Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan: DOS/Alureon.A - Win XP


  • Please log in to reply
11 replies to this topic

#1 johnon12

johnon12

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 08 September 2011 - 08:06 PM

I have been having an issue with my computer. I got it working then the Alureon.a trojan came along or was always there. MSE picked it up but it kept coming back.
I started this thread then was asked to move over to here once we determined it was not hardware related
http://www.bleepingcomputer.com/forums/topic417911.html

I ran a chkdsk /r with success but then the Alureon popped up and grinded everything to a halt.
I ran another chkdsk /r but my computer is still in same state, like 15 minutes for each click of the mouse. 30 mins to boot up, 30 mins to shut down.
I am going to run another chkdsk /r as last time it took two times for whatever reason.

No network, can't run malwarebytes, MSE, other programs work once I get into them which can take 30-45 mins.
I can log into safe modes but they are all just as slow and no networking.

Machine is a Lenovo T60P with Win XP Pro.

Please help, tomorrow will be day 4 of this nonsense.

thanks in advance!!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:20 PM

Posted 08 September 2011 - 09:01 PM

Hello,lets see if we van get in.

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



NOTE:These can also be copied to a Flash drive or CD and run if needed.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

>>>>
Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


>>>>
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 09 September 2011 - 01:31 AM

Mini Tool Box Results

MiniToolBox by Farbar
Ran by john (administrator) on 08-09-2011 at 22:38:45
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Network Connect Adapter"

set address name="Network Connect Adapter" source=dhcp
set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
set wins name="Network Connect Adapter" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MAC12356991

Primary Dns Suffix . . . . . . . : ads.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : ads.com

com



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-19-D2-0A-B2-55

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, September 08, 2011 10:36:04 PM

Lease Expires . . . . . . . . . . : Friday, September 09, 2011 10:36:04 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-15-58-7F-97-35



Ethernet adapter Network Connect Adapter:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter

Physical Address. . . . . . . . . : 00-FF-68-1D-AB-86

Server: UnKnown
Address: 192.168.1.1

Name: google.com.ads.com
Address: 207.223.0.140



Pinging google.com [74.125.224.114] with 32 bytes of data:



Reply from 74.125.224.114: bytes=32 time=13ms TTL=55

Reply from 74.125.224.114: bytes=32 time=14ms TTL=55



Ping statistics for 74.125.224.114:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 13ms, Maximum = 14ms, Average = 13ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com.ads.com
Address: 207.223.0.140



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=88ms TTL=49

Reply from 69.147.125.65: bytes=32 time=93ms TTL=49



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 93ms, Average = 90ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d2 0a b2 55 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 15 58 7f 97 35 ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
0x10005 ...00 ff 68 1d ab 86 ...... Juniper Network Connect Virtual Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.7 192.168.1.7 20
192.168.1.0 255.255.255.0 192.168.1.7 192.168.1.7 25
192.168.1.7 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.7 192.168.1.7 25
224.0.0.0 240.0.0.0 192.168.1.7 192.168.1.7 25
255.255.255.255 255.255.255.255 192.168.1.7 3 1
255.255.255.255 255.255.255.255 192.168.1.7 192.168.1.7 1
255.255.255.255 255.255.255.255 192.168.1.7 10005 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 05 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 bmnet.dll [File Not found] ()
Catalog9 02 bmnet.dll [File Not found] ()
Catalog9 03 bmnet.dll [File Not found] ()
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2011 10:35:33 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iexplore.exe!ld!)

Error: (09/08/2011 10:35:29 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iexplore.exe!ld!)

Error: (09/08/2011 10:35:26 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iexplore.exe!ld!)

Error: (09/08/2011 10:35:13 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/08/2011 10:35:06 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iexplore.exe!ld!)

Error: (09/08/2011 10:34:44 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (iexplore.exe!ld!)

Error: (09/08/2011 10:33:50 PM) (Source: Microsoft Operations Manager) (User: SYSTEM)SYSTEM
Description: The Agent outgoing data processing has been blocked.
This indicates problems with communication or database processing.

Management Group: ForefrontClientSecurity

Error: (09/08/2011 10:33:48 PM) (Source: Microsoft Operations Manager) (User: SYSTEM)SYSTEM
Description: The Agent incoming queue data submission has been blocked.
This may indicate that queue does not have sufficient space or is unavailable to accept data.

Management Group: ForefrontClientSecurity

Error: (09/08/2011 10:33:00 PM) (Source: Microsoft Operations Manager) (User: SYSTEM)SYSTEM
Description: The agent could not resolve the IP of the MOM Server petfcscprd01.ads.com. The error reported is 'The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for.'.

