Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Exploit:Win32/Pdfjsc. TQ


  • Please log in to reply
15 replies to this topic

#1 lstiles

lstiles

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 12 October 2011 - 01:35 AM

I have a Dell Optiplex GX620, running Windows XP Professional Service Pack 3. I use Microsoft security Essentials for virus protection. My Husband was using the computer and he clicked on some site and the computer automatically came up with a fake error screen entitled "System Restore" , the desktop turned blue and at least 20 blue Win 32 system error messages opened. He shut the computer off immediately and left it off until I got home. When I turned it on it did the same thing, No desktop icons, no programs in the start menu, just the fake system restore screen then the multiple error alerts. I restarted in safe mode and was able to launch security essentials. It found a Trojan:Win32/FakeSysdef infection right away. I removed it but SE would not let me update. I manually updated in safe mode and ran a full scan. The scan showed the Exploit:Win32/Pdfjsc.TQ, which was allowed and not removed and again the Trojan:Win32/Fakesysdef, which I removed again.

The desktop still had no icons and when I went to the Start Menu Program files there was nothing there. I went through explorer and had to tell it to show hidden files and was able to access the program files that way. I went into Monzilla and opened Firefox and was able to open a browser window. I tried to download Malwarebytes and was unable to do so. I found it in my program files updated and ran it and it found the Trojan Fake Alert (2 files and 1 registry value) and three registry data files: PUM.Hijack.Display Properties, PUM.Hidden.Desktop and PUM.Hijack.Task Manager. I would have pasted the log file but I can't go to the bleeping computer.com from the infected machine, I get redirected to some arbitrary web sites.

After Malwarebytes removed the infected files and I rebooted, my desktop icons came back but my start button Program Files just says empty, my documents are there and I can access my programs from explorer. Please help me get rid of this infection and repair the damage it has done to my pc.

Your help is greatly appreciated and I know you guys are super busy. Thanks in advance.

Leslie

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 12 October 2011 - 08:33 PM

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Then....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 13 October 2011 - 02:39 AM

I ran the unhide program and I can see my program files now. I had to run everything from a usb drive because the infected computer would not let me go to the bleeping computer.

I rand the securitycheck.exe program. Here is the txt file:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Java™ SE Development Kit 6 Update 24
Java DB 10.6.2.1
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

I then ran the mini tool box and here are the results:

MiniToolBox by Farbar
Ran by ljs (administrator) on 12-10-2011 at 23:34:42
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Windows IP Configuration



Host Name . . . . . . . . . . . . : leslie

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : dc.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : dc.rr.com

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-13-72-10-67-97

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Wednesday, October 12, 2011 9:10:24 PM

Lease Expires . . . . . . . . . . : Thursday, October 13, 2011 9:10:24 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.224.84, 74.125.224.80, 74.125.224.81, 74.125.224.82
74.125.224.83



Pinging google.com [74.125.224.82] with 32 bytes of data:



Reply from 74.125.224.82: bytes=32 time=25ms TTL=52

Reply from 74.125.224.82: bytes=32 time=31ms TTL=52



Ping statistics for 74.125.224.82:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 31ms, Average = 28ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=26ms TTL=52

Reply from 72.30.2.43: bytes=32 time=24ms TTL=52



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 26ms, Average = 25ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 10 67 97 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2011 11:02:01 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19120, fault address 0x001b8a8c.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/11/2011 09:38:32 PM) (Source: MPSampleSubmission) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7702.0, P3 1.113.1466.0, P4 1.113.1466.0, P5 trojan_win32_fakesysdef, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (10/11/2011 09:34:25 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070652, P2 mpupdateengine, P3 am bdd, P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8402.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/11/2011 09:34:08 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070652, P2 mpupdateengine, P3 am bdd, P4 10.3.1781.0, P5 mpsigstub.exe, P6 3.0.8402.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/09/2011 10:17:32 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/09/2011 09:11:12 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/04/2011 11:29:13 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/05/2011 02:10:03 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module wmp.dll, version 11.0.5721.5280, fault address 0x002af758.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (08/25/2011 00:03:29 AM) (Source: Microsoft Office 12) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 12.0.6557.5001, P3 mso.dll, P4 12.0.6554.5001, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (08/22/2011 04:53:19 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 6.0.0.4240, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (10/12/2011 11:34:43 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:34:06 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:33:29 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:32:52 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:32:15 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:31:38 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:31:01 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:30:24 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:29:46 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.

Error: (10/12/2011 11:29:09 PM) (Source: DCOM) (User: ljs)
Description: DCOM was unable to communicate with the computer RUSTY using any of the configured
protocols.


Microsoft Office Sessions:
=========================
Error: (08/16/2011 08:15:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 72698 seconds with 180 seconds of active time. This session ended with a crash.

Error: (08/08/2009 03:08:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/16/2009 01:01:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/16/2009 01:00:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/16/2009 01:00:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/16/2009 01:00:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/16/2009 01:00:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/03/2009 03:49:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 262 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

