010 23:21:50 - Σημείο ελέγχου συστήματος
RP499: 6/11/2010 21:18:51 - Σημείο ελέγχου συστήματος
RP500: 8/11/2010 12:26:56 - Σημείο ελέγχου συστήματος
RP501: 9/11/2010 15:06:31 - Σημείο ελέγχου συστήματος
RP502: 10/11/2010 18:56:13 - Σημείο ελέγχου συστήματος
RP503: 10/11/2010 23:43:06 - Software Distribution Service 3.0
RP504: 11/11/2010 23:19:53 - Software Distribution Service 3.0
RP505: 12/11/2010 23:23:02 - Software Distribution Service 3.0
RP506: 13/11/2010 0:30:35 - Software Distribution Service 3.0
RP507: 13/11/2010 21:05:54 - Software Distribution Service 3.0
RP508: 14/11/2010 0:39:48 - Software Distribution Service 3.0
RP509: 14/11/2010 20:21:40 - Software Distribution Service 3.0
RP510: 15/11/2010 0:42:36 - Software Distribution Service 3.0
RP511: 16/11/2010 0:54:05 - Software Distribution Service 3.0
RP512: 17/11/2010 0:51:16 - Software Distribution Service 3.0
RP513: 18/11/2010 0:28:48 - Software Distribution Service 3.0
RP514: 19/11/2010 0:14:30 - Software Distribution Service 3.0
RP515: 20/11/2010 0:08:35 - Software Distribution Service 3.0
RP516: 20/11/2010 23:52:14 - Software Distribution Service 3.0
RP517: 21/11/2010 15:46:26 - Software Distribution Service 3.0
RP518: 21/11/2010 23:48:38 - Software Distribution Service 3.0
RP519: 22/11/2010 23:51:07 - Software Distribution Service 3.0
RP520: 24/11/2010 0:02:09 - Software Distribution Service 3.0
RP521: 24/11/2010 23:10:49 - Software Distribution Service 3.0
RP522: 25/11/2010 14:32:12 - Software Distribution Service 3.0
RP523: 25/11/2010 23:30:30 - Software Distribution Service 3.0
RP524: 26/11/2010 14:11:33 - Software Distribution Service 3.0
RP525: 26/11/2010 22:11:25 - Software Distribution Service 3.0
RP526: 27/11/2010 12:45:19 - Software Distribution Service 3.0
RP527: 27/11/2010 15:21:17 - Software Distribution Service 3.0
RP528: 27/11/2010 15:39:53 - Installed USB Remote NDIS Network Device
RP529: 27/11/2010 15:53:44 - Removed Ask Toolbar.
RP530: 27/11/2010 16:11:43 - avast! Free Antivirus Setup
RP531: 27/11/2010 16:47:36 - Software Distribution Service 3.0
RP532: 27/11/2010 16:59:39 - avast! Free Antivirus Setup
RP533: 27/11/2010 18:48:27 - avast! Free Antivirus Setup
RP534: 27/11/2010 22:16:06 - avast! Free Antivirus Setup
RP535: 28/11/2010 0:10:09 - Software Distribution Service 3.0
RP536: 28/11/2010 23:12:02 - Software Distribution Service 3.0
RP537: 30/11/2010 13:49:37 - Σημείο ελέγχου συστήματος
RP538: 1/12/2010 18:47:13 - Σημείο ελέγχου συστήματος
RP539: 4/12/2010 10:54:29 - Σημείο ελέγχου συστήματος
RP540: 4/12/2010 12:09:47 - Software Distribution Service 3.0
RP541: 4/12/2010 21:19:51 - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB2183461)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB2360131)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127-v2)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB953838)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB956390)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB969897)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB972260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB974455)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB976325)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB978207)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB982381)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB2360131)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB971961)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB981332)
Ενημέρωση ασφαλείας για Windows Internet Explorer 8 (KB982381)
Ενημέρωση ασφαλείας για Windows XP (KB2079403)
Ενημέρωση ασφαλείας για Windows XP (KB2115168)
Ενημέρωση ασφαλείας για Windows XP (KB2121546)
Ενημέρωση ασφαλείας για Windows XP (KB2160329)
Ενημέρωση ασφαλείας για Windows XP (KB2229593)
Ενημέρωση ασφαλείας για Windows XP (KB2259922)
Ενημέρωση ασφαλείας για Windows XP (KB2279986)
Ενημέρωση ασφαλείας για Windows XP (KB2286198)
Ενημέρωση ασφαλείας για Windows XP (KB2296011)
Ενημέρωση ασφαλείας για Windows XP (KB2347290)
Ενημέρωση ασφαλείας για Windows XP (KB2360937)
Ενημέρωση ασφαλείας για Windows XP (KB2387149)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB938464)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951698)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB953839)
Ενημέρωση ασφαλείας για Windows XP (KB954211)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956391)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956744)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956841)
Ενημέρωση ασφαλείας για Windows XP (KB956844)
Ενημέρωση ασφαλείας για Windows XP (KB957095)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB958869)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB960859)
Ενημέρωση ασφαλείας για Windows XP (KB961371)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση ασφαλείας για Windows XP (KB961501)
Ενημέρωση ασφαλείας για Windows XP (KB968537)
Ενημέρωση ασφαλείας για Windows XP (KB969059)
Ενημέρωση ασφαλείας για Windows XP (KB969898)
Ενημέρωση ασφαλείας για Windows XP (KB969947)