Error: (09/08/2011 10:32:41 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (09/08/2011 10:37:00 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (09/08/2011 10:36:07 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (09/08/2011 10:35:00 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (09/08/2011 10:33:52 PM) (Source: Service Control Manager) (User: )
Description: The Altiris Agent service failed to start due to the following error:
%%2

Error: (09/08/2011 10:32:40 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain ADS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (09/08/2011 01:01:58 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:DOS/Alureon.A60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:DOS/Alureon.A603

Name: Trojan:DOS/Alureon.A

ID: 2147636949

Severity: %Trojan:DOS/Alureon.A600

Category: %Trojan:DOS/Alureon.A602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Trojan:DOS/Alureon.A608

User: {7687527D-1DD4-49C1-A932-DE3CE230243F}9

Process Name: %Trojan:DOS/Alureon.A609

Action: {7687527D-1DD4-49C1-A932-DE3CE230243F}1

Action Status: {7687527D-1DD4-49C1-A932-DE3CE230243F}8

Error Code: {7687527D-1DD4-49C1-A932-DE3CE230243F}3

Error description: {7687527D-1DD4-49C1-A932-DE3CE230243F}4

Signature Version: 2011-09-08T19:56:31.125Z1

Engine Version: 2011-09-08T19:56:31.125Z2

Error: (09/08/2011 00:58:40 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (09/08/2011 00:58:07 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (09/08/2011 00:57:28 PM) (Source: DCOM) (User: SYSTEM)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (09/08/2011 00:54:36 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.111.1528.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (04/02/2009 04:59:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 906 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/01/2009 00:49:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5670 seconds with 720 seconds of active time. This session ended with a crash.

Error: (03/03/2009 03:45:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19702 seconds with 3660 seconds of active time. This session ended with a crash.

Error: (01/29/2009 10:58:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6891 seconds with 1800 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================


Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Reader 9 (Version: 9.0.0)
Apple Application Support (Version: 1.3.0)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.2.120)
AT&T Communication Manager (Version: 6.10.0025.0)
ATI Display Driver (Version: 8.442.3-080103a1-057754C-Lenovo)
Audacity 1.2.6
BlackBerry Desktop Software 4.7 (Version: 4.7.0.32)
Bonjour (Version: 2.0.2.0)
Business Objects FP4.5 (Version: 11.5.10.1426)
Business Plan Pro 2007 (Version: 9.09.0003)
BusinessObjects XI R2 Service Pack 3 (Version: 11.5.9.1076)
BusinessObjects XI R2 Service Pack 4 (Version: 11.5.10.1263)
CCleaner (Version: 3.09)
Defraggler (Version: 2.06)
Driver Installer (Version: 2.3.0.797)
FlashPeak SlimBrowser (Version: 5.01.039)
Garmin Communicator Plugin (Version: 2.6.2)
Garmin POI Loader (Version: 2.5.3.0)
Garmin POI Loader (Version: 2.5.4.0)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.1.1)
Google Chrome (Version: 13.0.782.220)
Google Earth (Version: 6.0.3.2197)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.65)
Google Updater (Version: 2.4.1536.6592)
HijackThis 2.0.2 (Version: 2.0.2)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService (Version: 001.001.0.0)
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0)
hppusgP1100P1560P1600Series (Version: 1.0.0.1)
IBM RecordNow! (Version: 7.22)
IDAutomation.com PDF417 Font and Encoder
IDrive version 3.4.1 July 14, 2011 (Version: 3.4.1)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 11.5.0.API)
InterVideo WinDVD (Version: 5.0-B11.300)
iTunes (Version: 9.2.0.61)
J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120)
Java 2 Runtime Environment, SE v1.4.2_06 (Version: 1.4.2_06)
Java™ 6 Update 17 (Version: 6.0.170)
Java™ 6 Update 3 (Version: 1.6.0.30)
Juniper Networks Network Connect 6.3.0 (Version: 6.3.0.13725)
Junk Mail filter update (Version: 14.0.8117.416)
K-Lite Codec Pack 7.2.0 (Standard) (Version: 7.2.0)
Lenovo Battery Program (Version: 1.00.000)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MarketResearch (Version: 130.0.374.000)
mCore (Version: 11.04.0000)
mDriver (Version: 11.04.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.114)
Microsoft Office OneNote 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Operations Manager 2005 Agent (Version: 5.0.2911.0)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (Version: 8.0.50727.762)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.50917.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
mMHouse (Version: 11.04.0000)
Mozilla Thunderbird (3.1.11) (Version: 3.1.11 (en-US))
mPfMgr (Version: 11.04.0000)
mProSafe (Version: 9.00.0000)
MSN Toolbar (Version: 4.0.0379.0)
MSN Toolbar Platform (Version: 4.0.0417.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
MSXML4.0 redistributable (Version: 4.0.0.0)
mWlsSafe (Version: 9.00.0000)
On Screen Display (Version: 5.12.00)
Presentation Director (Version: 4.01)
QuickTime (Version: 7.66.73.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealTime Cookie & Cache Cleaner (RtC3)
RealUpgrade 1.1 (Version: 1.1.0)
Remote Control USB Driver (Version: 2.3.2.317)
Scroll Lock Indicator Utility (Version: 1.07)
Segoe UI (Version: 14.0.4327.805)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.0 (Version: 5.0.156)
SlingPlayer (Version: 2.0.4521)
Snagit 9.1 (Version: 9.1.0.206)
Spotify (Version: 0.5.2)
ThinkPad Configuration (Version: 1.55)
ThinkPad EasyEject Utility (Version: 2.36)
ThinkPad FullScreen Magnifier (Version: 2.02)
ThinkPad Keyboard Customizer Utility (Version: 1.3.53.0)
ThinkPad Modem (Version: 7.56.00)
ThinkPad Power Management Driver (Version: 1.44)
ThinkPad Power Manager (Version: 1.30b)
ThinkPad UltraNav Driver (Version: 11.1.21.0)
ThinkPad UltraNav Utility (Version: 2.04)
WeatherBug (Version: 6.8.1.1)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools (Version: 5.1.2600.5512)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1022.34 MB
Available physical RAM: 327.93 MB
Total Pagefile: 2968.49 MB
Available Pagefile: 2264.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.31 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.88 GB) (Free:9.45 GB) NTFS