6300 (Version: 70.0.231.000)
6300_Help (Version: 70.0.231.000)
6300Trb (Version: 70.0.231.000)
Adobe Acrobat 6.0 Standard (Version: 006.000.000)
Adobe AIR (Version: 1.5.0.7220)
Adobe Creative Suite (Version: 1.1.1)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe SVG Viewer 3.0 (Version: 3.0)
AiO_Scan_CDA (Version: 70.0.231.000)
AiOSoftwareNPI (Version: 70.0.231.000)
Angry Birds (Version: 1.5.1)
AnswerWorks Runtime
Apple Application Support (Version: 1.2.1)
Apple Mobile Device Support (Version: 3.0.1.3)
Apple Software Update (Version: 2.1.1.116)
AudibleManager (Version: 2089882838.2089882900.2090328352.2089882858)
AutoCAD 2007 - English (Version: 17.0.54.110)
Autodesk DWF Viewer (Version: 6.5)
Belarc Advisor 8.1
Bonjour (Version: 2.0.1.2)
Broadcom Gigabit Integrated Controller (Version: 8.10.07)
BufferChm (Version: 70.0.170.000)
CCleaner
Corel Applications
Coupon Printer for Windows (Version: 5.0.0.0)
Dell Resource CD (Version: 1.00.0000)
deskPDF 2.5 Standard Edition
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DocumentViewer (Version: 70.0.170.000)
DocumentViewerQFolder (Version: 1.00.0000)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Fax_CDA (Version: 70.0.231.000)
FriendFinder Messenger v4.1 (Version: 4.1.2)
Google Earth (Version: 5.1.7894.7252)
Google Update Helper (Version: 1.2.183.13)
HP Document Viewer 7.0 (Version: 7.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
hp LaserJet 1010 Series (Version: 3.00.0000)
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0 (Version: 7.0)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
ieSpell (Version: 2.6.4 (build 573))
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel AppUp(SM) center (Version: 18988)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 9.1.1.12)
Java Auto Updater (Version: 2.0.5.1)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Development Kit 6 Update 24 (Version: 1.6.0.240)
LG USB Modem driver
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewCopy_CDA (Version: 70.0.231.000)
OCR Software by I.R.I.S 7.0 (Version: 7.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OverDrive Media Console (Version: 3.2.4)
PanoStandAlone (Version: 70.0.170.000)
PD Media Converter (Version: 1.3.5.1314)
ProductContextNPI (Version: 70.0.231.000)
QuickTime (Version: 7.66.71.0)
Readme (Version: 70.0.231.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
Segoe UI (Version: 14.0.4327.805)
Simpson AutoCAD Menu
SolutionCenter (Version: 70.0.170.000)
SoundMAX (Version: 5.12.01.5246)
SpywareBlaster 4.4 (Version: 4.4.0)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 4.44.1000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
VBA (2720) (Version: 6.01.00.1234)
W Photo Studio (Version: 1.0.0.143)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 2038.07 MB
Available physical RAM: 1221.02 MB
Total Pagefile: 4941.95 MB
Available Pagefile: 4295.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.99 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.45 GB) (Free:35.02 GB) NTFS
4 Drive f: (USB DISK) (Removable) (Total:1.86 GB) (Free:0.21 GB) FAT

========================= Users: ========================================

**** End of log ****

I already had Malwarebytes installed so I updated and ran it but it did not find anything. Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7934

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/12/2011 11:45:29 PM
mbam-log-2011-10-12 (23-45-29).txt

Scan type: Quick scan
Objects scanned: 205340
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

After the computer rebooted, Microsoft Security Essential real time monitor popped up that it had the following found five severe threats:

exploit:Java/cue-2010-0840.N
exploit:Java/cue-2010-0840.MB
exploit:Java/cue-2010-0840.IO
Trojan downloader:java/openconnection.OS
Trojan downloader:java/openconnection.Ou


I disabled my security protection and ran gmer. At first I got an error message about some driver, I did a screen shot and I thought I saved it to the usb drive, but I lost it. Anyway, when I clicked okay it started running. It came up with a message that nothing was found but no txt file or log was opened.

I could post the Malwarebytes log file from yesterday. I ran it as soon as I knew I had problems and it found some things which I mentioned in my original post.

My computer is still redirecting from google and the address bar in both IE8 and Firefox. I typically use Firefox. I am also getting weird pop up windows. They say "Movio intellectual property ......" I forgot the rest of the message. So let me know what I should do next.

Thanks for your help.

Edited by lstiles, 13 October 2011 - 02:41 AM.

Leslie

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 13 October 2011 - 03:18 PM

I still need GMER log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 14 October 2011 - 12:11 AM

when I click on the GMER icon on the usb drive I get a message that says "LoadDriver ("C:\DOCUMENTS~1\ljs\LOCALS~1\Temp\pwtdapod.sys") error 0xC00010E: Cannot create a stable subkey under a volatile parent key."

