Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection Rootkit TDLR4@MBR


  • This topic is locked This topic is locked
21 replies to this topic

#1 Beauregard

Beauregard

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 11:54 AM

DDS Report (See below)
Gmer obtained after a few attempts (computer was restarting by itself at the end of each scan) (See below)

Multiple problems:
- Google Redirection.
- Blue screen crashes 4 to 8 times a day. Sometimes prevents Windows from restarting..
- Hard to download and use solutions. Have to go though a Mac and USB key to copy on my desktop.
- Programs are disturbed and crash a lot (InDesign, Excel, Outlook). Problems with Task Manager in Outlook.

Please help, I am on a business trip in China.
I am stuck and need a solution asap.

All the best,
Beauregard


///////////////////

Rapport DDS
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Emmanuel at 20:49:12.58 on Sat 05/07/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
MicrosoftÆ Windows Vistaô …dition IntÈgrale 6.0.6002.2.1252.1.1033.18.3069.1807 [GMT 8:00]
.
AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E}
SP: Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\nlssrv32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\mobsync.exe
C:\Users\Emmanuel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rue89.com/
uInternet Settings,ProxyServer = 127.0.0.1:8580
uInternet Settings,ProxyOverride = <local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\progra~1\e-book~1\flipvi~2\fvbho140.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Ditto] "c:\program files\ditto\Ditto.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge]
uRun: [lnksutil] "rundll32" "c:\users\emmanuel\appdata\local\temp\ntosetup.dll",CreateProcessNotify
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Barre RoboForm - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: QQ - c:\program files\tencent\qqintl\bin\AddEmotion.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: c:\windows\system32\ASProxy.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: carrefour.com.cn\e-shop
Trusted Zone: imdb.com\secure
Trusted Zone: taobao.com
DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 66.207.162.66 freedur.com
Hosts: 66.207.162.66 www.freedur.com
Hosts: 204.152.194.50 clients.freedur.com
Hosts: 204.152.194.50 blog.freedur.com
Hosts: 66.207.162.66 freedur.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\emmanuel\appdata\roaming\mozilla\firefox\profiles\8681oi1f.default\
FF - prefs.js: browser.startup.homepage - hxxp://pro.imdb.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8580
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8580
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8580
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8580
FF - prefs.js: network.proxy.type - 1
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-1-19 13424]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2009-12-29 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2009-12-29 10272]
R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-8-18 443752]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-3-25 57344]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-6-18 98304]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-1-19 411488]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-1-17 1201640]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
R3 BTHprint;Microsoft Bluetooth Printer Class;c:\windows\system32\drivers\BTHPRINT.SYS [2009-7-6 29696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-18 28464]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-1-19 287856]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-6-18 9344]
S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2010-1-8 6656]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 ASOVPNHelper;Astrill OpenVPN Service;c:\users\emmanuel\appdata\roaming\astrill\asovpnsvc.exe --run --> c:\users\emmanuel\appdata\roaming\astrill\ASOvpnSvc.exe --run [?]
S3 ASProxy;ASProxy;c:\users\emmanuel\appdata\roaming\astrill\ASProxy.exe [2010-10-31 1962192]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-27 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-27 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-27 63328]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-6-18 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-6-18 87328]
.
=============== Created Last 30 ================
.
2011-05-06 02:50:09 -------- d-----w- c:\users\emmanuel\appdata\roaming\Malwarebytes
2011-05-06 02:49:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 02:49:52 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-06 02:49:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-06 02:49:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 03:15:43 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-05-02 07:17:42 -------- d-----w- c:\users\emmanuel\appdata\roaming\RoboForm
2011-05-02 06:04:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-02 06:04:44 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-02 06:04:44 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-02 06:04:43 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-02 06:04:43 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-02 06:04:43 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-02 06:04:43 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-02 06:04:42 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
.
==================== Find3M ====================
.
2011-02-15 08:27:10 26960 ----a-w- c:\windows\system32\novamnv7.dll
2011-02-15 08:27:08 21328 ----a-w- c:\windows\system32\novamiv7.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: FUJITSU_ rev.0041 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x89556555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8955c7b0]; MOV EAX, [0x8955c82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x84655962] -> \Device\Harddisk0\DR0[0x891AF150]
3 CLASSPNP[0x8CDE38B3] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87DAFC60]
5 acpi[0x8069F6BC] -> ntkrnlpa!IofCallDriver[0x84655962] -> [0x87D49028]
\Driver\iaStor[0x887BD048] -> IRP_MJ_CREATE -> 0x89556555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 781422766 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 20:53:14.47 ===============