========================= Users: ========================================

User accounts for \\MAC12356991

Administrator ASPNET esssrv
Guest HelpAssistant john
PVMarion SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini090711-01.dmp

**** End of log ****

#4 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 09 September 2011 - 01:34 AM

TDSSKiller Results:

2011/09/08 22:49:22.0406 5216 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 22:49:22.0937 5216 ================================================================================
2011/09/08 22:49:22.0937 5216 SystemInfo:
2011/09/08 22:49:22.0937 5216
2011/09/08 22:49:22.0937 5216 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/08 22:49:22.0937 5216 Product type: Workstation
2011/09/08 22:49:22.0937 5216 ComputerName: mac123
2011/09/08 22:49:22.0937 5216 UserName: j
2011/09/08 22:49:22.0937 5216 Windows directory: C:\WINDOWS
2011/09/08 22:49:22.0937 5216 System windows directory: C:\WINDOWS
2011/09/08 22:49:22.0937 5216 Processor architecture: Intel x86
2011/09/08 22:49:22.0937 5216 Number of processors: 2
2011/09/08 22:49:22.0937 5216 Page size: 0x1000
2011/09/08 22:49:22.0937 5216 Boot type: Normal boot
2011/09/08 22:49:22.0937 5216 ================================================================================
2011/09/08 22:49:24.0203 5216 Initialize success
2011/09/08 22:49:51.0906 5904 ================================================================================
2011/09/08 22:49:51.0906 5904 Scan started
2011/09/08 22:49:51.0906 5904 Mode: Manual;
2011/09/08 22:49:51.0906 5904 ================================================================================
2011/09/08 22:49:52.0875 5904 a320raid (ce91060555920221df0ad2b4e16ffd3e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
2011/09/08 22:49:52.0953 5904 aac (74365ea0c390d9af5d2ee720c65be2a9) C:\WINDOWS\system32\DRIVERS\aac.sys
2011/09/08 22:49:53.0046 5904 aarich (cbc2f80f0c6da201886b0fb61901c241) C:\WINDOWS\system32\DRIVERS\aarich.sys
2011/09/08 22:49:53.0140 5904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/08 22:49:53.0187 5904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/08 22:49:53.0281 5904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/08 22:49:53.0328 5904 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/09/08 22:49:53.0343 5904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/08 22:49:53.0375 5904 adpu320 (11adfc5531d2bf818add4f2265103368) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2011/09/08 22:49:53.0515 5904 AE1000 (861fda9771c4eb75f17aec4cd171c9b6) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys
2011/09/08 22:49:53.0546 5904 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/09/08 22:49:53.0656 5904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/08 22:49:53.0765 5904 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/08 22:49:53.0875 5904 AFAMgt (e241d5facff43b3fe22426fe27ba6a4a) C:\WINDOWS\system32\DRIVERS\afamgt.sys
2011/09/08 22:49:53.0921 5904 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/08 22:49:53.0953 5904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/08 22:49:53.0968 5904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/08 22:49:53.0984 5904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/08 22:49:54.0000 5904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/08 22:49:54.0031 5904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/08 22:49:54.0046 5904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/08 22:49:54.0093 5904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/08 22:49:54.0109 5904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/08 22:49:54.0140 5904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/08 22:49:54.0187 5904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/08 22:49:54.0203 5904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/08 22:49:54.0218 5904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/08 22:49:54.0234 5904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/08 22:49:54.0281 5904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/08 22:49:54.0296 5904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/08 22:49:54.0546 5904 ati2mtag (2b6f1b90dd34910f329b5a655140032b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/08 22:49:54.0812 5904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/08 22:49:54.0859 5904 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/09/08 22:49:54.0906 5904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/08 22:49:54.0953 5904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/08 22:49:55.0015 5904 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/09/08 22:49:55.0046 5904 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/09/08 22:49:55.0078 5904 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/09/08 22:49:55.0109 5904 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/09/08 22:49:55.0156 5904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/08 22:49:55.0171 5904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/08 22:49:55.0203 5904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/08 22:49:55.0250 5904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/08 22:49:55.0250 5904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/08 22:49:55.0312 5904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/08 22:49:55.0359 5904 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\DRIVERS\cercsr6.sys
2011/09/08 22:49:55.0421 5904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/08 22:49:55.0546 5904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/08 22:49:55.0609 5904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/08 22:49:55.0640 5904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/08 22:49:55.0703 5904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/08 22:49:55.0718 5904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/08 22:49:55.0750 5904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/08 22:49:55.0843 5904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/08 22:49:55.0890 5904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/08 22:49:55.0937 5904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/08 22:49:55.0968 5904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/08 22:49:55.0984 5904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/08 22:49:56.0015 5904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/08 22:49:56.0062 5904 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/09/08 22:49:56.0171 5904 e1express (9b1a944de35a5deaa9299d5306b34c1e) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/09/08 22:49:56.0218 5904 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
2011/09/08 22:49:56.0265 5904 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/09/08 22:49:56.0312 5904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/08 22:49:56.0359 5904 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/09/08 22:49:56.0390 5904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/08 22:49:56.0437 5904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/08 22:49:56.0468 5904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/08 22:49:56.0531 5904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/08 22:49:56.0546 5904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/08 22:49:56.0625 5904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/08 22:49:56.0671 5904 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/09/08 22:49:56.0765 5904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/08 22:49:56.0875 5904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/08 22:49:56.0937 5904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/08 22:49:56.0984 5904 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/09/08 22:49:57.0031 5904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/08 22:49:57.0062 5904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/08 22:49:57.0140 5904 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/08 22:49:57.0218 5904 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/08 22:49:57.0343 5904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/08 22:49:57.0546 5904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/08 22:49:57.0625 5904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/08 22:49:57.0656 5904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/08 22:49:57.0750 5904 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/08 22:49:57.0828 5904 IBMPMDRV (931af21653dd91cd85270a2b31f87eeb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/09/08 22:49:57.0875 5904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/08 22:49:57.0906 5904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/08 22:49:57.0937 5904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/08 22:49:57.0984 5904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/08 22:49:58.0062 5904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/08 22:49:58.0109 5904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/08 22:49:58.0125 5904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/08 22:49:58.0171 5904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/08 22:49:58.0250 5904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/08 22:49:58.0281 5904 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/09/08 22:49:58.0343 5904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/08 22:49:58.0375 5904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/08 22:49:58.0421 5904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/08 22:49:58.0484 5904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/08 22:49:58.0546 5904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/08 22:49:58.0609 5904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/08 22:49:58.0718 5904 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/08 22:49:58.0843 5904 megasas (693cb6e68f5839d54c7cbae17f593d32) C:\WINDOWS\system32\DRIVERS\megasas.sys
2011/09/08 22:49:58.0890 5904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/08 22:49:58.0968 5904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/08 22:49:59.0109 5904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/08 22:49:59.0156 5904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/08 22:49:59.0171 5904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/08 22:49:59.0203 5904 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/09/08 22:49:59.0437 5904 MpKsl3cbeb644 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38FE981-93B4-42AB-A28A-A850A11025C5}\MpKsl3cbeb644.sys
