Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack /related


  • Please log in to reply
11 replies to this topic

#1 end1snear

end1snear

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 18 March 2011 - 12:57 PM

Hi, i pretty new to this forum and i know quite little about posting correctly, so if i miss something please do correct me.

I have recently been infected(about a week ago) and ever since i am having trouble while using search engines such as google.I get redirected
to i fake site(usually ad-site or filled with advertisments) even thaw i am 100% sure it's real.It was soo annoying so i downloaded a couple
of anti-malware/virus one after another(MBAM, spybotS&D, Ad-aware, spywareDoctor) and syntemac installed from the beginning, and non of these could fully remove the virus/spyware or whatever it is, they all found it(virus) and said they removed it, i open my browser and see that the problem still exists. So i remove the Anti-virus/malware one after another, now i only have MBAM left and syntemac.

So i was wondering if you could help me since i used the search button and found related issues that have been resolved.And i would
glady appreciate if someone could find the time to.

I am running on windows xp professional SP3 and using the latest version firefox.
i have IE8 but almost never use.

If there is anythin i could do to make this go smoother/faster please let me know.

Edited by end1snear, 18 March 2011 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 18 March 2011 - 08:24 PM

Hello and welcome. You can remove these spybotS&D, Ad-aware, spywareDoctor.. Except this syntemac if it is your only antivirus,if not what is the other?

Lets do these next and see hoe you are after.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

Edited by boopme, 18 March 2011 - 08:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 end1snear

end1snear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 19 March 2011 - 05:15 AM