It does run after I press okay to get rid of that message but I got no warning message on the auto scan. I pressed scan to run it again and this time I got the following log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-13 22:02:50
Windows 5.1.2600 Service Pack 3
Running: j6ktt88j.exe; Driver: C:\DOCUME~1\ljs\LOCALS~1\Temp\pwtdapod.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\ljs\Cookies\LJWY9INF.txt 1715 bytes
File C:\Documents and Settings\ljs\Cookies\LZKXYTU7.txt 100 bytes
File C:\Documents and Settings\ljs\Cookies\NGJI9BDA.txt 3193 bytes
File C:\Documents and Settings\ljs\Cookies\O0R6TZPJ.txt 88 bytes
File C:\Documents and Settings\ljs\Cookies\OI7XR1VY.txt 156 bytes
File C:\Documents and Settings\ljs\Cookies\Q3FOAYRP.txt 395 bytes
File C:\Documents and Settings\ljs\Cookies\R2MMDOYW.txt 87 bytes
File C:\Documents and Settings\ljs\Cookies\R7OZN9Z2.txt 0 bytes
File C:\Documents and Settings\ljs\Cookies\RKRD7GNR.txt 369 bytes
File C:\Documents and Settings\ljs\Cookies\RTZQL0N4.txt 106 bytes
File C:\Documents and Settings\ljs\Cookies\RUMY42V2.txt 461 bytes
File C:\Documents and Settings\ljs\Cookies\RVR6ZS8M.txt 94 bytes
File C:\Documents and Settings\ljs\Cookies\7LMKTDSU.txt 103 bytes
File C:\Documents and Settings\ljs\Cookies\81YH28JB.txt 631 bytes
File C:\Documents and Settings\ljs\Cookies\9H0BFJNO.txt 341 bytes
File C:\Documents and Settings\ljs\Cookies\9TK9UCFY.txt 123 bytes
File C:\Documents and Settings\ljs\Cookies\A5XRWQIJ.txt 75 bytes
File C:\Documents and Settings\ljs\Cookies\B6HKTXPU.txt 0 bytes
File C:\Documents and Settings\ljs\Cookies\BI0CI3PF.txt 463 bytes
File C:\Documents and Settings\ljs\Cookies\CDQCRX7D.txt 179 bytes
File C:\Documents and Settings\ljs\Cookies\CIA66HYM.txt 80 bytes
File C:\Documents and Settings\ljs\Cookies\D69EKQNO.txt 205 bytes
File C:\Documents and Settings\ljs\Cookies\F7Y2UQDV.txt 452 bytes
File C:\Documents and Settings\ljs\Cookies\GOHYED0T.txt 108 bytes
File C:\Documents and Settings\ljs\Cookies\I2XZ2V8J.txt 263 bytes
File C:\Documents and Settings\ljs\Cookies\0E7V8LWE.txt 368 bytes
File C:\Documents and Settings\ljs\Cookies\0YNSPUN4.txt 238 bytes
File C:\Documents and Settings\ljs\Cookies\1707CK3V.txt 1442 bytes
File C:\Documents and Settings\ljs\Cookies\1EPGVI0T.txt 749 bytes
File C:\Documents and Settings\ljs\Cookies\1YAM2ZDH.txt 115 bytes
File C:\Documents and Settings\ljs\Cookies\2A2L4WCO.txt 90 bytes
File C:\Documents and Settings\ljs\Cookies\2HS62DC3.txt 110 bytes
File C:\Documents and Settings\ljs\Cookies\2LL2H8D2.txt 95 bytes
File C:\Documents and Settings\ljs\Cookies\2N5RL0JN.txt 510 bytes
File C:\Documents and Settings\ljs\Cookies\2W1EBNLK.txt 212 bytes
File C:\Documents and Settings\ljs\Cookies\4040K8XQ.txt 189 bytes
File C:\Documents and Settings\ljs\Cookies\4AB34UHV.txt 393 bytes
File C:\Documents and Settings\ljs\Cookies\52LJT2V7.txt 178 bytes
File C:\Documents and Settings\ljs\Cookies\5X3RIEWM.txt 128 bytes
File C:\Documents and Settings\ljs\Cookies\SHS9IPHJ.txt 119 bytes
File C:\Documents and Settings\ljs\Cookies\SY7QQM7A.txt 100 bytes
File C:\Documents and Settings\ljs\Cookies\U4K91HMJ.txt 113 bytes
File C:\Documents and Settings\ljs\Cookies\U7KHX4T0.txt 347 bytes
File C:\Documents and Settings\ljs\Cookies\UFF1Z27J.txt 341 bytes
File C:\Documents and Settings\ljs\Cookies\UXPV7FYJ.txt 95 bytes
File C:\Documents and Settings\ljs\Cookies\V3HLLUDW.txt 1282 bytes
File C:\Documents and Settings\ljs\Cookies\VB5JBEHZ.txt 0 bytes
File C:\Documents and Settings\ljs\Cookies\VYQ8BE02.txt 188 bytes
File C:\Documents and Settings\ljs\Cookies\W38FHJQR.txt 0 bytes
File C:\Documents and Settings\ljs\Cookies\WLT420BB.txt 341 bytes
File C:\Documents and Settings\ljs\Cookies\WR3FK1LW.txt 144 bytes
File C:\Documents and Settings\ljs\Cookies\XHTF4G81.txt 425 bytes
File C:\Documents and Settings\ljs\Cookies\XM40N40U.txt 874 bytes
File C:\Documents and Settings\ljs\Cookies\XY5OM20Y.txt 171 bytes
File C:\Documents and Settings\ljs\Cookies\YIWVHDCC.txt 292 bytes
File C:\Documents and Settings\ljs\Cookies\YP5ZQ7XR.txt 353 bytes
File C:\Documents and Settings\ljs\Cookies\Z1QIPFIP.txt 139 bytes
File C:\Documents and Settings\ljs\Cookies\ZLIHF5Y9.txt 441 bytes
File C:\Documents and Settings\ljs\Cookies\ZLRBNVW3.txt 128 bytes
File C:\Documents and Settings\ljs\Cookies\J12OD3K1.txt 93 bytes
File C:\Documents and Settings\ljs\Cookies\J6FRIWG9.txt 278 bytes
File C:\Documents and Settings\ljs\Cookies\JO8TABIO.txt 179 bytes
File C:\Documents and Settings\ljs\Cookies\L5IW6JUO.txt 113 bytes
File C:\Documents and Settings\ljs\Cookies\L8D3SLCK.txt 1982 bytes
File C:\Documents and Settings\ljs\Cookies\6A9BUNUF.txt 493 bytes
File C:\Documents and Settings\ljs\Cookies\S7F3CTP8.txt 767 bytes
File C:\Documents and Settings\ljs\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat 7006 bytes
File C:\Documents and Settings\ljs\Local Settings\Temporary Internet Files\Content.IE5\1PBU6HQV\ac3[2].htm 0 bytes

---- EOF - GMER 1.0.15 ----

I had GMER on my computer from a previous infection that you guys helped me get rid of, but I can't find the icon. I don't know if this is causing a problem or not. Last night when I first ran it, I got the same error message from above, and when I pressed okay it started its automatic scan and then I got the warning about rootkit activity and asking me to fully scan the system, which I said no to. Today when I ran it I got no such message on the auto scan. I don't know if the program is working properly or if I need to do something else. Let me know.

Thanks.