Ενημέρωση ασφαλείας για Windows XP (KB970238)
Ενημέρωση ασφαλείας για Windows XP (KB970430)
Ενημέρωση ασφαλείας για Windows XP (KB971468)
Ενημέρωση ασφαλείας για Windows XP (KB971486)
Ενημέρωση ασφαλείας για Windows XP (KB971557)
Ενημέρωση ασφαλείας για Windows XP (KB971633)
Ενημέρωση ασφαλείας για Windows XP (KB971657)
Ενημέρωση ασφαλείας για Windows XP (KB971961)
Ενημέρωση ασφαλείας για Windows XP (KB972270)
Ενημέρωση ασφαλείας για Windows XP (KB973346)
Ενημέρωση ασφαλείας για Windows XP (KB973354)
Ενημέρωση ασφαλείας για Windows XP (KB973507)
Ενημέρωση ασφαλείας για Windows XP (KB973525)
Ενημέρωση ασφαλείας για Windows XP (KB973869)
Ενημέρωση ασφαλείας για Windows XP (KB973904)
Ενημέρωση ασφαλείας για Windows XP (KB974112)
Ενημέρωση ασφαλείας για Windows XP (KB974318)
Ενημέρωση ασφαλείας για Windows XP (KB974392)
Ενημέρωση ασφαλείας για Windows XP (KB974571)
Ενημέρωση ασφαλείας για Windows XP (KB975025)
Ενημέρωση ασφαλείας για Windows XP (KB975467)
Ενημέρωση ασφαλείας για Windows XP (KB975560)
Ενημέρωση ασφαλείας για Windows XP (KB975561)
Ενημέρωση ασφαλείας για Windows XP (KB975562)
Ενημέρωση ασφαλείας για Windows XP (KB975713)
Ενημέρωση ασφαλείας για Windows XP (KB977165-v2)
Ενημέρωση ασφαλείας για Windows XP (KB977816)
Ενημέρωση ασφαλείας για Windows XP (KB977914)
Ενημέρωση ασφαλείας για Windows XP (KB978037)
Ενημέρωση ασφαλείας για Windows XP (KB978251)
Ενημέρωση ασφαλείας για Windows XP (KB978262)
Ενημέρωση ασφαλείας για Windows XP (KB978338)
Ενημέρωση ασφαλείας για Windows XP (KB978542)
Ενημέρωση ασφαλείας για Windows XP (KB978601)
Ενημέρωση ασφαλείας για Windows XP (KB978706)
Ενημέρωση ασφαλείας για Windows XP (KB979309)
Ενημέρωση ασφαλείας για Windows XP (KB979482)
Ενημέρωση ασφαλείας για Windows XP (KB979559)
Ενημέρωση ασφαλείας για Windows XP (KB979683)
Ενημέρωση ασφαλείας για Windows XP (KB979687)
Ενημέρωση ασφαλείας για Windows XP (KB980195)
Ενημέρωση ασφαλείας για Windows XP (KB980218)
Ενημέρωση ασφαλείας για Windows XP (KB980232)
Ενημέρωση ασφαλείας για Windows XP (KB980436)
Ενημέρωση ασφαλείας για Windows XP (KB981322)
Ενημέρωση ασφαλείας για Windows XP (KB981349)
Ενημέρωση ασφαλείας για Windows XP (KB981852)
Ενημέρωση ασφαλείας για Windows XP (KB981957)
Ενημέρωση ασφαλείας για Windows XP (KB981997)
Ενημέρωση ασφαλείας για Windows XP (KB982132)
Ενημέρωση ασφαλείας για Windows XP (KB982214)
Ενημέρωση ασφαλείας για Windows XP (KB982665)
Ενημέρωση ασφαλείας για Windows XP (KB982802)
Ενημέρωση για Windows Internet Explorer 7 (KB976749)
Ενημέρωση για Windows Internet Explorer 7 (KB980182)
Ενημέρωση για Windows Internet Explorer 8 (KB2447568)
Ενημέρωση για Windows Internet Explorer 8 (KB976662)
Ενημέρωση για Windows XP (KB2141007)
Ενημέρωση για Windows XP (KB2345886)
Ενημέρωση για Windows XP (KB951072-v2)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955759)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB967715)
Ενημέρωση για Windows XP (KB968389)
Ενημέρωση για Windows XP (KB971737)
Ενημέρωση για Windows XP (KB973687)
Ενημέρωση για Windows XP (KB973815)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB2378111)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB954155)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB968816)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB973540)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB975558)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB978695)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB954154)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB917734)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Επείγουσα επιδιόρθωση για Windows XP (KB2158563)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Επείγουσα επιδιόρθωση για Windows XP (KB961118)
Επείγουσα επιδιόρθωση για Windows XP (KB970653-v3)
Επείγουσα επιδιόρθωση για Windows XP (KB976098-v2)
Επείγουσα επιδιόρθωση για Windows XP (KB979306)
Επείγουσα επιδιόρθωση για Windows XP (KB981793)
Επείγουσα επιδιόρθωση για το Windows Media Player 11 (KB939683)
7-Zip 4.58 beta
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe® Photoshop® Album Starter Edition 3.2
Apple Software Update
Audacity 1.2.6
Avance AC'97 Audio
Avanquest update
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Creative Modem Blaster V.92 DE5773
ESET Online Scanner v3
Google Earth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
InfraRecorder
Inkscape 0.45.1
IrfanView (remove only)
Lame ACM MP3 Codec
MediaCoder 0.6.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.15)
Nero OEM
Norton Security Scan
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Manual NW-E010 Series
PDFCreator
PowerDVD
QuickTime
Real Alternative 1.8.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Siemens Subscriber Networks SpeedStream DSL
SonicStage 4.3
Sony Ericsson Media Manager 1.0
Sony Ericsson PC Suite 6.009.00
Spelling Dictionaries Support For Adobe Reader 9
spydig
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
USB Remote NDIS Network Device
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων
Xvid 1.1.3 final uninstall
Youtube Music Downloader V2.7