TDSSkiller found suspicious object and i used the Skip(cure wasen't in one of the three options) continued and wasen't asked to reboot so i exited.
here is the log file it created:
I have not continued with next steps.I am waiting for response.
2011/03/19 11:00:41.0453 3624 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/19 11:00:41.0984 3624 ================================================================================
2011/03/19 11:00:41.0984 3624 SystemInfo:
2011/03/19 11:00:41.0984 3624
2011/03/19 11:00:41.0984 3624 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/19 11:00:41.0984 3624 Product type: Workstation
2011/03/19 11:00:41.0984 3624 ComputerName: UQM3318
2011/03/19 11:00:41.0984 3624 UserName: uqm3318
2011/03/19 11:00:41.0984 3624 Windows directory: C:\WINDOWS
2011/03/19 11:00:41.0984 3624 System windows directory: C:\WINDOWS
2011/03/19 11:00:41.0984 3624 Processor architecture: Intel x86
2011/03/19 11:00:41.0984 3624 Number of processors: 1
2011/03/19 11:00:41.0984 3624 Page size: 0x1000
2011/03/19 11:00:41.0984 3624 Boot type: Normal boot
2011/03/19 11:00:41.0984 3624 ================================================================================
2011/03/19 11:00:43.0437 3624 Initialize success
2011/03/19 11:02:14.0859 4028 ================================================================================
2011/03/19 11:02:14.0859 4028 Scan started
2011/03/19 11:02:14.0859 4028 Mode: Manual;
2011/03/19 11:02:14.0859 4028 ================================================================================
2011/03/19 11:02:15.0171 4028 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/19 11:02:15.0187 4028 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/19 11:02:15.0234 4028 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/19 11:02:15.0375 4028 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/19 11:02:15.0437 4028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/19 11:02:15.0500 4028 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/19 11:02:15.0625 4028 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/19 11:02:15.0656 4028 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/19 11:02:15.0703 4028 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/19 11:02:15.0718 4028 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/19 11:02:15.0750 4028 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/19 11:02:15.0781 4028 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/19 11:02:15.0812 4028 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/19 11:02:15.0828 4028 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/19 11:02:15.0859 4028 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/19 11:02:15.0984 4028 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/19 11:02:16.0000 4028 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/19 11:02:16.0015 4028 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/19 11:02:16.0046 4028 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/19 11:02:16.0109 4028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/19 11:02:16.0140 4028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/19 11:02:16.0312 4028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/19 11:02:16.0375 4028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/19 11:02:16.0484 4028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/19 11:02:16.0546 4028 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/19 11:02:16.0578 4028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/19 11:02:16.0609 4028 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/19 11:02:16.0640 4028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/19 11:02:16.0765 4028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/19 11:02:16.0828 4028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/19 11:02:16.0906 4028 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/19 11:02:17.0046 4028 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/19 11:02:17.0109 4028 CnxtHdAudService (74d5c90052e936622e077d94121ec2c9) C:\WINDOWS\system32\drivers\CHDAU32.sys
2011/03/19 11:02:17.0250 4028 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/19 11:02:17.0296 4028 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/19 11:02:17.0328 4028 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/19 11:02:17.0421 4028 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/19 11:02:17.0593 4028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/19 11:02:17.0953 4028 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/19 11:02:19.0375 4028 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/19 11:02:19.0468 4028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/19 11:02:19.0625 4028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/19 11:02:19.0765 4028 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/19 11:02:19.0828 4028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/19 11:02:19.0953 4028 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/19 11:02:19.0984 4028 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/19 11:02:20.0109 4028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/19 11:02:20.0140 4028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/19 11:02:20.0171 4028 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/19 11:02:20.0187 4028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/19 11:02:20.0234 4028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/19 11:02:20.0359 4028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/19 11:02:20.0390 4028 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/19 11:02:20.0437 4028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/19 11:02:20.0500 4028 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/19 11:02:20.0625 4028 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/19 11:02:20.0687 4028 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/19 11:02:20.0828 4028 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/19 11:02:20.0890 4028 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/19 11:02:21.0046 4028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/19 11:02:21.0093 4028 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/19 11:02:21.0125 4028 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/19 11:02:21.0140 4028 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/19 11:02:21.0328 4028 ialm (364872e9c594af4bf0f742273cea0238) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/19 11:02:21.0500 4028 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/19 11:02:21.0578 4028 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/03/19 11:02:21.0609 4028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/19 11:02:21.0718 4028 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/19 11:02:21.0812 4028 IntcHdmiAddService (f5c70e41b19d33cc764998786ab74165) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/03/19 11:02:21.0843 4028 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/19 11:02:21.0968 4028 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/19 11:02:22.0015 4028 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/19 11:02:22.0078 4028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/19 11:02:22.0187 4028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/19 11:02:22.0203 4028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/19 11:02:22.0265 4028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/19 11:02:22.0375 4028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/19 11:02:22.0421 4028 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/19 11:02:22.0484 4028 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/19 11:02:22.0593 4028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/19 11:02:22.0640 4028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/19 11:02:22.0734 4028 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/19 11:02:22.0843 4028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/19 11:02:22.0890 4028 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/19 11:02:22.0953 4028 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/19 11:02:22.0984 4028 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/19 11:02:23.0078 4028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/19 11:02:23.0125 4028 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/19 11:02:23.0171 4028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/19 11:02:23.0312 4028 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/19 11:02:23.0437 4028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/19 11:02:23.0468 4028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/19 11:02:23.0500 4028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/19 11:02:23.0531 4028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/19 11:02:23.0562 4028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/19 11:02:23.0687 4028 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\A0101X32.sys