2011/09/08 22:49:59.0562 5904 MpKslc96419fa (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38FE981-93B4-42AB-A28A-A850A11025C5}\MpKslc96419fa.sys
2011/09/08 22:49:59.0718 5904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/08 22:49:59.0765 5904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/08 22:50:00.0062 5904 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/08 22:50:00.0140 5904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/08 22:50:00.0187 5904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/08 22:50:00.0203 5904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/08 22:50:00.0218 5904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/08 22:50:00.0265 5904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/08 22:50:00.0281 5904 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/08 22:50:00.0328 5904 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys
2011/09/08 22:50:00.0375 5904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/08 22:50:00.0406 5904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/08 22:50:00.0437 5904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/08 22:50:00.0562 5904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/08 22:50:00.0609 5904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/08 22:50:00.0625 5904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/08 22:50:00.0687 5904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/08 22:50:00.0921 5904 NETw4x32 (01f8a43ff0b77df0e115a7ed4bd76d68) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/09/08 22:50:01.0031 5904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/08 22:50:01.0093 5904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/08 22:50:01.0140 5904 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/09/08 22:50:01.0218 5904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/08 22:50:01.0312 5904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/08 22:50:01.0359 5904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/08 22:50:01.0375 5904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/08 22:50:01.0406 5904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/08 22:50:01.0484 5904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/08 22:50:01.0500 5904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/08 22:50:01.0515 5904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/08 22:50:01.0578 5904 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/09/08 22:50:01.0703 5904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/08 22:50:02.0218 5904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/08 22:50:02.0312 5904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/08 22:50:02.0343 5904 PCnet (7bc8027d56fab153a987c56ae9835664) C:\WINDOWS\system32\DRIVERS\pcntpci5.sys
2011/09/08 22:50:02.0406 5904 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/09/08 22:50:03.0390 5904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/08 22:50:03.0406 5904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/08 22:50:03.0484 5904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/08 22:50:03.0546 5904 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/08 22:50:03.0562 5904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/08 22:50:03.0609 5904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/08 22:50:03.0640 5904 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/08 22:50:03.0687 5904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/08 22:50:03.0703 5904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/08 22:50:03.0765 5904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/08 22:50:03.0781 5904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/08 22:50:03.0812 5904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/08 22:50:03.0843 5904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/08 22:50:03.0906 5904 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/09/08 22:50:03.0921 5904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/08 22:50:03.0937 5904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/08 22:50:03.0953 5904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/08 22:50:04.0015 5904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/08 22:50:04.0125 5904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/08 22:50:04.0187 5904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/08 22:50:04.0234 5904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/08 22:50:04.0281 5904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/08 22:50:04.0343 5904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/09/08 22:50:04.0390 5904 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/08 22:50:04.0421 5904 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/08 22:50:04.0468 5904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/08 22:50:04.0531 5904 s24trans (f275ee6061e444caa7137aefb2c27a03) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/08 22:50:04.0609 5904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/08 22:50:04.0640 5904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/08 22:50:04.0765 5904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/08 22:50:04.0890 5904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/08 22:50:04.0968 5904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/08 22:50:05.0000 5904 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2011/09/08 22:50:05.0031 5904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/08 22:50:05.0078 5904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/08 22:50:05.0109 5904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/08 22:50:05.0187 5904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/08 22:50:05.0265 5904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/08 22:50:05.0296 5904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/08 22:50:05.0328 5904 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/09/08 22:50:05.0453 5904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/08 22:50:05.0468 5904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/08 22:50:05.0500 5904 Symmpi (164fca8f1489278a6d5a41f8cf99d295) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2011/09/08 22:50:05.0531 5904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/08 22:50:05.0546 5904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/08 22:50:05.0796 5904 SynTP (820d28f30ac01ce86860a35dcc7bfaab) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/08 22:50:05.0937 5904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/08 22:50:06.0015 5904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/08 22:50:06.0062 5904 tcpipBM (9b05aa8089f4ea1bc31208ede33969f3) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/09/08 22:50:06.0156 5904 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/09/08 22:50:06.0187 5904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/08 22:50:06.0234 5904 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/09/08 22:50:06.0359 5904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/08 22:50:06.0421 5904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/08 22:50:06.0484 5904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/08 22:50:06.0515 5904 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2011/09/08 22:50:06.0546 5904 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/09/08 22:50:06.0625 5904 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/09/08 22:50:06.0781 5904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/08 22:50:06.0812 5904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/08 22:50:06.0875 5904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/08 22:50:07.0015 5904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/08 22:50:07.0062 5904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/08 22:50:07.0125 5904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/08 22:50:07.0265 5904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/08 22:50:07.0343 5904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/08 22:50:07.0437 5904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/08 22:50:07.0562 5904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/08 22:50:07.0640 5904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/08 22:50:07.0890 5904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/08 22:50:07.0921 5904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/08 22:50:07.0953 5904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/08 22:50:07.0984 5904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/08 22:50:08.0046 5904 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/08 22:50:08.0156 5904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/08 22:50:08.0250 5904 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/08 22:50:08.0406 5904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/08 22:50:08.0437 5904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/08 22:50:08.0468 5904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/08 22:50:08.0531 5904 MBR (0x1B8) (d362d12dfabdcb8c1fc37d0bb054c5e7) \Device\Harddisk0\DR0
2011/09/08 22:50:08.0531 5904 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/08 22:50:08.0546 5904 Boot (0x1200) (a6fe324c361a167ca106bccb8ee836ca) \Device\Harddisk0\DR0\Partition0
2011/09/08 22:50:08.0546 5904 ================================================================================
2011/09/08 22:50:08.0546 5904 Scan finished
2011/09/08 22:50:08.0546 5904 ================================================================================
2011/09/08 22:50:08.0562 5656 Detected object count: 1
2011/09/08 22:50:08.0562 5656 Actual detected object count: 1
2011/09/08 22:51:28.0953 5656 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/08 22:51:29.0015 5656 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.c) - will be cured after reboot
2011/09/08 22:51:29.0015 5656 \Device\Harddisk0\DR0 - ok
2011/09/08 22:51:29.0015 5656 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/08 22:52:41.0187 3944 Deinitialize success