==== End Of File ===========================


RKUnHooker report.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2196992 bytes (Microsoft Corporation, Σύστημα και πυρήνας NT)
0x804D7000 PnpManager 2196992 bytes
0x804D7000 RAW 2196992 bytes
0x804D7000 WMIxWDM 2196992 bytes
0xF8142000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης Multi-User Win32)
0xF83A1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF6C3E000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7ED7000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF6D23000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF5093000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF809E000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 299008 bytes (Avance Logic, Inc., Avance AC'97 Audio Driver (WDM))
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF4B37000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7FD5000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF84E5000 ACPI.sys 192512 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης ACPI για NT)
0xF513B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8374000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF4064000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF6CAE000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6CFB000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF848F000 dmio.sys 155648 bytes (Microsoft Corporation, VERITAS Software, Πρόγραμμα οδήγησης Διαχείρισης εισόδου/εξόδου δίσκου ΝΤ)
0xF6C18000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF807A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF80E7000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF810B000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6CD9000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF8457000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF84B5000 ftdisk.sys 126976 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης FT του δίσκου)
0xF835A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8477000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF8477000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF6BD8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF842E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF803E000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF4F66000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8055000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης παράλληλης θύρας)
0xF812E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806F0000 ACPI_HAL 81152 bytes
0x806F0000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF6D7C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8445000 sr.sys 73728 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης φίλτρου συστήματος αρχείων επαναφοράς συστήματος)
0xF84D4000 pci.sys 69632 bytes (Microsoft Corporation, Απαρίθμηση PCI Τοποθέτησης και άμεσης λειτουργίας των NT)
0xF8005000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8069000 C:\WINDOWS\System32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης σειριακής συσκευής)
0xF8785000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF85C5000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8685000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8625000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης του φίλτρου ήχου Redbook)
0xF5178000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8705000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8695000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης της θύρας i8042)
0xF8555000 VolSnap.sys 57344 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης σκιώδους αντιγράφου τόμου)
0xF8575000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF86A5000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF86C5000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8745000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8675000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8545000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF86B5000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8595000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF87A5000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF8535000 isapnp.sys 40960 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης του διαύλου PNP ISA)
0xF86F5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF86E5000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8565000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8565000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86D5000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8725000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF8775000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8585000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8755000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88ED000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88F5000 C:\WINDOWS\system32\DRIVERS\RNDISMP.SYS 32768 bytes (Microsoft Corporation, Remote NDIS Miniport)
0xF887D000 C:\WINDOWS\System32\Drivers\vbma1aed.SYS 32768 bytes
0xF8895000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF88A5000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης κλάσης πληκτρολογίου)
0xF892D000 C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF87B5000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF889D000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης κλάσης ποντικιού)
0xF88C5000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xF888D000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF88DD000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF88CD000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF88E5000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87BD000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF88B5000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF88BD000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF88AD000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF88FD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF832E000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF5C74000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8949000 RecAgent.sys 16384 bytes (Smart Link, )
0xF8A11000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF89F9000 C:\WINDOWS\system32\DRIVERS\usb8023.sys 16384 bytes (Microsoft Corporation, Remote NDIS USB Driver)
0xF8945000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF801E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8A15000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF8A19000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF89C9000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A79000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A3B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8A7F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A77000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A35000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A7B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8ABB000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης παράλληλης θύρας VDM)
0xF8A7D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A67000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A71000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A39000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8A37000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C67000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8BE2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B9A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0x81DF1109 unknown_irp_handler 3831 bytes
0xF85DA11B unknown_irp_handler 3813 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\vbma1aed.sys]
WARNING: Virus alike driver modification [redbook.sys]
0xF85DAE8A Unknown thread object [ ETHREAD 0x8236B020 ] TID: 120, 600 bytes