2011/03/19 11:02:23.0734 4028 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/19 11:02:23.0875 4028 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Program\DELADE~1\SYMANT~1\VIRUSD~1\20110314.002\naveng.sys
2011/03/19 11:02:23.0953 4028 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Program\DELADE~1\SYMANT~1\VIRUSD~1\20110314.002\navex15.sys
2011/03/19 11:02:24.0093 4028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/19 11:02:24.0125 4028 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/19 11:02:24.0156 4028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/19 11:02:24.0171 4028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/19 11:02:24.0234 4028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/19 11:02:24.0359 4028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/19 11:02:24.0390 4028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/19 11:02:24.0546 4028 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/03/19 11:02:24.0796 4028 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/19 11:02:24.0843 4028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/19 11:02:24.0875 4028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/19 11:02:24.0984 4028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/19 11:02:25.0046 4028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/19 11:02:25.0062 4028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/19 11:02:25.0203 4028 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/19 11:02:25.0265 4028 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
2011/03/19 11:02:25.0328 4028 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/19 11:02:25.0453 4028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/19 11:02:25.0484 4028 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/19 11:02:25.0515 4028 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/19 11:02:25.0546 4028 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/19 11:02:25.0578 4028 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/19 11:02:25.0750 4028 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/19 11:02:25.0765 4028 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/19 11:02:25.0843 4028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/19 11:02:25.0859 4028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/19 11:02:25.0890 4028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/19 11:02:25.0921 4028 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/19 11:02:26.0078 4028 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/19 11:02:26.0093 4028 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/19 11:02:26.0109 4028 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/19 11:02:26.0140 4028 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/19 11:02:26.0156 4028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/19 11:02:26.0203 4028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/19 11:02:26.0234 4028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/19 11:02:26.0250 4028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/19 11:02:26.0312 4028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/19 11:02:26.0421 4028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/19 11:02:26.0453 4028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/19 11:02:26.0500 4028 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/19 11:02:26.0640 4028 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/19 11:02:26.0703 4028 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/19 11:02:26.0718 4028 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/19 11:02:26.0734 4028 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/19 11:02:26.0812 4028 RTLE8023xp (76b0d8ea66af27b1492f70b7d8f8a320) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/03/19 11:02:26.0906 4028 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program\Symantec AntiVirus\savrt.sys
2011/03/19 11:02:26.0921 4028 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program\Symantec AntiVirus\Savrtpel.sys
2011/03/19 11:02:27.0046 4028 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/19 11:02:27.0078 4028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/19 11:02:27.0140 4028 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/19 11:02:27.0312 4028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/19 11:02:27.0359 4028 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/19 11:02:27.0406 4028 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/19 11:02:27.0484 4028 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/19 11:02:27.0625 4028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/19 11:02:27.0687 4028 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/19 11:02:27.0687 4028 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
2011/03/19 11:02:27.0703 4028 sptd - detected Locked file (1)
2011/03/19 11:02:27.0828 4028 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/19 11:02:27.0859 4028 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/19 11:02:27.0906 4028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/19 11:02:27.0968 4028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/19 11:02:28.0078 4028 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/19 11:02:28.0125 4028 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/19 11:02:28.0171 4028 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program\Symantec\SYMEVENT.SYS
2011/03/19 11:02:28.0281 4028 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/03/19 11:02:28.0328 4028 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/03/19 11:02:28.0375 4028 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/19 11:02:28.0468 4028 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/19 11:02:28.0515 4028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/19 11:02:28.0578 4028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/19 11:02:28.0687 4028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/19 11:02:28.0734 4028 TdsNordecr (45fe2294261ff05aa986cdc757e7b524) C:\WINDOWS\system32\DRIVERS\nordecr.sys
2011/03/19 11:02:28.0796 4028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/19 11:02:28.0906 4028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/19 11:02:28.0984 4028 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/19 11:02:29.0031 4028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/19 11:02:29.0140 4028 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/19 11:02:29.0203 4028 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program\Unlocker\UnlockerDriver5.sys
2011/03/19 11:02:29.0281 4028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/19 11:02:29.0343 4028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/19 11:02:29.0375 4028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/19 11:02:29.0421 4028 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/19 11:02:29.0484 4028 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/19 11:02:29.0562 4028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/19 11:02:29.0609 4028 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/19 11:02:29.0671 4028 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/19 11:02:29.0703 4028 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/19 11:02:29.0765 4028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/19 11:02:29.0828 4028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/19 11:02:29.0890 4028 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/19 11:02:30.0046 4028 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/19 11:02:30.0093 4028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/19 11:02:30.0140 4028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/19 11:02:30.0453 4028 ================================================================================
2011/03/19 11:02:30.0453 4028 Scan finished
2011/03/19 11:02:30.0453 4028 ================================================================================
2011/03/19 11:02:30.0468 4020 Detected object count: 1
2011/03/19 11:05:02.0531 4020 Locked file(sptd) - User select action: Skip
2011/03/19 11:06:29.0015 3620 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 19 March 2011 - 09:53 AM