#5 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 09 September 2011 - 01:35 AM

TDSSKiller Results:

2011/09/08 22:49:22.0406 5216 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/08 22:49:22.0937 5216 ================================================================================
2011/09/08 22:49:22.0937 5216 SystemInfo:
2011/09/08 22:49:22.0937 5216
2011/09/08 22:49:22.0937 5216 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/08 22:49:22.0937 5216 Product type: Workstation
2011/09/08 22:49:22.0937 5216 ComputerName: mac123
2011/09/08 22:49:22.0937 5216 UserName: j
2011/09/08 22:49:22.0937 5216 Windows directory: C:\WINDOWS
2011/09/08 22:49:22.0937 5216 System windows directory: C:\WINDOWS
2011/09/08 22:49:22.0937 5216 Processor architecture: Intel x86
2011/09/08 22:49:22.0937 5216 Number of processors: 2
2011/09/08 22:49:22.0937 5216 Page size: 0x1000
2011/09/08 22:49:22.0937 5216 Boot type: Normal boot
2011/09/08 22:49:22.0937 5216 ================================================================================
2011/09/08 22:49:24.0203 5216 Initialize success
2011/09/08 22:49:51.0906 5904 ================================================================================
2011/09/08 22:49:51.0906 5904 Scan started
2011/09/08 22:49:51.0906 5904 Mode: Manual;
2011/09/08 22:49:51.0906 5904 ================================================================================
2011/09/08 22:49:52.0875 5904 a320raid (ce91060555920221df0ad2b4e16ffd3e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
2011/09/08 22:49:52.0953 5904 aac (74365ea0c390d9af5d2ee720c65be2a9) C:\WINDOWS\system32\DRIVERS\aac.sys
2011/09/08 22:49:53.0046 5904 aarich (cbc2f80f0c6da201886b0fb61901c241) C:\WINDOWS\system32\DRIVERS\aarich.sys
2011/09/08 22:49:53.0140 5904 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/08 22:49:53.0187 5904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/08 22:49:53.0281 5904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/08 22:49:53.0328 5904 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/09/08 22:49:53.0343 5904 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/08 22:49:53.0375 5904 adpu320 (11adfc5531d2bf818add4f2265103368) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2011/09/08 22:49:53.0515 5904 AE1000 (861fda9771c4eb75f17aec4cd171c9b6) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys
2011/09/08 22:49:53.0546 5904 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/09/08 22:49:53.0656 5904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/08 22:49:53.0765 5904 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/08 22:49:53.0875 5904 AFAMgt (e241d5facff43b3fe22426fe27ba6a4a) C:\WINDOWS\system32\DRIVERS\afamgt.sys
2011/09/08 22:49:53.0921 5904 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/08 22:49:53.0953 5904 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/08 22:49:53.0968 5904 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/08 22:49:53.0984 5904 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/08 22:49:54.0000 5904 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/08 22:49:54.0031 5904 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/08 22:49:54.0046 5904 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/08 22:49:54.0093 5904 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/08 22:49:54.0109 5904 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/08 22:49:54.0140 5904 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/08 22:49:54.0187 5904 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/08 22:49:54.0203 5904 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/08 22:49:54.0218 5904 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/08 22:49:54.0234 5904 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/08 22:49:54.0281 5904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/08 22:49:54.0296 5904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/08 22:49:54.0546 5904 ati2mtag (2b6f1b90dd34910f329b5a655140032b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/08 22:49:54.0812 5904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/08 22:49:54.0859 5904 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/09/08 22:49:54.0906 5904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/08 22:49:54.0953 5904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/08 22:49:55.0015 5904 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/09/08 22:49:55.0046 5904 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/09/08 22:49:55.0078 5904 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/09/08 22:49:55.0109 5904 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/09/08 22:49:55.0156 5904 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/08 22:49:55.0171 5904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/08 22:49:55.0203 5904 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/08 22:49:55.0250 5904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/08 22:49:55.0250 5904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/08 22:49:55.0312 5904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/08 22:49:55.0359 5904 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\DRIVERS\cercsr6.sys
2011/09/08 22:49:55.0421 5904 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/08 22:49:55.0546 5904 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/08 22:49:55.0609 5904 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/08 22:49:55.0640 5904 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/08 22:49:55.0703 5904 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/08 22:49:55.0718 5904 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/08 22:49:55.0750 5904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/08 22:49:55.0843 5904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/08 22:49:55.0890 5904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/08 22:49:55.0937 5904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/08 22:49:55.0968 5904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/08 22:49:55.0984 5904 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/08 22:49:56.0015 5904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/08 22:49:56.0062 5904 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2011/09/08 22:49:56.0171 5904 e1express (9b1a944de35a5deaa9299d5306b34c1e) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/09/08 22:49:56.0218 5904 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys
2011/09/08 22:49:56.0265 5904 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/09/08 22:49:56.0312 5904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/08 22:49:56.0359 5904 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/09/08 22:49:56.0390 5904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/08 22:49:56.0437 5904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/08 22:49:56.0468 5904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/08 22:49:56.0531 5904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/08 22:49:56.0546 5904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/08 22:49:56.0625 5904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/08 22:49:56.0671 5904 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/09/08 22:49:56.0765 5904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/08 22:49:56.0875 5904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/08 22:49:56.0937 5904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/08 22:49:56.0984 5904 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/09/08 22:49:57.0031 5904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/08 22:49:57.0062 5904 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/08 22:49:57.0140 5904 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/09/08 22:49:57.0218 5904 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/09/08 22:49:57.0343 5904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/08 22:49:57.0546 5904 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/08 22:49:57.0625 5904 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/08 22:49:57.0656 5904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/08 22:49:57.0750 5904 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/08 22:49:57.0828 5904 IBMPMDRV (931af21653dd91cd85270a2b31f87eeb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/09/08 22:49:57.0875 5904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/08 22:49:57.0906 5904 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/08 22:49:57.0937 5904 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/08 22:49:57.0984 5904 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/08 22:49:58.0062 5904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/08 22:49:58.0109 5904 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/08 22:49:58.0125 5904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/08 22:49:58.0171 5904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/08 22:49:58.0250 5904 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/08 22:49:58.0281 5904 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/09/08 22:49:58.0343 5904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/08 22:49:58.0375 5904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/08 22:49:58.0421 5904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/08 22:49:58.0484 5904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/08 22:49:58.0546 5904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/08 22:49:58.0609 5904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/08 22:49:58.0718 5904 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/08 22:49:58.0843 5904 megasas (693cb6e68f5839d54c7cbae17f593d32) C:\WINDOWS\system32\DRIVERS\megasas.sys
2011/09/08 22:49:58.0890 5904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/08 22:49:58.0968 5904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/08 22:49:59.0109 5904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/08 22:49:59.0156 5904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/08 22:49:59.0171 5904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/08 22:49:59.0203 5904 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/09/08 22:49:59.0437 5904 MpKsl3cbeb644 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38FE981-93B4-42AB-A28A-A850A11025C5}\MpKsl3cbeb644.sys
2011/09/08 22:49:59.0562 5904 MpKslc96419fa (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B38FE981-93B4-42AB-A28A-A850A11025C5}\MpKslc96419fa.sys
2011/09/08 22:49:59.0718 5904 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/08 22:49:59.0765 5904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/08 22:50:00.0062 5904 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/08 22:50:00.0140 5904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/08 22:50:00.0187 5904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/08 22:50:00.0203 5904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/08 22:50:00.0218 5904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/08 22:50:00.0265 5904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/08 22:50:00.0281 5904 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/08 22:50:00.0328 5904 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\WINDOWS\system32\Drivers\mvusbews.sys
2011/09/08 22:50:00.0375 5904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/08 22:50:00.0406 5904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/08 22:50:00.0437 5904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/08 22:50:00.0562 5904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/08 22:50:00.0609 5904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/08 22:50:00.0625 5904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/08 22:50:00.0687 5904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/08 22:50:00.0921 5904 NETw4x32 (01f8a43ff0b77df0e115a7ed4bd76d68) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/09/08 22:50:01.0031 5904 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/08 22:50:01.0093 5904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/08 22:50:01.0140 5904 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/09/08 22:50:01.0218 5904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/08 22:50:01.0312 5904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/08 22:50:01.0359 5904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/08 22:50:01.0375 5904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/08 22:50:01.0406 5904 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/08 22:50:01.0484 5904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/08 22:50:01.0500 5904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/08 22:50:01.0515 5904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/08 22:50:01.0578 5904 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/09/08 22:50:01.0703 5904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/08 22:50:02.0218 5904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/08 22:50:02.0312 5904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/08 22:50:02.0343 5904 PCnet (7bc8027d56fab153a987c56ae9835664) C:\WINDOWS\system32\DRIVERS\pcntpci5.sys