Rapport secondaire DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
MicrosoftÆ Windows Vistaô …dition IntÈgrale
Boot Device: \Device\HarddiskVolume2
Install Date: 8/27/2008 7:57:25 AM
System Uptime: 5/7/2011 6:11:09 PM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T9600 @ 2.80GHz | N/A | 800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 364 GiB total, 96.44 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129A\7&1A18FFC0&0&C8BCC82ABAA6_C00000000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 66.207.162.66 freedur.com
Hosts: 66.207.162.66 www.freedur.com
Hosts: 204.152.194.50 clients.freedur.com
Hosts: 204.152.194.50 blog.freedur.com
Hosts: 66.207.162.66 freedur.net
Hosts: 66.207.162.66 www.freedur.net
Hosts: 204.152.194.50 clients.freedur.net
Hosts: 204.152.194.50 blog.freedur.net
Hosts: 66.207.162.66 freedur.org
Hosts: 66.207.162.66 www.freedur.org
Hosts: 204.152.194.50 clients.freedur.org
Hosts: 204.152.194.50 blog.freedur.org
Hosts: 66.207.161.29 clients.skydur.com
Hosts: 66.207.161.29 blog.skydur.com
Hosts: 109.123.89.16 www.skydur.com
Hosts: 109.123.89.16 skydur.com
Hosts: 109.123.89.16 secure.skydur.com
Hosts: 109.123.89.16 www.skydurvpn.com
Hosts: 109.123.89.16 skydurvpn.com
Hosts: 109.123.89.16 secure.skydurvpn.com
.
==== Installed Programs ======================
.
.
’–––◊®“µ∞Ê
÷ß∏∂±¶≤º˛ 1.2.0.2
Adobe Acrobat 9 Pro Extended - English, FranÁais, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InCopy CS4 Application Feature Set Files (Roman)
Adobe InCopy CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced System Optimizer
Alien Skin Exposure 3
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Astrill 2.2.0.1824
ATI Catalyst Install Manager
BitDefender Antivirus 2010
Bonjour
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon SELPHY CP780
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan Toolbox Ver4.9
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Choice Guard
Click to Disc
Click to Disc Editor
CMBEdit
Connect
Conseiller de mise ‡ niveau vers Windows 7
CuteFTP 8 Professional
Definition update for Microsoft Office 2010 (KB982726)
DisplayLink Core Software
Ditto 3.15.4.0
Download Accelerator Plus (DAP)
Driver Installer
EP Budgeting
Final Draft 7
FlipBook Creator 1.5
FlipViewer 4.5
FlipViewer Xpress Creator 2.2
Free HD Converter V 1.7
French App Name
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Word 2010 (KB2459114)
HP Print Diagnostic Utility
Installation Windows Live
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 7
Java™ SE Runtime Environment 6
KhalInstallWrapper
kuler
LG USB Modem Drivers
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Live Add-in Patches
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SharedView
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mindjet MindManager 9
MobileMe Control Panel
ModËles de sons Windows
Movie Outline 3.1.1
Mozilla Firefox 4.0.1 (x86 fr)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MXAir Tutorial
NEF Codec
OpenMG Secure Module 5.0.00
Outil de tÈlÈchargement Windows Live
PamFax
PamFax Office Integration
PDF-XChange 3
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Qlock Lite
QuickTime
QuickTime MPEG2
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Resolume DXV Quicktime Codec 2.1
RoboForm 7-2-9 (All Users)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Setting Utility Series
Skins
Skylook
Skype Toolbars
Skypeô 5.1
SmartWi Connection Utility
Snagit 9.1.3
Sony Download Taxi 1.5.0.0
SONY VGP-UPR1 (Display Adapter)
SONY VGP-UPR1 (Display Adapter) Utility
Sony Video Shared Library
Spy Sweeper
Spy Sweeper Core
Suite Shared Configuration CS4
SupportSoft Assisted Service
Tencent QQ
Ultimate Extras sounds from MicrosoftÆ Tinkerô
Ultra Flash Video FLV Converter 3.8.1023
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 3
VAIO Wallpaper Contents
VAIO Wireless Wizard
VirtualCloneDrive
WIDCOMM Bluetooth Software 6.1.0.2200
Windows Live Call
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Player Firefox Plugin
WinDVD for VAIO
WinRAR archiver
Your Uninstaller! 2008 Version 6.2
.
==== End Of File ===========================