Hello, OK, Do the rst now. Then Rerun TDSS and if it still wants not to cure then it is OK.
What is/are your antivirus?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 end1snear

end1snear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 19 March 2011 - 10:25 AM

hi again, i am using symantec(misspelled last time) as my anti-virus.I have done the rest and here are the logs:
TDSS dindn't give me the (cure) option again.MBAM dindn't find anything after quick scan,or ask to reboot:

Rkill log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 2011-03-19 at 16:02:31.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Program\THEKMP~1\KMPlayer.exe


Rkill completed on 2011-03-19 at 16:02:34.

MBAMlog:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6106

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-03-19 16:07:47
mbam-log-2011-03-19 (16-07-47).txt

Scan type: Quick scan
Objects scanned: 200482
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TDSSlog:
2011/03/19 16:13:20.0750 3592 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/19 16:13:21.0171 3592 ================================================================================
2011/03/19 16:13:21.0171 3592 SystemInfo:
2011/03/19 16:13:21.0171 3592
2011/03/19 16:13:21.0171 3592 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/19 16:13:21.0171 3592 Product type: Workstation
2011/03/19 16:13:21.0171 3592 ComputerName: UQM3318
2011/03/19 16:13:21.0187 3592 UserName: uqm3318
2011/03/19 16:13:21.0187 3592 Windows directory: C:\WINDOWS
2011/03/19 16:13:21.0187 3592 System windows directory: C:\WINDOWS
2011/03/19 16:13:21.0187 3592 Processor architecture: Intel x86
2011/03/19 16:13:21.0187 3592 Number of processors: 1
2011/03/19 16:13:21.0187 3592 Page size: 0x1000
2011/03/19 16:13:21.0187 3592 Boot type: Normal boot
2011/03/19 16:13:21.0187 3592 ================================================================================
2011/03/19 16:13:21.0546 3592 Initialize success
2011/03/19 16:13:24.0078 3924 ================================================================================
2011/03/19 16:13:24.0078 3924 Scan started
2011/03/19 16:13:24.0078 3924 Mode: Manual;
2011/03/19 16:13:24.0078 3924 ================================================================================
2011/03/19 16:13:25.0156 3924 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/19 16:13:25.0171 3924 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/19 16:13:25.0203 3924 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/19 16:13:25.0234 3924 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/19 16:13:25.0359 3924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/19 16:13:25.0406 3924 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/19 16:13:25.0468 3924 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/19 16:13:25.0562 3924 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/19 16:13:25.0593 3924 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/19 16:13:25.0609 3924 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/19 16:13:25.0625 3924 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/19 16:13:25.0656 3924 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/19 16:13:25.0687 3924 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/19 16:13:25.0781 3924 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/19 16:13:25.0812 3924 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/19 16:13:25.0859 3924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/19 16:13:25.0875 3924 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/19 16:13:25.0890 3924 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/19 16:13:25.0906 3924 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/19 16:13:25.0968 3924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/19 16:13:26.0109 3924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/19 16:13:26.0156 3924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/19 16:13:26.0203 3924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/19 16:13:26.0375 3924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/19 16:13:26.0656 3924 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/19 16:13:26.0671 3924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/19 16:13:26.0687 3924 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/19 16:13:26.0718 3924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/19 16:13:26.0765 3924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/19 16:13:26.0796 3924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/19 16:13:26.0953 3924 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/19 16:13:27.0000 3924 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/19 16:13:27.0140 3924 CnxtHdAudService (74d5c90052e936622e077d94121ec2c9) C:\WINDOWS\system32\drivers\CHDAU32.sys
2011/03/19 16:13:27.0296 3924 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/19 16:13:27.0343 3924 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/19 16:13:27.0375 3924 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/19 16:13:27.0390 3924 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/19 16:13:27.0437 3924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/19 16:13:27.0484 3924 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/19 16:13:27.0625 3924 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/19 16:13:27.0640 3924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/19 16:13:27.0703 3924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/19 16:13:27.0750 3924 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/19 16:13:27.0765 3924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/19 16:13:27.0859 3924 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/19 16:13:27.0890 3924 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/19 16:13:28.0031 3924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/19 16:13:28.0062 3924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/19 16:13:28.0093 3924 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/19 16:13:28.0109 3924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/19 16:13:28.0171 3924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/19 16:13:28.0265 3924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/19 16:13:28.0312 3924 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/19 16:13:28.0343 3924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/19 16:13:28.0406 3924 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/19 16:13:28.0515 3924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/19 16:13:28.0562 3924 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/19 16:13:28.0625 3924 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/19 16:13:28.0734 3924 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/19 16:13:28.0859 3924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/19 16:13:28.0906 3924 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/19 16:13:28.0937 3924 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/19 16:13:28.0953 3924 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/19 16:13:29.0125 3924 ialm (364872e9c594af4bf0f742273cea0238) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/19 16:13:29.0265 3924 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/19 16:13:29.0328 3924 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/03/19 16:13:29.0375 3924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/19 16:13:29.0484 3924 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/19 16:13:29.0546 3924 IntcHdmiAddService (f5c70e41b19d33cc764998786ab74165) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/03/19 16:13:29.0593 3924 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/19 16:13:29.0687 3924 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/19 16:13:29.0734 3924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/19 16:13:29.0781 3924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/19 16:13:29.0890 3924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/19 16:13:29.0937 3924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/19 16:13:30.0000 3924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/19 16:13:30.0093 3924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/19 16:13:30.0156 3924 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/19 16:13:30.0218 3924 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/19 16:13:30.0312 3924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/19 16:13:30.0375 3924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/19 16:13:30.0468 3924 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/19 16:13:30.0562 3924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/19 16:13:30.0625 3924 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/19 16:13:30.0671 3924 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/19 16:13:30.0781 3924 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/19 16:13:30.0843 3924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/19 16:13:30.0875 3924 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/19 16:13:30.0937 3924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/19 16:13:31.0015 3924 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/19 16:13:31.0125 3924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/19 16:13:31.0171 3924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/19 16:13:31.0218 3924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/19 16:13:31.0234 3924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/19 16:13:31.0359 3924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/19 16:13:31.0406 3924 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\A0101X32.sys