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 PM

Posted 05 December 2010 - 04:54 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 05 December 2010 - 05:18 AM

Downloaded Combofix as instructed. Closed all anti virus and malware programs. Double click on combofix. It starts for a few seconds only to shut down right after. Try several times. It will not let it run!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 PM

Posted 05 December 2010 - 10:42 PM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 06 December 2010 - 08:25 AM

This is the TDSSKiller report.

2010/12/06 15:21:31.0856 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 15:21:31.0856 ================================================================================
2010/12/06 15:21:31.0856 SystemInfo:
2010/12/06 15:21:31.0856
2010/12/06 15:21:31.0856 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/06 15:21:31.0856 Product type: Workstation
2010/12/06 15:21:31.0856 ComputerName: CX130109
2010/12/06 15:21:31.0856 UserName: user
2010/12/06 15:21:31.0856 Windows directory: C:\WINDOWS
2010/12/06 15:21:31.0856 System windows directory: C:\WINDOWS
2010/12/06 15:21:31.0856 Processor architecture: Intel x86
2010/12/06 15:21:31.0856 Number of processors: 1
2010/12/06 15:21:31.0856 Page size: 0x1000
2010/12/06 15:21:31.0856 Boot type: Normal boot
2010/12/06 15:21:31.0856 ================================================================================
2010/12/06 15:21:32.0127 Initialize success
2010/12/06 15:21:35.0932 ================================================================================
2010/12/06 15:21:35.0932 Scan started
2010/12/06 15:21:35.0932 Mode: Manual;
2010/12/06 15:21:35.0932 ================================================================================
2010/12/06 15:21:37.0544 ACPI (1c3c72c504f312c19426cc7cb9ad8e98) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/06 15:21:37.0695 ACPIEC (99f9466c2611e379c88fbbfc8df89b17) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/06 15:21:37.0955 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/06 15:21:38.0105 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/06 15:21:38.0426 ALCXWDM (812a5b176ca59cc31ed9962d27240e46) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/06 15:21:39.0197 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/06 15:21:39.0347 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/12/06 15:21:39.0567 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/06 15:21:39.0768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/06 15:21:39.0928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/06 15:21:40.0098 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/06 15:21:40.0388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/06 15:21:40.0549 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/06 15:21:40.0709 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/06 15:21:41.0931 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/06 15:21:42.0111 dmboot (fd983f66eeb5245ef9b28ea3444b2e20) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/06 15:21:42.0271 dmio (a732fc0d3b930e2539018eb8ec9314c2) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/06 15:21:42.0381 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/06 15:21:42.0522 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/06 15:21:42.0662 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/06 15:21:42.0822 ENETHUSB (c37b713737c60fa46cf249507722d68c) C:\WINDOWS\system32\DRIVERS\enethusb.sys
2010/12/06 15:21:43.0012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/06 15:21:43.0112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/06 15:21:43.0172 Fips (418d3078a9b107de75c9ba9b56cba035) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/06 15:21:43.0213 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/06 15:21:43.0443 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/06 15:21:43.0563 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/06 15:21:43.0693 Ftdisk (9c798fdc0d53dfba6f4c4059a11fbfe8) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/06 15:21:43.0813 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/06 15:21:44.0004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/06 15:21:44.0164 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010/12/06 15:21:44.0434 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/06 15:21:44.0845 i8042prt (f8d6633482e0bd81766c74441b134fdf) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/06 15:21:45.0566 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/06 15:21:45.0946 intelppm (bb055e429e9f54aa3fba2dd33beb0935) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/06 15:21:46.0067 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/06 15:21:46.0197 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/06 15:21:46.0347 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/06 15:21:46.0467 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/06 15:21:46.0587 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/06 15:21:46.0898 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/06 15:21:47.0068 isapnp (d3715a2dba29215be59dcfc11294d493) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/06 15:21:47.0228 Kbdclass (af1fd8035b4a34eaf25f8bb1cd3c95ff) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/06 15:21:47.0519 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/06 15:21:47.0709 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/06 15:21:48.0200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/06 15:21:48.0390 Modem (4c84460a6bc9a5bf60555c04be55792e) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/06 15:21:48.0510 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/06 15:21:48.0700 Mouclass (6be02786a7c13cceae728298effa0730) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/06 15:21:48.0821 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/06 15:21:49.0151 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/06 15:21:49.0371 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/06 15:21:49.0632 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/06 15:21:49.