Leslie

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 17 October 2011 - 04:48 PM

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 18 October 2011 - 12:45 AM

Here is the report from the RKUnhooker you asked me to run:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB234F000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1167360 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB21BC000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xB9E0A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA1E52000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB20F2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA1F7F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA11CD000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF16E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA01D2000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB22B6000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xA1E1F000 C:\WINDOWS\system32\DRIVERS\Dot4.sys 208896 bytes (Microsoft Corporation, One Cool Transport)
0xB2150000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA1365000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DDD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9FC2B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA1EC2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA1F57000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA200B000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA1F31000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA145A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB2292000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB22F6000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB226F000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA1F0F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA1EED000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB231A000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 135168 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ED3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9DC3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA1E07000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EF3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EAA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB2191000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA1078000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB21A8000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB233B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1FD8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E97000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB2180000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB54B8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA198000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA13E2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB65F2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA258000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB5518000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB6612000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA268000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9FBCB000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB54D8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB5528000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB5508000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB532D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB5315000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA400000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB45CD000 C:\WINDOWS\system32\DRIVERS\dot4usb.sys 24576 bytes (Microsoft Corporation, DOT4USB filter driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB534D000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB45D5000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4086237C-FA79-4884-B6FD-AAE96E2D4512}\MpKsl9afbdf25.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xB5887000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4086237C-FA79-4884-B6FD-AAE96E2D4512}\MpKsla43cef51.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xB45E5000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xB584F000 C:\WINDOWS\system32\DRIVERS\umaxpcls.sys 24576 bytes (Microsoft Corporation, Parallel Scanner Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB588F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB5345000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB5335000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB535D000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB5355000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB5847000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB585F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 16384 bytes (Microsoft Corporation, Dot4 Printer Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA1D2B000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9D72000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9797000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB979F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9D8A000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB2560000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5A8000 00000043 8192 bytes
0xBA662000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5B2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA660000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA664000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5C0000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA66A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5CA000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA65E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA65C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA731000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA777000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xBA727000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA774000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A827270 00000160 0 bytes
==============================================
>Stealth
==============================================
0x8A81AF70 Unknown page with executable code, 144 bytes
0x8A81D5F6 Unknown page with executable code, 2570 bytes
0x8A81F5AA Unknown page with executable code, 2646 bytes
0x8A81D0C3 Unknown thread object [ ETHREAD 0x8A7F7020 ] TID: 112, 600 bytes
0x8A81DB2D Unknown thread object [ ETHREAD 0x8A7F7B30 ] TID: 120, 600 bytes
0x8A81EA11 Unknown thread object [ ETHREAD 0x8A7F78B8 ] TID: 124, 600 bytes

I will await your next instructions. Thank you so much for the help

:thumbup2:

Leslie

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 18 October 2011 - 10:13 AM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 18 October 2011 - 11:32 PM

Here is the report from the TDSSKiller:

21:15:28.0890 4012 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
21:15:29.0343 4012 ============================================================
21:15:29.0343 4012 Current date / time: 2011/10/18 21:15:29.0343
21:15:29.0343 4012 SystemInfo:
21:15:29.0343 4012
21:15:29.0343 4012 OS Version: 5.1.2600 ServicePack: 3.0
21:15:29.0343 4012 Product type: Workstation
21:15:29.0343 4012 ComputerName: LESLIE
21:15:29.0343 4012 UserName: ljs
21:15:29.0343 4012 Windows directory: C:\WINDOWS
21:15:29.0343 4012 System windows directory: C:\WINDOWS
21:15:29.0343 4012 Processor architecture: Intel x86
21:15:29.0343 4012 Number of processors: 2
21:15:29.0343 4012 Page size: 0x1000
21:15:29.0343 4012 Boot type: Normal boot
21:15:29.0343 4012 ============================================================
21:15:30.0250 4012 Initialize success
21:15:40.0140 1380 ============================================================
21:15:40.0140 1380 Scan started
21:15:40.0140 1380 Mode: Manual;
21:15:40.0140 1380 ============================================================
21:15:40.0343 1380 Abiosdsk - ok
21:15:40.0359 1380 abp480n5 - ok
21:15:40.0390 1380 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:15:40.0390 1380 ACPI - ok
21:15:40.0406 1380 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:15:40.0421 1380 ACPIEC - ok
21:15:40.0437 1380 adpu160m - ok
21:15:40.0468 1380 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:15:40.0515 1380 aec - ok
21:15:40.0562 1380 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:15:40.0562 1380 AFD - ok
21:15:40.0562 1380 Aha154x - ok
21:15:40.0578 1380 aic78u2 - ok
21:15:40.0593 1380 aic78xx - ok
21:15:40.0609 1380 AliIde - ok
21:15:40.0625 1380 amsint - ok
21:15:40.0640 1380 asc - ok
21:15:40.0640 1380 asc3350p - ok
21:15:40.0656 1380 asc3550 - ok
21:15:40.0687 1380 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:15:40.0703 1380 AsyncMac - ok
21:15:40.0750 1380 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:15:40.0750 1380 atapi - ok
21:15:40.0750 1380 Atdisk - ok
21:15:40.0781 1380 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:15:40.0828 1380 Atmarpc - ok
21:15:40.0843 1380 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:15:40.0859 1380 audstub - ok
21:15:40.0890 1380 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:15:40.0937 1380 b57w2k - ok
21:15:40.0984 1380 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
21:15:40.0984 1380 BANTExt - ok
21:15:41.0031 1380 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:15:41.0062 1380 Beep - ok
21:15:41.0078 1380 catchme - ok
21:15:41.0125 1380 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:15:41.0125 1380 cbidf2k - ok
21:15:41.0156 1380 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:15:41.0171 1380 CCDECODE - ok
21:15:41.0187 1380 cd20xrnt - ok
21:15:41.0218 1380 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:15:41.0250 1380 Cdaudio - ok
21:15:41.0281 1380 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:15:41.0312 1380 Cdfs - ok
21:15:41.0328 1380 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:15:41.0375 1380 Cdrom - ok
21:15:41.0406 1380 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:15:41.0421 1380 cercsr6 - ok
21:15:41.0437 1380 Changer - ok
21:15:41.0453 1380 CmdIde - ok
21:15:41.0468 1380 Cpqarray - ok
21:15:41.0484 1380 Crrsamkdkptl - ok
21:15:41.0500 1380 dac2w2k - ok
21:15:41.0531 1380 dac960nt - ok
21:15:41.0546 1380 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:15:41.0593 1380 Disk - ok
21:15:41.0640 1380 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:15:41.0703 1380 dmboot - ok
21:15:41.0703 1380 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:15:41.0734 1380 dmio - ok
21:15:41.0750 1380 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:15:41.0765 1380 dmload - ok
21:15:41.0781 1380 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:15:41.0812 1380 DMusic - ok
21:15:41.0843 1380 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:15:41.0859 1380 dot4 - ok
21:15:41.0890 1380 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:15:41.0906 1380 Dot4Print - ok
21:15:41.0937 1380 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:15:41.0953 1380 dot4usb - ok
21:15:41.0953 1380 dpti2o - ok
21:15:41.0968 1380 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:15:41.0984 1380 drmkaud - ok
21:15:42.0031 1380 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:15:42.0031 1380 Fastfat - ok
21:15:42.0046 1380 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:15:42.0078 1380 Fdc - ok
21:15:42.0109 1380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:15:42.0125 1380 Fips - ok
21:15:42.0156 1380 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:15:42.0171 1380 Flpydisk - ok
21:15:42.0218 1380 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:15:42.0250 1380 FltMgr - ok
21:15:42.0265 1380 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:15:42.0281 1380 Fs_Rec - ok
21:15:42.0296 1380 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:15:42.0312 1380 Ftdisk - ok
21:15:42.0328 1380 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:15:42.0343 1380 GEARAspiWDM - ok
21:15:42.0343 1380 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:15:42.0375 1380 Gpc - ok
21:15:42.0421 1380 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:15:42.0437 1380 hidusb - ok
21:15:42.0437 1380 hpn - ok
21:15:42.0484 1380 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:15:42.0500 1380 HTTP - ok
21:15:42.0500 1380 i2omgmt - ok
21:15:42.0515 1380 i2omp - ok
21:15:42.0593 1380 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:15:42.0625 1380 ialm - ok
21:15:42.0671 1380 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:15:42.0703 1380 Imapi - ok
21:15:42.0718 1380 ini910u - ok
21:15:42.0734 1380 IntelIde - ok
21:15:42.0781 1380 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:15:42.0796 1380 intelppm - ok
21:15:42.0828 1380 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:15:42.0859 1380 Ip6Fw - ok
21:15:42.0890 1380 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:15:42.0921 1380 IpFilterDriver - ok
21:15:42.0937 1380 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:15:42.0953 1380 IpInIp - ok