Rapport Gmer
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-08 00:01:05
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0041
Running: gmer.exe; Driver: C:\Users\Emmanuel\AppData\Local\Temp\pxriqkow.sys


---- System - GMER 1.0.15 ----

SSDT 87D41B70 ZwAllocateVirtualMemory
SSDT 87D66218 ZwCreateProcess
SSDT 87D661A0 ZwCreateProcessEx
SSDT 87D41E40 ZwCreateThread
SSDT 87D41BE8 ZwQueueApcThread
SSDT 87D41A80 ZwReadVirtualMemory
SSDT 87D41CD8 ZwSetContextThread
SSDT 87D41F30 ZwSetInformationProcess
SSDT 87D41D50 ZwSetInformationThread
SSDT 87D41EB8 ZwSuspendProcess
SSDT 87D41C60 ZwSuspendThread
SSDT 87D41FA8 ZwTerminateProcess
SSDT 87D41DC8 ZwTerminateThread
SSDT 87D41AF8 ZwWriteVirtualMemory
SSDT 87D41990 ZwCreateThreadEx
SSDT 87D41A08 ZwCreateUserProcess

INT 0x61 ? 90526CD0
INT 0xB0 ? 90526A50

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 846F1894 4 Bytes [70, 1B, D4, 87] {JO 0x1d; AAM 0x87}
.text ntkrnlpa.exe!KeSetEvent + 209 846F196C 8 Bytes [18, 62, D6, 87, A0, 61, D6, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 846F1984 4 Bytes [40, 1E, D4, 87] {INC EAX; PUSH DS; AAM 0x87}
.text ntkrnlpa.exe!KeSetEvent + 4E5 846F1C48 4 Bytes [E8, 1B, D4, 87]
.text ntkrnlpa.exe!KeSetEvent + 4FD 846F1C60 4 Bytes [80, 1A, D4, 87]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C09000, 0x1F926A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[1592] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1592] ole32.dll!CoCreateInstance 765C9F3E 5 Bytes JMP 0081000A
.text C:\Windows\system32\svchost.exe[1592] USER32.dll!WindowFromPoint 7633884F 5 Bytes JMP 0215000A
.text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetForegroundWindow 763432C4 5 Bytes JMP 021A000A
.text C:\Windows\system32\svchost.exe[1592] USER32.dll!GetCursorPos 76350B88 5 Bytes JMP 01FE000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0082000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0083000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2892] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0081000A
.text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtProtectVirtualMemory 77424D34 5 Bytes JMP 0084000A
.text C:\Windows\Explorer.EXE[5052] ntdll.dll!NtWriteVirtualMemory 77425674 5 Bytes JMP 0086000A
.text C:\Windows\Explorer.EXE[5052] ntdll.dll!KiUserExceptionDispatcher 77425DC8 5 Bytes JMP 0083000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHZ2400BT_G1____________________0041000C#4&390b30ad&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b7307
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d8b731e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00125a6014a8@0017fa893ed7 0x66 0xF2 0x21 0x39 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b7307 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d8b731e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@0023df53c6ac 0x4D 0xE1 0x83 0xEF ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3ded49ed@c8bcc82abaa6 0xA0 0x12 0x5A 0x0E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x53 0xE1 0x7E 0x01 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Beauregard, 07 May 2011 - 11:55 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 12:09 PM