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/06 15:21:49.0952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/06 15:21:50.0112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/06 15:21:50.0283 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/06 15:21:50.0493 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2010/12/06 15:21:50.0683 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2010/12/06 15:21:50.0904 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/06 15:21:51.0144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/06 15:21:51.0304 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/06 15:21:51.0464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/06 15:21:51.0605 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/06 15:21:51.0715 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/06 15:21:51.0845 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/06 15:21:51.0975 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/06 15:21:52.0316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/06 15:21:52.0496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/06 15:21:52.0806 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/12/06 15:21:53.0027 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/06 15:21:53.0327 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/06 15:21:53.0547 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/06 15:21:53.0708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/06 15:21:53.0998 Parport (3d383486b2d3b97cd44334a406ae3418) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/06 15:21:54.0168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/06 15:21:54.0339 ParVdm (cbc2a624a1dac81bd1a2932985a8955f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/06 15:21:54.0489 PCI (dcb32b61125e35af33cb8cd54a1e7737) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/06 15:21:54.0909 Pcmcia (1e052d2d5a43c0d097fd96b1490d6083) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/06 15:21:55.0821 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/06 15:21:55.0981 Processor (b7f6b49187ea0254076bbbeef59e200b) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/06 15:21:56.0131 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/06 15:21:56.0291 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/06 15:21:56.0452 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/06 15:21:57.0123 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/06 15:21:57.0283 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/06 15:21:57.0413 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/06 15:21:57.0553 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/06 15:21:57.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/06 15:21:57.0854 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/06 15:21:58.0014 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/06 15:21:58.0184 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/06 15:21:58.0374 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2010/12/06 15:21:58.0535 redbook (528d533566b76023467a633ca35830d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/06 15:21:58.0535 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 528d533566b76023467a633ca35830d6, Fake md5: eb83edb7f55f1910e4db8c823a86ceed
2010/12/06 15:21:58.0585 redbook - detected Forged file (1)
2010/12/06 15:21:58.0835 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/12/06 15:21:58.0975 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys
2010/12/06 15:21:59.0135 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
2010/12/06 15:21:59.0286 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys
2010/12/06 15:21:59.0446 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
2010/12/06 15:21:59.0586 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\WINDOWS\system32\DRIVERS\s117nd5.sys
2010/12/06 15:21:59.0756 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\WINDOWS\system32\DRIVERS\s117obex.sys
2010/12/06 15:21:59.0897 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\WINDOWS\system32\DRIVERS\s117unic.sys
2010/12/06 15:22:00.0117 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/06 15:22:00.0297 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/12/06 15:22:00.0417 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/06 15:22:00.0547 Serial (ad994a88bbfa3c686397951b11a701a5) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/06 15:22:00.0728 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/06 15:22:00.0968 Slnt7554 (d9673011648a71ed1e1f77b831bc85e6) C:\WINDOWS\system32\DRIVERS\slnt7554.sys
2010/12/06 15:22:01.0118 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2010/12/06 15:22:01.0309 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2010/12/06 15:22:01.0569 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/06 15:22:01.0719 sr (a41ac0d87dc3054db716f1456c84391c) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/06 15:22:01.0929 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/06 15:22:02.0130 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/06 15:22:02.0230 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/06 15:22:02.0931 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/06 15:22:03.0181 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/06 15:22:03.0352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/06 15:22:03.0492 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/06 15:22:03.0612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/06 15:22:03.0942 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/06 15:22:04.0193 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/06 15:22:04.0423 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/06 15:22:04.0523 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/06 15:22:04.0633 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/06 15:22:04.0754 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/06 15:22:04.0894 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/12/06 15:22:04.0944 Suspicious service (NoAccess): vbma1aed
2010/12/06 15:22:05.0014 vbma1aed (9fc1f4efeb5db611fb99e7ea138a7481) C:\WINDOWS\system32\drivers\vbma1aed.sys
2010/12/06 15:22:05.0014 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma1aed.sys. md5: 9fc1f4efeb5db611fb99e7ea138a7481
2010/12/06 15:22:05.0064 vbma1aed - detected Locked service (1)
2010/12/06 15:22:05.0184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/06 15:22:05.0314 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/06 15:22:05.0455 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/06 15:22:05.0555 VolSnap (3cf5dc3fdf17ae17d488d4548ac33741) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/06 15:22:05.0785 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/06 15:22:06.0095 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/06 15:22:06.0526 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/06 15:22:06.0766 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/06 15:22:07.0287 ================================================================================
2010/12/06 15:22:07.0287 Scan finished
2010/12/06 15:22:07.0287 ================================================================================
2010/12/06 15:22:07.0367 Detected object count: 2
2010/12/06 15:23:20.0002 Forged file(redbook) - User select action: Skip
2010/12/06 15:23:20.0002 Locked service(vbma1aed) - User select action: Skip