2011/09/08 22:50:02.0406 5904 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2011/09/08 22:50:03.0390 5904 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/08 22:50:03.0406 5904 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/08 22:50:03.0484 5904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/08 22:50:03.0546 5904 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/08 22:50:03.0562 5904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/08 22:50:03.0609 5904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/08 22:50:03.0640 5904 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/08 22:50:03.0687 5904 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/08 22:50:03.0703 5904 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/08 22:50:03.0765 5904 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/08 22:50:03.0781 5904 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/08 22:50:03.0812 5904 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/08 22:50:03.0843 5904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/08 22:50:03.0906 5904 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/09/08 22:50:03.0921 5904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/08 22:50:03.0937 5904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/08 22:50:03.0953 5904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/08 22:50:04.0015 5904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/08 22:50:04.0125 5904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/08 22:50:04.0187 5904 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/08 22:50:04.0234 5904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/08 22:50:04.0281 5904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/08 22:50:04.0343 5904 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/09/08 22:50:04.0390 5904 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/09/08 22:50:04.0421 5904 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/09/08 22:50:04.0468 5904 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/08 22:50:04.0531 5904 s24trans (f275ee6061e444caa7137aefb2c27a03) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/09/08 22:50:04.0609 5904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/08 22:50:04.0640 5904 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/08 22:50:04.0765 5904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/08 22:50:04.0890 5904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/08 22:50:04.0968 5904 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/08 22:50:05.0000 5904 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2011/09/08 22:50:05.0031 5904 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/08 22:50:05.0078 5904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/08 22:50:05.0109 5904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/08 22:50:05.0187 5904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/08 22:50:05.0265 5904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/08 22:50:05.0296 5904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/08 22:50:05.0328 5904 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/09/08 22:50:05.0453 5904 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/08 22:50:05.0468 5904 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/08 22:50:05.0500 5904 Symmpi (164fca8f1489278a6d5a41f8cf99d295) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2011/09/08 22:50:05.0531 5904 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/08 22:50:05.0546 5904 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/08 22:50:05.0796 5904 SynTP (820d28f30ac01ce86860a35dcc7bfaab) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/08 22:50:05.0937 5904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/08 22:50:06.0015 5904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/08 22:50:06.0062 5904 tcpipBM (9b05aa8089f4ea1bc31208ede33969f3) C:\WINDOWS\system32\drivers\tcpipBM.sys
2011/09/08 22:50:06.0156 5904 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/09/08 22:50:06.0187 5904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/08 22:50:06.0234 5904 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2011/09/08 22:50:06.0359 5904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/08 22:50:06.0421 5904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/08 22:50:06.0484 5904 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/08 22:50:06.0515 5904 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2011/09/08 22:50:06.0546 5904 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2011/09/08 22:50:06.0625 5904 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2011/09/08 22:50:06.0781 5904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/08 22:50:06.0812 5904 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/08 22:50:06.0875 5904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/08 22:50:07.0015 5904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/08 22:50:07.0062 5904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/08 22:50:07.0125 5904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/08 22:50:07.0265 5904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/08 22:50:07.0343 5904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/08 22:50:07.0437 5904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/08 22:50:07.0562 5904 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/08 22:50:07.0640 5904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/08 22:50:07.0890 5904 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/08 22:50:07.0921 5904 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/08 22:50:07.0953 5904 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/08 22:50:07.0984 5904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/08 22:50:08.0046 5904 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/08 22:50:08.0156 5904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/08 22:50:08.0250 5904 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/08 22:50:08.0406 5904 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/08 22:50:08.0437 5904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/08 22:50:08.0468 5904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/08 22:50:08.0531 5904 MBR (0x1B8) (d362d12dfabdcb8c1fc37d0bb054c5e7) \Device\Harddisk0\DR0
2011/09/08 22:50:08.0531 5904 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/08 22:50:08.0546 5904 Boot (0x1200) (a6fe324c361a167ca106bccb8ee836ca) \Device\Harddisk0\DR0\Partition0
2011/09/08 22:50:08.0546 5904 ================================================================================
2011/09/08 22:50:08.0546 5904 Scan finished
2011/09/08 22:50:08.0546 5904 ================================================================================
2011/09/08 22:50:08.0562 5656 Detected object count: 1
2011/09/08 22:50:08.0562 5656 Actual detected object count: 1
2011/09/08 22:51:28.0953 5656 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/08 22:51:29.0015 5656 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.c) - will be cured after reboot
2011/09/08 22:51:29.0015 5656 \Device\Harddisk0\DR0 - ok
2011/09/08 22:51:29.0015 5656 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/08 22:52:41.0187 3944 Deinitialize success