21:15:42.0984 1380 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:15:43.0000 1380 IpNat - ok
21:15:43.0015 1380 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:15:43.0062 1380 IPSec - ok
21:15:43.0093 1380 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:15:43.0109 1380 IRENUM - ok
21:15:43.0125 1380 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:15:43.0156 1380 isapnp - ok
21:15:43.0171 1380 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:15:43.0203 1380 Kbdclass - ok
21:15:43.0203 1380 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:15:43.0234 1380 kbdhid - ok
21:15:43.0250 1380 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:15:43.0250 1380 kmixer - ok
21:15:43.0281 1380 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:15:43.0281 1380 KSecDD - ok
21:15:43.0296 1380 lbrtfdc - ok
21:15:43.0343 1380 LVRS - ok
21:15:43.0375 1380 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:15:43.0375 1380 LVUSBSta - ok
21:15:43.0437 1380 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:15:43.0437 1380 mnmdd - ok
21:15:43.0468 1380 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:15:43.0500 1380 Modem - ok
21:15:43.0515 1380 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:15:43.0531 1380 Mouclass - ok
21:15:43.0578 1380 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:15:43.0593 1380 mouhid - ok
21:15:43.0609 1380 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:15:43.0640 1380 MountMgr - ok
21:15:43.0656 1380 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:15:43.0718 1380 MpFilter - ok
21:15:43.0812 1380 MpKsl03df81f6 - ok
21:15:43.0828 1380 MpKsl25d30bf3 - ok
21:15:43.0828 1380 MpKsl40af9164 - ok
21:15:43.0843 1380 MpKsl48ad5438 - ok
21:15:43.0875 1380 MpKsl68ab18ba (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{630D86EE-39F9-4468-8E7B-7FE2454F23A6}\MpKsl68ab18ba.sys
21:15:43.0875 1380 MpKsl68ab18ba - ok
21:15:43.0875 1380 MpKsl897fcd61 - ok
21:15:43.0890 1380 MpKsl8f8c602e - ok
21:15:43.0906 1380 MpKsl8fd65632 - ok
21:15:43.0906 1380 MpKslb370d788 - ok
21:15:43.0906 1380 MpKslccdcf84d - ok
21:15:43.0968 1380 mraid35x - ok
21:15:44.0015 1380 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:15:44.0015 1380 MRxDAV - ok
21:15:44.0062 1380 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:15:44.0078 1380 MRxSmb - ok
21:15:44.0093 1380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:15:44.0109 1380 Msfs - ok
21:15:44.0140 1380 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:15:44.0156 1380 MSKSSRV - ok
21:15:44.0171 1380 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:15:44.0171 1380 MSPCLOCK - ok
21:15:44.0187 1380 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:15:44.0203 1380 MSPQM - ok
21:15:44.0234 1380 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:15:44.0234 1380 mssmbios - ok
21:15:44.0265 1380 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:15:44.0281 1380 MSTEE - ok
21:15:44.0312 1380 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:15:44.0312 1380 Mup - ok
21:15:44.0359 1380 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:15:44.0390 1380 NABTSFEC - ok
21:15:44.0421 1380 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:15:44.0453 1380 NDIS - ok
21:15:44.0500 1380 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:15:44.0515 1380 NdisIP - ok
21:15:44.0546 1380 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:15:44.0546 1380 NdisTapi - ok
21:15:44.0562 1380 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:15:44.0578 1380 Ndisuio - ok
21:15:44.0593 1380 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:15:44.0656 1380 NdisWan - ok
21:15:44.0671 1380 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:15:44.0671 1380 NDProxy - ok
21:15:44.0703 1380 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:15:44.0734 1380 NetBIOS - ok
21:15:44.0750 1380 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:15:44.0781 1380 NetBT - ok
21:15:44.0828 1380 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:15:44.0859 1380 Npfs - ok
21:15:44.0890 1380 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:15:44.0937 1380 Ntfs - ok
21:15:44.0968 1380 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:15:44.0984 1380 Null - ok
21:15:45.0000 1380 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:15:45.0031 1380 NwlnkFlt - ok
21:15:45.0062 1380 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:15:45.0078 1380 NwlnkFwd - ok
21:15:45.0156 1380 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:15:45.0203 1380 Parport - ok
21:15:45.0218 1380 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:15:45.0250 1380 PartMgr - ok
21:15:45.0265 1380 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:15:45.0265 1380 ParVdm - ok
21:15:45.0281 1380 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:15:45.0328 1380 PCI - ok
21:15:45.0328 1380 PCIDump - ok
21:15:45.0359 1380 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:15:45.0375 1380 PCIIde - ok
21:15:45.0390 1380 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:15:45.0421 1380 Pcmcia - ok
21:15:45.0437 1380 PDCOMP - ok
21:15:45.0437 1380 PDFRAME - ok
21:15:45.0453 1380 PDRELI - ok
21:15:45.0468 1380 PDRFRAME - ok
21:15:45.0500 1380 pepifilter - ok
21:15:45.0515 1380 perc2 - ok
21:15:45.0515 1380 perc2hib - ok
21:15:45.0546 1380 PID_PEPI - ok
21:15:45.0578 1380 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:15:45.0609 1380 PptpMiniport - ok
21:15:45.0625 1380 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:15:45.0671 1380 PSched - ok
21:15:45.0687 1380 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:15:45.0703 1380 Ptilink - ok
21:15:45.0718 1380 ql1080 - ok
21:15:45.0734 1380 Ql10wnt - ok
21:15:45.0750 1380 ql12160 - ok
21:15:45.0765 1380 ql1240 - ok
21:15:45.0765 1380 ql1280 - ok
21:15:45.0781 1380 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:15:45.0781 1380 RasAcd - ok
21:15:45.0812 1380 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:15:45.0843 1380 Rasl2tp - ok
21:15:45.0859 1380 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:15:45.0890 1380 RasPppoe - ok
21:15:45.0890 1380 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:15:45.0921 1380 Raspti - ok
21:15:45.0937 1380 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:15:45.0984 1380 Rdbss - ok