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 PM

Posted 08 December 2010 - 03:29 AM

Hello

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


I would like you to navagate to this file C:\WINDOWS\system32\drivers\vbma1aed.sys and move it to your desktop don't copy it I need it moved

restart the computer and try to run combofix for me again


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 December 2010 - 06:56 AM

This is the combofix report.


ComboFix 10-12-07.04 - user 08/12/2010 13:39:35.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.511.356 [GMT 2:00]
Running from: c:\documents and settings\user\Επιφάνεια εργασίας\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\All Users\Application Data\hpe1.dll
c:\windows\assembly\GAC\__AssemblyInfo__.ini
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\set.exe
c:\windows\Tasks\fbagent.job

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-04 17:38 . 2010-12-04 17:38 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-04 17:36 . 2010-12-04 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-12-03 13:29 . 2010-12-03 15:27 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-11-30 14:24 . 2010-11-30 14:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-11-28 21:10 . 2010-11-30 14:22 -------- d-----w- c:\program files\SpyDig
2010-11-28 10:08 . 2010-11-28 10:08 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2010-11-28 10:08 . 2010-11-28 10:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-27 18:00 . 2010-11-27 18:00 -------- d-----w- c:\program files\ESET
2010-11-27 17:42 . 2010-11-27 17:42 -------- d-----w- c:\windows\system32\drivers\NSS
2010-11-27 17:42 . 2010-11-27 17:42 -------- d-----w- c:\program files\Norton Security Scan
2010-11-27 17:42 . 2010-11-27 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-11-27 17:41 . 2010-11-27 17:41 -------- d-----w- c:\program files\NortonInstaller
2010-11-27 17:22 . 2010-11-27 17:22 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2010-11-27 16:42 . 2010-11-27 16:42 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-11-27 16:36 . 2010-11-27 16:36 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-11-27 15:14 . 2010-11-27 15:14 -------- d-sh--w- c:\documents and settings\user\IETldCache
2010-11-27 14:57 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-27 14:54 . 2010-09-10 05:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-27 14:54 . 2010-09-10 05:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-27 14:54 . 2010-09-10 05:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-27 14:51 . 2010-11-27 14:54 -------- dc-h--w- c:\windows\ie8
2010-11-27 14:11 . 2010-11-27 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-27 13:40 . 2010-11-27 13:40 -------- d-----w- c:\program files\nobrand
2010-11-27 13:39 . 2010-11-27 13:39 -------- d-----w- c:\windows\Downloaded Installations
2010-11-27 13:21 . 2010-11-27 13:21 -------- d-----w- C:\9352154507fab6a6dbba645e

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 11:36 . 2006-03-18 18:57 58880 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-09-18 09:22 . 2002-09-30 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2002-09-30 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2002-09-30 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2002-09-30 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:49 . 2002-09-30 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:49 . 2002-09-30 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:49 . 2002-09-30 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-03-21 46592]
"spydig.exe"="c:\program files\SpyDig\spydig.exe" [2010-10-28 2004480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 09:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 14:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15/12/2009 20:56 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15/12/2009 20:56 27632]
S2 KillTheHooker;KillTheHooker;\??\c:\documents and settings\user\Επιφάνεια εργασίας\TDL3 Razor\TDL3 Razor\TizerBruteForceEx.sys --> c:\documents and settings\user\Επιφάνεια εργασίας\TDL3 Razor\TDL3 Razor\TizerBruteForceEx.sys [?]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/12/2010 19:38 16968]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00102;ids00102;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]
S3 ids0015d;ids0015d;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys [?]
S3 ids0018a;ids0018a;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [5/2/2003 19:55 129535]
S3 vbma1aed;Virtual Bus for Microsoft ACPI-Compliant System; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2010-12-06 c:\windows\Tasks\Norton Security Scan for user.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2010-11-27 07:25]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\yd1skkwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.startup.homepage - hxxp://gr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={69579026-5ADD-C133-DCB2-E28A74E8918F}&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-msstart - c:\windows\system32\ms_start.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"=multi:"system32\drivers\atapi.sys\00\00ImagePath\00AppInit_DLLs\00\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"=multi:"system32\drivers\atapi.sys\00\00ImagePath\00AppInit_DLLs\00\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3988)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-12-08 13:54:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-08 11:54