#6 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 09 September 2011 - 01:45 AM

MBAM Results:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7681

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2011 11:45:39 PM
mbam-log-2011-09-08 (23-45-39).txt

Scan type: Quick scan
Objects scanned: 314750
Time elapsed: 38 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 09 September 2011 - 02:00 AM

Computer is working now. THANKS
However, there are a couple things that I noticed:
1) MS Essentials will not update virus definitions. Says there is no internet connection when there is.
2) In my START>PROGRAMS> i am missing most of the links to the applications. For example my MS Office links to Excel, Word, etc are all missing. Also, things like Acessories>System Tools is empty as is Communications. Some stuff is there but but others are missing. I can find excel, word, etc using explorer. There seems to be no rhyme or reason as to what is there and what isn't there. I'd say I am missing 50-75% of the links. Not a huge deal but if there is a quick and easy way to get back, that would be great.

Look forward to your response. And a HUGE THANKS!!! I will never forget this!! I am going to do a reboot now and will hold my breath that everything works as it is now.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:20 PM

Posted 09 September 2011 - 12:14 PM

Hello, ,we may still ahve some thing so we will run one more.

Lets see is the miising items return.
This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.


WE need to Update Adobe Reader and Java.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 09 September 2011 - 12:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 10 September 2011 - 03:13 AM

Here is the ESET results. I ran it 2x. The first time I stepped away and when it finished my computer somehow rebooted so I didn't get the log. Below represents the second time I ran ESET. The first ESET attempt had about 7-8 virus/trojan horses. Malwarebytes picked up a couple viruses while I was running ESET and automatically cleaned them. So far everything seems to be running better than ever.

Unhide.exe did not work very well. 90% of my programs are still missing. Any thoughts?

thank you so much!!

ESET results from second run of ESET.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\oon.exe a variant of Win32/Kryptik.SOF trojan cleaned by deleting - quarantined

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:20 PM

Posted 10 September 2011 - 04:02 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 johnon12

johnon12
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 12 September 2011 - 01:20 PM

I've already run Malwarebytes, MiniTool Box, etc. Malwarebytes is not picking anything up.
It seems that your instructions may possibly be redundancy to what other advisors asked me to to.

Can you please confirm?

The only thing I see wrong with my computer at this point is that most of my applications are missing their links when I go into Program Files. I ran the unhide.exe but they did not reappear.

thanks

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:20 PM

Posted 12 September 2011 - 06:36 PM

Disregard my post.
I have no idea how I stepped into a topic already being handled by boopme.
I do apologize to both of you :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users