Hello Beauregard ,

Posted Image

Let's try the easy way first. :)


Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 12:13 PM

Thanks Tea.
Rebooting now!

Beauregard

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 12:18 PM

You bet. :thumbup2: Post the report when you're ready. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 12:32 PM

Loading Error at start (which has been here for a few days):
C:\Users\MyName\AppData\Local\Temp\ntosetup.dll

"Dos" like window has been opening at start for a few days:
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073A

Windows Security center has issues: BitDefender anti virus does not start.
Windows update has been failing for days.
Windows Defender is supposedly outdated. That was actually the first sign.

Thanks for your help,
Beauregard

///////////////////

TDSKILLER REPORT

2011/05/08 01:06:35.0353 6084 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 01:06:37.0358 6084 ================================================================================
2011/05/08 01:06:37.0358 6084 SystemInfo:
2011/05/08 01:06:37.0358 6084
2011/05/08 01:06:37.0359 6084 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/08 01:06:37.0359 6084 Product type: Workstation
2011/05/08 01:06:37.0359 6084 ComputerName: EMMANUEL-PC
2011/05/08 01:06:37.0376 6084 UserName: Emmanuel
2011/05/08 01:06:37.0376 6084 Windows directory: C:\Windows
2011/05/08 01:06:37.0376 6084 System windows directory: C:\Windows
2011/05/08 01:06:37.0376 6084 Processor architecture: Intel x86
2011/05/08 01:06:37.0376 6084 Number of processors: 2
2011/05/08 01:06:37.0376 6084 Page size: 0x1000
2011/05/08 01:06:37.0376 6084 Boot type: Normal boot
2011/05/08 01:06:37.0376 6084 ================================================================================
2011/05/08 01:06:38.0650 6084 Initialize success
2011/05/08 01:06:47.0277 5936 ================================================================================
2011/05/08 01:06:47.0277 5936 Scan started
2011/05/08 01:06:47.0277 5936 Mode: Manual;
2011/05/08 01:06:47.0277 5936 ================================================================================
2011/05/08 01:06:48.0165 5936 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/05/08 01:06:48.0264 5936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/08 01:06:48.0515 5936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/08 01:06:48.0701 5936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/08 01:06:48.0794 5936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/08 01:06:48.0879 5936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/08 01:06:49.0161 5936 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/08 01:06:49.0258 5936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/08 01:06:49.0366 5936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/08 01:06:49.0584 5936 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
2011/05/08 01:06:49.0671 5936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/08 01:06:49.0764 5936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/08 01:06:49.0841 5936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/08 01:06:49.0970 5936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/08 01:06:50.0062 5936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/08 01:06:50.0148 5936 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/08 01:06:50.0614 5936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/08 01:06:50.0769 5936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/08 01:06:51.0139 5936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/08 01:06:51.0207 5936 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/08 01:06:51.0572 5936 athr (24b4375abbc587bdc99e231383c16b8f) C:\Windows\system32\DRIVERS\athr.sys
2011/05/08 01:06:52.0272 5936 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/08 01:06:52.0863 5936 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/05/08 01:06:53.0278 5936 AVCSTRM (a25f0f39ac579fe899a7c8d67ecb157c) C:\Windows\system32\DRIVERS\avcstrm.sys
2011/05/08 01:06:53.0677 5936 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys
2011/05/08 01:06:53.0910 5936 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/05/08 01:06:54.0194 5936 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
2011/05/08 01:06:54.0387 5936 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
2011/05/08 01:06:54.0905 5936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/08 01:06:55.0253 5936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/08 01:06:55.0340 5936 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/08 01:06:55.0548 5936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/08 01:06:56.0202 5936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/08 01:06:56.0654 5936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/08 01:06:56.0968 5936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/08 01:06:57.0169 5936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/08 01:06:57.0256 5936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/08 01:06:57.0480 5936 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/08 01:06:57.0799 5936 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/08 01:06:58.0295 5936 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/08 01:06:58.0912 5936 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/05/08 01:06:59.0263 5936 BTHprint (d72baf07a11de1dd32855bb897518d53) C:\Windows\system32\DRIVERS\bthprint.sys
2011/05/08 01:06:59.0352 5936 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/08 01:06:59.0565 5936 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2011/05/08 01:06:59.0635 5936 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2011/05/08 01:06:59.0721 5936 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/08 01:06:59.0833 5936 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/08 01:06:59.0986 5936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/08 01:07:00.0083 5936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/08 01:07:00.0163 5936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/08 01:07:00.0369 5936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/08 01:07:00.0517 5936 CMB8100 (6b0f39e11eec9fa75a2f3e74344470e0) C:\Windows\system32\Drivers\CertClient.dat