21:15:46.0000 1380 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:15:46.0015 1380 RDPCDD - ok
21:15:46.0031 1380 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:15:46.0078 1380 rdpdr - ok
21:15:46.0125 1380 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:15:46.0125 1380 RDPWD - ok
21:15:46.0156 1380 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:15:46.0203 1380 redbook - ok
21:15:46.0234 1380 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:15:46.0281 1380 RimUsb - ok
21:15:46.0328 1380 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
21:15:46.0421 1380 RT73 - ok
21:15:46.0500 1380 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:15:46.0500 1380 SASDIFSV - ok
21:15:46.0515 1380 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:15:46.0515 1380 SASKUTIL - ok
21:15:46.0562 1380 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:15:46.0578 1380 Secdrv - ok
21:15:46.0640 1380 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:15:46.0656 1380 senfilt - ok
21:15:46.0687 1380 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:15:46.0703 1380 serenum - ok
21:15:46.0734 1380 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:15:46.0781 1380 Serial - ok
21:15:46.0843 1380 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:15:46.0859 1380 Sfloppy - ok
21:15:46.0875 1380 Simbad - ok
21:15:46.0906 1380 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:15:46.0921 1380 SLIP - ok
21:15:46.0984 1380 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:15:46.0984 1380 smwdm - ok
21:15:46.0984 1380 Sparrow - ok
21:15:47.0031 1380 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:15:47.0046 1380 splitter - ok
21:15:47.0078 1380 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:15:47.0125 1380 sr - ok
21:15:47.0156 1380 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:15:47.0218 1380 Srv - ok
21:15:47.0359 1380 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:15:47.0375 1380 StillCam - ok
21:15:47.0453 1380 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:15:47.0500 1380 streamip - ok
21:15:47.0546 1380 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:15:47.0562 1380 swenum - ok
21:15:47.0625 1380 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:15:47.0687 1380 swmidi - ok
21:15:47.0765 1380 symc810 - ok
21:15:47.0796 1380 symc8xx - ok
21:15:47.0859 1380 sym_hi - ok
21:15:47.0921 1380 sym_u3 - ok
21:15:48.0015 1380 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:15:48.0046 1380 sysaudio - ok
21:15:48.0296 1380 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:15:48.0328 1380 Tcpip - ok
21:15:48.0531 1380 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:15:48.0546 1380 TDPIPE - ok
21:15:48.0640 1380 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:15:48.0656 1380 TDTCP - ok
21:15:48.0765 1380 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:15:48.0781 1380 TermDD - ok
21:15:48.0812 1380 TosIde - ok
21:15:48.0921 1380 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:15:49.0000 1380 Udfs - ok
21:15:49.0031 1380 ultra - ok
21:15:49.0078 1380 UMAXPCLS (931e8cafcaa536e8252cd7a375ff9794) C:\WINDOWS\system32\DRIVERS\umaxpcls.sys
21:15:49.0125 1380 UMAXPCLS - ok
21:15:49.0218 1380 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:15:49.0265 1380 Update - ok
21:15:49.0312 1380 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:15:49.0375 1380 usbaudio - ok
21:15:49.0421 1380 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:15:49.0437 1380 usbbus - ok
21:15:49.0468 1380 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:15:49.0515 1380 usbccgp - ok
21:15:49.0546 1380 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:15:49.0593 1380 UsbDiag - ok
21:15:49.0640 1380 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:15:49.0687 1380 usbehci - ok
21:15:49.0718 1380 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:15:49.0796 1380 usbhub - ok
21:15:49.0812 1380 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:15:49.0843 1380 USBModem - ok
21:15:49.0875 1380 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:15:49.0921 1380 usbprint - ok
21:15:49.0953 1380 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:15:49.0984 1380 usbscan - ok
21:15:50.0000 1380 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:15:50.0031 1380 USBSTOR - ok
21:15:50.0078 1380 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:15:50.0109 1380 usbuhci - ok
21:15:50.0125 1380 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:15:50.0156 1380 VgaSave - ok
21:15:50.0156 1380 ViaIde - ok
21:15:50.0218 1380 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:15:50.0265 1380 VolSnap - ok
21:15:50.0281 1380 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:15:50.0343 1380 Wanarp - ok
21:15:50.0343 1380 WDICA - ok
21:15:50.0375 1380 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:15:50.0453 1380 wdmaud - ok
21:15:50.0531 1380 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:15:50.0578 1380 WpdUsb - ok
21:15:50.0625 1380 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:15:50.0656 1380 WSTCODEC - ok
21:15:50.0703 1380 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:15:50.0765 1380 WudfPf - ok
21:15:50.0796 1380 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:15:50.0875 1380 WudfRd - ok
21:15:50.0921 1380 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
21:15:50.0921 1380 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
21:15:50.0921 1380 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
21:15:50.0921 1380 Boot (0x1200) (935712a755272b67a954343a9fa8bf8d) \Device\Harddisk0\DR0\Partition0
21:15:50.0937 1380 \Device\Harddisk0\DR0\Partition0 - ok
21:15:50.0937 1380 ============================================================
21:15:50.0937 1380 Scan finished
21:15:50.0937 1380 ============================================================
21:15:50.0953 3936 Detected object count: 1
21:15:50.0953 3936 Actual detected object count: 1
21:16:02.0359 3936 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
21:16:02.0359 3936 \Device\Harddisk0\DR0 - ok
21:16:02.0359 3936 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
21:16:13.0515 0400 Deinitialize success