Pre-Run: 19 Κατάλογοι 13.247.410.176 διαθέσιμα byte
Post-Run: 21 Κατάλογοι 13.456.187.392 διαθέσιμα byte

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 073C9280D42A5734C92428F24544E472

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 PM

Posted 08 December 2010 - 07:29 AM

Hello

I would like you to rerun this program for me



tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 December 2010 - 07:38 AM

2010/12/08 14:37:02.0784 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/08 14:37:02.0784 ================================================================================
2010/12/08 14:37:02.0784 SystemInfo:
2010/12/08 14:37:02.0784
2010/12/08 14:37:02.0784 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/08 14:37:02.0784 Product type: Workstation
2010/12/08 14:37:02.0784 ComputerName: CX130109
2010/12/08 14:37:02.0784 UserName: user
2010/12/08 14:37:02.0784 Windows directory: C:\WINDOWS
2010/12/08 14:37:02.0784 System windows directory: C:\WINDOWS
2010/12/08 14:37:02.0784 Processor architecture: Intel x86
2010/12/08 14:37:02.0784 Number of processors: 1
2010/12/08 14:37:02.0784 Page size: 0x1000
2010/12/08 14:37:02.0784 Boot type: Normal boot
2010/12/08 14:37:02.0784 ================================================================================
2010/12/08 14:37:03.0075 Initialize success
2010/12/08 14:37:20.0820 ================================================================================
2010/12/08 14:37:20.0820 Scan started
2010/12/08 14:37:20.0820 Mode: Manual;
2010/12/08 14:37:20.0820 ================================================================================
2010/12/08 14:37:21.0561 ACPI (1c3c72c504f312c19426cc7cb9ad8e98) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/08 14:37:21.0722 ACPIEC (99f9466c2611e379c88fbbfc8df89b17) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/08 14:37:21.0992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/08 14:37:22.0172 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/08 14:37:22.0623 ALCXWDM (812a5b176ca59cc31ed9962d27240e46) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/08 14:37:23.0544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/08 14:37:23.0674 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/12/08 14:37:23.0925 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/08 14:37:24.0105 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/08 14:37:24.0255 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/08 14:37:24.0546 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/08 14:37:24.0806 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/08 14:37:24.0956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/08 14:37:25.0106 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/08 14:37:26.0388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/08 14:37:26.0549 dmboot (fd983f66eeb5245ef9b28ea3444b2e20) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/08 14:37:26.0689 dmio (a732fc0d3b930e2539018eb8ec9314c2) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/08 14:37:26.0849 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/08 14:37:27.0099 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/08 14:37:27.0270 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/08 14:37:27.0400 ENETHUSB (c37b713737c60fa46cf249507722d68c) C:\WINDOWS\system32\DRIVERS\enethusb.sys
2010/12/08 14:37:27.0550 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/08 14:37:27.0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/08 14:37:27.0720 Fips (418d3078a9b107de75c9ba9b56cba035) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/08 14:37:27.0790 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/08 14:37:27.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/08 14:37:27.0961 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/08 14:37:28.0071 Ftdisk (9c798fdc0d53dfba6f4c4059a11fbfe8) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/08 14:37:28.0171 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/08 14:37:28.0251 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/08 14:37:28.0361 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2010/12/08 14:37:28.0541 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/08 14:37:28.0782 i8042prt (f8d6633482e0bd81766c74441b134fdf) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/08 14:37:29.0142 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/08 14:37:29.0353 intelppm (bb055e429e9f54aa3fba2dd33beb0935) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/08 14:37:29.0423 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/08 14:37:29.0523 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/08 14:37:29.0623 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/08 14:37:29.0683 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/08 14:37:29.0773 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/08 14:37:29.0843 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/08 14:37:29.0913 isapnp (d3715a2dba29215be59dcfc11294d493) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/08 14:37:29.0963 Kbdclass (af1fd8035b4a34eaf25f8bb1cd3c95ff) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/08 14:37:30.0174 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/08 14:37:30.0314 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/08 14:37:30.0594 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/08 14:37:30.0735 Modem (4c84460a6bc9a5bf60555c04be55792e) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/08 14:37:30.0825 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/08 14:37:30.0925 Mouclass (6be02786a7c13cceae728298effa0730) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/08 14:37:31.0015 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/08 14:37:31.0215 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/08 14:37:31.0345 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/08 14:37:31.0556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/08 14:37:31.0676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/08 14:37:31.0766 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/08 14:37:31.0846 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/08 14:37:31.0956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/08 14:37:32.0096 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
2010/12/08 14:37:32.0267 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2010/12/08 14:37:32.0437 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/08 14:37:32.0527 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/08 14:37:32.0617 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/08 14:37:32.0747 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/08 14:37:32.0858 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/08 14:37:32.0948 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/08 14:37:33.0028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/08 14:37:33.0098 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/08 14:37:33.0228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/08 14:37:33.0298 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/08 14:37:33.0478 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