2011/05/08 01:07:00.0640 5936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/08 01:07:00.0778 5936 CMBProtector (01bd490e00f607c0c82b2b7f7da64e25) C:\Windows\system32\Drivers\CMBProtector.dat
2011/05/08 01:07:00.0861 5936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/08 01:07:00.0951 5936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/08 01:07:01.0031 5936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/08 01:07:01.0164 5936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/08 01:07:01.0305 5936 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/05/08 01:07:01.0494 5936 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/08 01:07:01.0621 5936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/08 01:07:01.0839 5936 dlkmd (a4949370238c55aef82317af36d8b939) C:\Windows\system32\drivers\dlkmd.sys
2011/05/08 01:07:01.0935 5936 dlkmdldr (c8e26d7e2b8e354982d5e37e2c05fdba) C:\Windows\system32\drivers\dlkmdldr.sys
2011/05/08 01:07:02.0016 5936 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/05/08 01:07:02.0154 5936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/08 01:07:02.0287 5936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/08 01:07:02.0378 5936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/08 01:07:02.0471 5936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/08 01:07:02.0597 5936 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/08 01:07:02.0753 5936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/08 01:07:02.0854 5936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/08 01:07:03.0060 5936 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/05/08 01:07:03.0209 5936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/08 01:07:03.0333 5936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/08 01:07:03.0481 5936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/08 01:07:03.0587 5936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/08 01:07:03.0739 5936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/08 01:07:03.0825 5936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/08 01:07:03.0901 5936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/08 01:07:04.0076 5936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/08 01:07:04.0195 5936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/08 01:07:04.0296 5936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/08 01:07:04.0353 5936 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/08 01:07:04.0430 5936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/08 01:07:04.0560 5936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/08 01:07:04.0700 5936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/08 01:07:04.0835 5936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/08 01:07:04.0963 5936 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/08 01:07:05.0089 5936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/08 01:07:05.0215 5936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/08 01:07:05.0304 5936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/08 01:07:05.0438 5936 HPFXBULK (9e3944a558ab84853ef985988e23a8a4) C:\Windows\system32\drivers\hpfxbulk.sys
2011/05/08 01:07:05.0581 5936 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/08 01:07:05.0717 5936 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/08 01:07:05.0843 5936 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/08 01:07:05.0957 5936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/08 01:07:06.0111 5936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/08 01:07:06.0182 5936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/08 01:07:06.0294 5936 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/08 01:07:06.0377 5936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/08 01:07:06.0609 5936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/08 01:07:06.0814 5936 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/08 01:07:07.0042 5936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/08 01:07:07.0188 5936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/08 01:07:07.0260 5936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/08 01:07:07.0424 5936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/08 01:07:07.0506 5936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/08 01:07:07.0702 5936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/08 01:07:07.0795 5936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/08 01:07:07.0936 5936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/08 01:07:08.0007 5936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/08 01:07:08.0081 5936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/08 01:07:08.0222 5936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/08 01:07:08.0297 5936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/08 01:07:08.0461 5936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/08 01:07:08.0853 5936 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/05/08 01:07:08.0980 5936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/08 01:07:09.0085 5936 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/05/08 01:07:09.0209 5936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/08 01:07:09.0307 5936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/08 01:07:09.0402 5936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/08 01:07:09.0529 5936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/08 01:07:09.0650 5936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/08 01:07:09.0731 5936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/08 01:07:09.0839 5936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/08 01:07:10.0028 5936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/08 01:07:10.0132 5936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/08 01:07:10.0194 5936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/08 01:07:10.0275 5936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/08 01:07:10.0418 5936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/08 01:07:10.0515 5936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/08 01:07:10.0620 5936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/08 01:07:10.0714 5936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/08 01:07:10.0834 5936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/08 01:07:10.0970 5936 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/08 01:07:11.0072 5936 