2011/03/19 16:13:31.0437 3924 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/19 16:13:31.0546 3924 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Program\DELADE~1\SYMANT~1\VIRUSD~1\20110314.002\naveng.sys
2011/03/19 16:13:31.0625 3924 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Program\DELADE~1\SYMANT~1\VIRUSD~1\20110314.002\navex15.sys
2011/03/19 16:13:31.0765 3924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/19 16:13:31.0796 3924 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/19 16:13:31.0828 3924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/19 16:13:31.0843 3924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/19 16:13:31.0890 3924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/19 16:13:32.0031 3924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/19 16:13:32.0046 3924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/19 16:13:32.0218 3924 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/03/19 16:13:32.0359 3924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/19 16:13:32.0406 3924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/19 16:13:32.0437 3924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/19 16:13:32.0562 3924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/19 16:13:32.0609 3924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/19 16:13:32.0640 3924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/19 16:13:32.0687 3924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/19 16:13:32.0812 3924 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
2011/03/19 16:13:32.0875 3924 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/19 16:13:32.0890 3924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/19 16:13:32.0921 3924 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/19 16:13:32.0968 3924 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/19 16:13:33.0078 3924 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/19 16:13:33.0140 3924 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/19 16:13:33.0218 3924 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/19 16:13:33.0234 3924 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/19 16:13:33.0312 3924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/19 16:13:33.0406 3924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/19 16:13:33.0437 3924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/19 16:13:33.0484 3924 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/19 16:13:33.0515 3924 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/19 16:13:33.0531 3924 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/19 16:13:33.0562 3924 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/19 16:13:33.0578 3924 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/19 16:13:33.0609 3924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/19 16:13:33.0734 3924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/19 16:13:33.0765 3924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/19 16:13:33.0781 3924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/19 16:13:33.0812 3924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/19 16:13:33.0828 3924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/19 16:13:33.0843 3924 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/19 16:13:33.0906 3924 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/19 16:13:34.0031 3924 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/19 16:13:34.0093 3924 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/03/19 16:13:34.0109 3924 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/03/19 16:13:34.0125 3924 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/03/19 16:13:34.0187 3924 RTLE8023xp (76b0d8ea66af27b1492f70b7d8f8a320) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/03/19 16:13:34.0296 3924 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program\Symantec AntiVirus\savrt.sys
2011/03/19 16:13:34.0296 3924 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program\Symantec AntiVirus\Savrtpel.sys
2011/03/19 16:13:34.0437 3924 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/19 16:13:34.0453 3924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/19 16:13:34.0515 3924 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/19 16:13:34.0562 3924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/19 16:13:34.0671 3924 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/19 16:13:34.0718 3924 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/19 16:13:34.0812 3924 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/19 16:13:34.0953 3924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/19 16:13:35.0031 3924 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/19 16:13:35.0031 3924 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
2011/03/19 16:13:35.0031 3924 sptd - detected Locked file (1)
2011/03/19 16:13:35.0140 3924 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/19 16:13:35.0187 3924 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/19 16:13:35.0234 3924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/19 16:13:35.0281 3924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/19 16:13:35.0390 3924 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/19 16:13:35.0421 3924 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/19 16:13:35.0468 3924 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program\Symantec\SYMEVENT.SYS
2011/03/19 16:13:35.0578 3924 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/03/19 16:13:35.0625 3924 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/03/19 16:13:35.0671 3924 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/19 16:13:35.0765 3924 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/19 16:13:35.0812 3924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/19 16:13:35.0890 3924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/19 16:13:36.0000 3924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/19 16:13:36.0046 3924 TdsNordecr (45fe2294261ff05aa986cdc757e7b524) C:\WINDOWS\system32\DRIVERS\nordecr.sys
2011/03/19 16:13:36.0078 3924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/19 16:13:36.0125 3924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/19 16:13:36.0234 3924 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/19 16:13:36.0296 3924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/19 16:13:36.0312 3924 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/19 16:13:36.0359 3924 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program\Unlocker\UnlockerDriver5.sys
2011/03/19 16:13:36.0468 3924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/19 16:13:36.0531 3924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/19 16:13:36.0562 3924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/19 16:13:36.0656 3924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/19 16:13:36.0718 3924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/19 16:13:36.0781 3924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/19 16:13:36.0859 3924 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/19 16:13:36.0906 3924 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/19 16:13:36.0937 3924 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/19 16:13:37.0000 3924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/19 16:13:37.0078 3924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/19 16:13:37.0171 3924 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/19 16:13:37.0343 3924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/19 16:13:37.0390 3924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/19 16:13:37.0421 3924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/19 16:13:37.0734 3924 ================================================================================
2011/03/19 16:13:37.0734 3924 Scan finished
2011/03/19 16:13:37.0734 3924 ================================================================================
2011/03/19 16:13:37.0750 3888 Detected object count: 1
2011/03/19 16:13:51.0109 3888 Locked file(sptd) - User select action: Skip
2011/03/19 16:13:56.0968 1624 Deinitialize success