2010/12/08 14:37:33.0599 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/08 14:37:33.0779 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/08 14:37:33.0949 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/08 14:37:34.0029 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/08 14:37:34.0179 Parport (3d383486b2d3b97cd44334a406ae3418) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/08 14:37:34.0230 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/08 14:37:34.0330 ParVdm (cbc2a624a1dac81bd1a2932985a8955f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/08 14:37:34.0420 PCI (dcb32b61125e35af33cb8cd54a1e7737) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/08 14:37:34.0610 Pcmcia (1e052d2d5a43c0d097fd96b1490d6083) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/08 14:37:35.0071 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/08 14:37:35.0151 Processor (b7f6b49187ea0254076bbbeef59e200b) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/08 14:37:35.0241 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/08 14:37:35.0351 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/08 14:37:35.0441 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/08 14:37:35.0802 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/08 14:37:35.0902 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/08 14:37:36.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/08 14:37:36.0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/08 14:37:36.0323 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/08 14:37:36.0493 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/08 14:37:36.0653 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/08 14:37:36.0783 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/08 14:37:36.0883 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys
2010/12/08 14:37:36.0984 redbook (eb83edb7f55f1910e4db8c823a86ceed) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/08 14:37:37.0104 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/12/08 14:37:37.0194 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\WINDOWS\system32\DRIVERS\s117bus.sys
2010/12/08 14:37:37.0294 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\WINDOWS\system32\DRIVERS\s117mdfl.sys
2010/12/08 14:37:37.0374 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\WINDOWS\system32\DRIVERS\s117mdm.sys
2010/12/08 14:37:37.0464 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\WINDOWS\system32\DRIVERS\s117mgmt.sys
2010/12/08 14:37:37.0544 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\WINDOWS\system32\DRIVERS\s117nd5.sys
2010/12/08 14:37:37.0624 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\WINDOWS\system32\DRIVERS\s117obex.sys
2010/12/08 14:37:37.0715 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\WINDOWS\system32\DRIVERS\s117unic.sys
2010/12/08 14:37:37.0855 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/08 14:37:37.0945 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/12/08 14:37:38.0045 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/08 14:37:38.0115 Serial (ad994a88bbfa3c686397951b11a701a5) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/08 14:37:38.0195 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/08 14:37:38.0366 Slnt7554 (d9673011648a71ed1e1f77b831bc85e6) C:\WINDOWS\system32\DRIVERS\slnt7554.sys
2010/12/08 14:37:38.0446 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys
2010/12/08 14:37:38.0556 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
2010/12/08 14:37:38.0716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/08 14:37:38.0806 sr (a41ac0d87dc3054db716f1456c84391c) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/08 14:37:38.0916 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/08 14:37:39.0057 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/08 14:37:39.0127 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/08 14:37:39.0497 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/08 14:37:39.0657 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/08 14:37:39.0758 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/08 14:37:39.0848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/08 14:37:39.0908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/08 14:37:40.0118 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/08 14:37:40.0298 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/08 14:37:40.0428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/08 14:37:40.0519 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/08 14:37:40.0599 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/08 14:37:40.0659 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/08 14:37:40.0749 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/12/08 14:37:40.0889 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/08 14:37:41.0019 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/08 14:37:41.0129 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/08 14:37:41.0200 VolSnap (3cf5dc3fdf17ae17d488d4548ac33741) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/08 14:37:41.0300 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/08 14:37:41.0450 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/08 14:37:41.0650 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/08 14:37:41.0790 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/08 14:37:42.0141 ================================================================================
2010/12/08 14:37:42.0141 Scan finished
2010/12/08 14:37:42.0141 ================================================================================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:06 PM

Posted 08 December 2010 - 07:42 AM

Greetings

That is great!!


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Driver::
vbma1aed


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gzm

gzm
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 08 December 2010 - 07:57 AM

Did as instructed. As soon TDSSkiller starts I get the the following:
Valid command line parametes:
-I<file_name>(path to log file)
-qpath<folder_name>(path to quarantine folder)
-qall(copy all objects to quarantine)
-qmbr(copy all mbr to quarantine)
-qcsvc<service_name>(copy service to quarintine)
-dcsvc<service_name>(delete service)
-sigcheck(delete unsigned files as suspicious)
-tdlfs(detect TDL3/4 file systempresence)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users