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/08 01:07:11.0123 5936 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/08 01:07:11.0190 5936 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/08 01:07:11.0265 5936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/08 01:07:11.0409 5936 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/05/08 01:07:11.0504 5936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/08 01:07:11.0583 5936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/08 01:07:11.0693 5936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/08 01:07:11.0774 5936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/08 01:07:11.0849 5936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/08 01:07:11.0962 5936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/08 01:07:12.0062 5936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/08 01:07:12.0157 5936 MSTAPE (92b0e43b54ebff026451df3dd142129d) C:\Windows\system32\DRIVERS\mstape.sys
2011/05/08 01:07:12.0262 5936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/08 01:07:12.0377 5936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/08 01:07:12.0516 5936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/08 01:07:12.0633 5936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/08 01:07:12.0782 5936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/08 01:07:12.0871 5936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/08 01:07:12.0981 5936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/08 01:07:13.0058 5936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/08 01:07:13.0152 5936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/08 01:07:13.0267 5936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/08 01:07:13.0535 5936 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/08 01:07:13.0749 5936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/08 01:07:13.0969 5936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/08 01:07:14.0118 5936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/08 01:07:14.0264 5936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/08 01:07:14.0406 5936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/08 01:07:14.0564 5936 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/08 01:07:14.0658 5936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/08 01:07:14.0733 5936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/08 01:07:14.0819 5936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/08 01:07:14.0913 5936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/08 01:07:15.0151 5936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/08 01:07:15.0430 5936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/08 01:07:15.0855 5936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/08 01:07:16.0299 5936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/08 01:07:17.0008 5936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/08 01:07:17.0448 5936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/08 01:07:17.0738 5936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/08 01:07:18.0626 5936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/08 01:07:19.0037 5936 Point32 (d82ac5b7da8fdccda1323836516405ec) C:\Windows\system32\DRIVERS\point32k.sys
2011/05/08 01:07:19.0382 5936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/08 01:07:19.0929 5936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/08 01:07:20.0335 5936 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
2011/05/08 01:07:20.0567 5936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/08 01:07:20.0666 5936 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/08 01:07:20.0782 5936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/08 01:07:20.0935 5936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/08 01:07:21.0055 5936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/08 01:07:21.0142 5936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/08 01:07:21.0240 5936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/08 01:07:21.0356 5936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/08 01:07:21.0465 5936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/08 01:07:21.0624 5936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/08 01:07:21.0726 5936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/08 01:07:21.0837 5936 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/05/08 01:07:21.0917 5936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/08 01:07:22.0083 5936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/08 01:07:22.0248 5936 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/05/08 01:07:22.0398 5936 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/08 01:07:22.0479 5936 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/08 01:07:22.0659 5936 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/05/08 01:07:22.0750 5936 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
2011/05/08 01:07:22.0851 5936 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/08 01:07:22.0968 5936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/08 01:07:23.0106 5936 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys
2011/05/08 01:07:23.0275 5936 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/08 01:07:23.0468 5936 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/08 01:07:23.0632 5936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/08 01:07:23.0754 5936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/08 01:07:23.0836 5936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/08 01:07:23.0932 5936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/08 01:07:24.0156 5936 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/05/08 01:07:24.0313 5936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/08 01:07:24.0416 5936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/08 01:07:24.0504 5936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/08 01:07:24.0596 5936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/08 01:07:24.0712 5936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/08 01:07:24.0898 5936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/08 01:07:25.0000 5936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/08 01:07:25.0193 5936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/08 01:07:25.0469 5936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/08 01:07:25.0623 5936 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/05/08 01:07:25.0859 5936 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys
2011/05/08 01:07:25.0988 5936 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/05/08 01:07:26.0121 5936 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/08 01:07:26.0209 5936 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/08 01:07:26.0356 5936 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2011/05/08 01:07:26.0469 5936 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\Windows\system32\DRIVERS\sshrmd.sys
2011/05/08 01:07:26.0611 5936 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/05/08 01:07:26.0738 5936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/08 01:07:26.0975 5936 swmsflt (a184a1bab187809b144ba32509b9e731) C:\Windows\System32\drivers\swmsflt.sys
2011/05/08 01:07:27.0144 5936 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys
2011/05/08 01:07:27.0339 5936 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys
2011/05/08 01:07:27.0466 5936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/08 01:07:27.0577 5936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/08 01:07:27.0704 5936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/08 01:07:27.0917 5936 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
2011/05/08 01:07:28.0108 5936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/08 01:07:28.0293 5936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/08 01:07:28.0420 5936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/08 01:07:28.0589 5936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/08 01:07:28.0688 5936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/08 01:07:28.0834 5936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/08 01:07:28.0943 5936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/08 01:07:29.0156 5936 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
2011/05/08 01:07:29.0332 5936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/08 01:07:29.0433 5936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/08 01:07:29.0548 5936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/08 01:07:29.0633 5936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/08 01:07:29.0750 5936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/08 01:07:30.0063 5936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/08 01:07:30.0177 5936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/08 01:07:30.0301 5936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/08 01:07:30.0424 5936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/08 01:07:30.0558 5936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/08 01:07:30.0785 5936 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/08 01:07:30.0879 5936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/08 01:07:31.0016 5936 usbbus (adb68aa60ef991ce2e217223fa20b4ff) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/05/08 01:07:31.0158 5936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/08 01:07:31.0272 5936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/08 01:07:31.0422 5936 UsbDiag (d4a6201dd361f019e44483645b490e4e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/05/08 01:07:31.0512 5936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/08 01:07:31.0658 5936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/08 01:07:31.0759 5936 USBModem (a2b99411e10287f327a9820d260e7fe4) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/05/08 01:07:31.0863 5936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/08 01:07:31.0966 5936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/08 01:07:32.0177 5936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/08 01:07:32.0293 5936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/08 01:07:32.0387 5936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/08 01:07:32.0489 5936 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/08 01:07:32.0783 5936 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
2011/05/08 01:07:32.0948 5936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/08 01:07:33.0034 5936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/08 01:07:33.0152 5936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/08 01:07:33.0243 5936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/08 01:07:33.0386 5936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/08 01:07:33.0478 5936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/08 01:07:33.0583 5936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/08 01:07:33.0720 5936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/08 01:07:33.0822 5936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/08 01:07:34.0133 5936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/08 01:07:34.0236 5936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 01:07:34.0288 5936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 01:07:34.0512 5936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/08 01:07:34.0626 5936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/08 01:07:34.0978 5936 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/05/08 01:07:35.0284 5936 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/08 01:07:36.0203 5936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/08 01:07:36.0508 5936 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/08 01:07:36.0651 5936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/08 01:07:36.0802 5936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/08 01:07:36.0928 5936 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/08 01:07:37.0055 5936 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/08 01:07:37.0441 5936 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/08 01:07:37.0453 5936 ================================================================================
2011/05/08 01:07:37.0453 5936 Scan finished
2011/05/08 01:07:37.0453 5936 ================================================================================
2011/05/08 01:07:37.0483 3880 Detected object count: 1
2011/05/08 01:07:58.0372 3880 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/08 01:07:58.0373 3880 \HardDisk0 - ok
2011/05/08 01:07:58.0423 3880 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/05/08 01:08:15.0679 5876 Deinitialize success