The kmplayer was already running b4 i ran rkill(just to let u know)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 19 March 2011 - 10:52 AM

Since I take it you still redirect,run an Online scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 end1snear

end1snear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 19 March 2011 - 01:54 PM

Hello once more, here are the scan results:
C:\WINDOWS\system32\k.dll Win32/Bamital.FE trojan cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110310-094346.backup Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts.20110310-094347.backup Win32/Qhost trojan cleaned by deleting - quarantined

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 19 March 2011 - 04:09 PM

Ok there are some real bad boys there. If you still redirect we need to change the hosts file as the QHost trojan alters it.


HOSTS FILE Reset
Microsoft has a tool to automatically do this for you. Click Me select Run .
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 end1snear

end1snear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 20 March 2011 - 12:35 AM

hi,I did like you said and installed the program ran it and once it was done i closed and was asked to restart.While restarting i noticed that i got a short blue screen error once the loginscreen tried to appear and then disappeared the next second.After that my computred keeps restarting and ending up the same, it has been doing that for about 20mins since the first restart. So i am wondering if thats normal, and or if i should keep waiting or not?

I am using my family's stationary to write this response.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 20 March 2011 - 12:24 PM

STOP Reboot loop...BSOD (Blue Screen of death)

If Running Windows and it crashes and you get a blue screen with an error message ( BSOD )and it will automatically restart, Most times it restarts too fast for you to see and read the error message. We are going to disable auto restart on system failure. So the screen will stop and you can copy down the complete error message.

1. Go to Start -> Control Panel -> System (Windows+Pause works, too)
2. Go to Advanced
3. Under the Startup and Recovery section, click Settings...
4. Under System Failure un-check "Automatically restart"
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 end1snear

end1snear
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 21 March 2011 - 02:29 AM

Hi, i don't think you understood what i meant, i can't get to the control panel on my laptop(i am using laptop) and
i am using my family's stationary comp to responde to you. Anyway what you said is true about the error massage is too fast for me to read,but i have found a way to stop that,i press F8 while it's restarting and inactivate "auto-restart on system failure"
Here is the massage on the BSOD:

STOP: C000021a {Fatal system error}
The Windows Logon Process system process terminated unexpectedly with a status of 0x0000005
(0x000000000x00000000).
The system has been shutdown.

In the next 4 hours i will reinstall my whole computer, i have many things i need to get done and i can't do it all on my stationary comp.If there is a fast way of getting my comp to start again plz let me know, otherwise just close this topic.
Thanks a bunch for your effort.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:29 AM

Posted 21 March 2011 - 08:29 PM

Ok ,I was not able to be here in 4 hours.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users