Attached Files


Edited by Beauregard, 07 May 2011 - 12:33 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 12:37 PM

Hello,

Are you still having those problems after TDSSKiller? I see you have Malwarebytes already.....please have a quick scan with it and post the report. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 12:49 PM

Yes, same messages.

One thing that has changed is that Windows Update is now in progress.
Should I stop it?

Scan should take 20 minutes.

Thanks,
Beauregard

Edited by Beauregard, 07 May 2011 - 12:50 PM.


#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 12:52 PM

Let Windows finish, then the scan. I know it takes time, but you need those updates. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 01:18 PM

Dear Tea,

10% update takes about 15-20 minutes... and it is 2 in the morning for me.
So I finished the scan.

I will do another one once I have installed all the updates, as I should install them, right?

I guess I will have to finsih tomorrow when you will be sleeping! :busy:

Thanks a lot, we are making progress.

Best,
Beauregard

PS: Windows Defender now works. Should I keep BitDefender as well?

///////////////////

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6528

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

5/8/2011 2:13:54 AM
mbam-log-2011-05-08 (02-13-54).txt

Scan type: Quick scan
Objects scanned: 174161
Time elapsed: 21 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes Report

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 01:30 PM

Hi there,

Yes, install the updates when they're ready. Also, up to you what you keep....whatever you like best. They're both good. :thumbup2:

Have a good sleep and post when you're ready. :)
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 02:15 PM

Loading Error at start (which has been here for a few days):
C:\Users\MyName\AppData\Local\Temp\ntosetup.dll

"Dos" like window has been opening at start for a few days:
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\073A

Windows Security center works now.
Windows update and Windows Defender work now.

////////////////////

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

BitDefender Antivirus 2010
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java™ SE Runtime Environment 6
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.153.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
BitDefender BitDefender 2010 bdagent.exe
BitDefender BitDefender 2010 seccenter.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 02:18 PM

You can uninstall all the old versions of Java. They aren't needed, then that particular scan should not show any red flags. :)

Did you get SP3 in the Windows updates?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 02:24 PM

No, I did not get SP3.
Should I go get it?

Which Java version should I uninstall?

Best,
B.

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:47 PM

Posted 07 May 2011 - 02:27 PM

Uninstall all but the very latest version of Java, which I believe is update 23 or 24

I think maybe SP3 might help with some of the other issues you seem to still be having, and with all the patches and updates it includes, the computer will be more secure. :thumbup2:

I thought you were going to sleep?? :blink:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 Beauregard

Beauregard
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 May 2011 - 02:54 PM

I have Vista not XP so there is no SP3, right?
Also, Internet Explorer 9 does not work with Vista 32 bit, right?

Do you think that I am out of trouble?

Because this time I am heading to bed... B)

Thanks for everything,
Beauregard

Edited by Beauregard, 07 May 2011 - 02:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users