I was able to log onto The Bleeping Computer from the infected machine this time and download the TDDSKill.

Okay, I will await the next step. Thank you for your help. :thumbup2:

Leslie

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 18 October 2011 - 11:35 PM

How is computer doing?

Please post fresh RKUnhooker log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 19 October 2011 - 11:20 PM

When I click on RKUnhooker it opens quickly and when I press scan it just sort of flashes to the same screen. There is no report to save although under the file menu it has an option called quick report then save info from current page but this is all it saves:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29E2-->A96D2640 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]

Leslie

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 20 October 2011 - 10:12 AM

Re-run TDSSKiller one more time.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 20 October 2011 - 11:48 AM

I re ran the TDDSKiller and it did not find anything. Here is the report:

09:44:23.0078 3260 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
09:44:23.0546 3260 ============================================================
09:44:23.0546 3260 Current date / time: 2011/10/20 09:44:23.0546
09:44:23.0546 3260 SystemInfo:
09:44:23.0546 3260
09:44:23.0546 3260 OS Version: 5.1.2600 ServicePack: 3.0
09:44:23.0546 3260 Product type: Workstation
09:44:23.0546 3260 ComputerName: LESLIE
09:44:23.0546 3260 UserName: ljs
09:44:23.0546 3260 Windows directory: C:\WINDOWS
09:44:23.0546 3260 System windows directory: C:\WINDOWS
09:44:23.0546 3260 Processor architecture: Intel x86
09:44:23.0546 3260 Number of processors: 2
09:44:23.0546 3260 Page size: 0x1000
09:44:23.0546 3260 Boot type: Normal boot
09:44:23.0546 3260 ============================================================
09:44:24.0265 3260 Initialize success
09:44:29.0562 1100 ============================================================
09:44:29.0562 1100 Scan started
09:44:29.0562 1100 Mode: Manual;
09:44:29.0562 1100 ============================================================
09:44:30.0109 1100 Abiosdsk - ok
09:44:30.0109 1100 abp480n5 - ok
09:44:30.0171 1100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:44:30.0171 1100 ACPI - ok
09:44:30.0218 1100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:44:30.0218 1100 ACPIEC - ok
09:44:30.0234 1100 adpu160m - ok
09:44:30.0281 1100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:44:30.0343 1100 aec - ok
09:44:30.0375 1100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:44:30.0375 1100 AFD - ok
09:44:30.0390 1100 Aha154x - ok
09:44:30.0390 1100 aic78u2 - ok
09:44:30.0406 1100 aic78xx - ok
09:44:30.0421 1100 AliIde - ok
09:44:30.0437 1100 amsint - ok
09:44:30.0453 1100 asc - ok
09:44:30.0468 1100 asc3350p - ok
09:44:30.0468 1100 asc3550 - ok
09:44:30.0500 1100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:44:30.0515 1100 AsyncMac - ok
09:44:30.0546 1100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:44:30.0546 1100 atapi - ok
09:44:30.0562 1100 Atdisk - ok
09:44:30.0593 1100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:44:30.0640 1100 Atmarpc - ok
09:44:30.0671 1100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:44:30.0671 1100 audstub - ok
09:44:30.0734 1100 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:44:30.0781 1100 b57w2k - ok
09:44:30.0812 1100 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
09:44:30.0828 1100 BANTExt - ok
09:44:30.0859 1100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:44:30.0890 1100 Beep - ok
09:44:30.0906 1100 catchme - ok
09:44:30.0937 1100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:44:30.0953 1100 cbidf2k - ok
09:44:31.0000 1100 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:44:31.0015 1100 CCDECODE - ok
09:44:31.0015 1100 cd20xrnt - ok
09:44:31.0046 1100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:44:31.0078 1100 Cdaudio - ok
09:44:31.0125 1100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:44:31.0125 1100 Cdfs - ok
09:44:31.0140 1100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:44:31.0187 1100 Cdrom - ok
09:44:31.0218 1100 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:44:31.0250 1100 cercsr6 - ok
09:44:31.0250 1100 Changer - ok
09:44:31.0265 1100 CmdIde - ok
09:44:31.0296 1100 Cpqarray - ok
09:44:31.0296 1100 Crrsamkdkptl - ok
09:44:31.0312 1100 dac2w2k - ok
09:44:31.0328 1100 dac960nt - ok
09:44:31.0343 1100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:44:31.0343 1100 Disk - ok
09:44:31.0390 1100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:44:31.0421 1100 dmboot - ok
09:44:31.0437 1100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:44:31.0437 1100 dmio - ok
09:44:31.0453 1100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:44:31.0468 1100 dmload - ok
09:44:31.0500 1100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:44:31.0531 1100 DMusic - ok
09:44:31.0562 1100 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
09:44:31.0578 1100 dot4 - ok
09:44:31.0609 1100 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
09:44:31.0625 1100 Dot4Print - ok
09:44:31.0656 1100 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
09:44:31.0671 1100 dot4usb - ok
09:44:31.0687 1100 dpti2o - ok
09:44:31.0703 1100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:44:31.0718 1100 drmkaud - ok
09:44:31.0734 1100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:44:31.0750 1100 Fastfat - ok
09:44:31.0765 1100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:44:31.0781 1100 Fdc - ok
09:44:31.0796 1100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:44:31.0828 1100 Fips - ok
09:44:31.0843 1100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:44:31.0859 1100 Flpydisk - ok
09:44:31.0906 1100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:44:31.0906 1100 FltMgr - ok
09:44:31.0921 1100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:44:31.0937 1100 Fs_Rec - ok
09:44:31.0953 1100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:44:31.0953 1100 Ftdisk - ok
09:44:31.0984 1100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:44:31.0984 1100 GEARAspiWDM - ok
09:44:32.0000 1100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:44:32.0031 1100 Gpc - ok
09:44:32.0062 1100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:44:32.0078 1100 hidusb - ok
09:44:32.0093 1100 hpn - ok
09:44:32.0156 1100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:44:32.0156 1100 HTTP - ok
09:44:32.0171 1100 i2omgmt - ok
09:44:32.0187 1100 i2omp - ok
09:44:32.0265 1100 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:44:32.0312 1100 ialm - ok
09:44:32.0375 1100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:44:32.0406 1100 Imapi - ok
09:44:32.0437 1100 ini910u - ok
09:44:32.0468 1100 IntelIde - ok
09:44:32.0578 1100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:44:32.0609 1100 intelppm - ok
09:44:32.0625 1100 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:44:32.0671 1100 Ip6Fw - ok
09:44:32.0687 1100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:44:32.0718 1100 IpFilterDriver - ok
09:44:32.0734 1100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:44:32.0750 1100 IpInIp - ok
09:44:32.0781 1100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:44:32.0796 1100 IpNat - ok
09:44:32.0828 1100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:44:32.0875 1100 IPSec - ok
09:44:32.0921 1100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:44:32.0937 1100 IRENUM - ok
09:44:32.0968 1100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:44:32.0968 1100 isapnp - ok
09:44:32.0984 1100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:44:33.0015 1100 Kbdclass - ok
09:44:33.0015 1100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:44:33.0031 1100 kbdhid - ok
09:44:33.0062 1100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:44:33.0078 1100 kmixer - ok
09:44:33.0125 1100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:44:33.0125 1100 KSecDD - ok
09:44:33.0140 1100 lbrtfdc - ok
09:44:33.0187 1100 LVRS - ok
09:44:33.0234 1100 LVUSBSta (9e9306063ecd8aa91b3fb76678d3cee2) C:\WINDOWS\system32\drivers\LVUSBSta.sys
09:44:33.0250 1100 LVUSBSta - ok
09:44:33.0312 1100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:44:33.0312 1100 mnmdd - ok
09:44:33.0359 1100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:44:33.0390 1100 Modem - ok
09:44:33.0390 1100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:44:33.0421 1100 Mouclass - ok
09:44:33.0453 1100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:44:33.0468 1100 mouhid - ok
09:44:33.0484 1100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:44:33.0484 1100 MountMgr - ok
09:44:33.0515 1100 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:44:33.0546 1100 MpFilter - ok
09:44:33.0671 1100 MpKsl03df81f6 - ok
09:44:33.0687 1100 MpKsl25d30bf3 - ok
09:44:33.0703 1100 MpKsl40af9164 - ok
09:44:33.0703 1100 MpKsl48ad5438 - ok
09:44:33.0718 1100 MpKsl897fcd61 - ok
09:44:33.0718 1100 MpKsl8f8c602e - ok
09:44:33.0718 1100 MpKsl8fd65632 - ok
09:44:33.0734 1100 MpKslb370d788 - ok
09:44:33.0796 1100 MpKslba9f823c (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{033A7827-0BB5-45F1-BD8E-6F56479A31E2}\MpKslba9f823c.sys
09:44:33.0796 1100 MpKslba9f823c - ok
09:44:33.0796 1100 MpKslccdcf84d - ok
09:44:33.0859 1100 mraid35x - ok
09:44:33.0890 1100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:44:33.0890 1100 MRxDAV - ok
09:44:33.0953 1100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:44:33.0953 1100 MRxSmb - ok
09:44:33.0968 1100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:44:33.0984 1100 Msfs - ok
09:44:34.0015 1100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:44:34.0031 1100 MSKSSRV - ok
09:44:34.0046 1100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:44:34.0046 1100 MSPCLOCK - ok
09:44:34.0078 1100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:44:34.0093 1100 MSPQM - ok
09:44:34.0125 1100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:44:34.0140 1100 mssmbios - ok
09:44:34.0156 1100 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:44:34.0171 1100 MSTEE - ok
09:44:34.0203 1100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:44:34.0203 1100 Mup - ok
09:44:34.0250 1100 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:44:34.0281 1100 NABTSFEC - ok
09:44:34.0312 1100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:44:34.0312 1100 NDIS - ok
09:44:34.0343 1100 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:44:34.0359 1100 NdisIP - ok
09:44:34.0406 1100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:44:34.0406 1100 NdisTapi - ok
09:44:34.0421 1100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:44:34.0437 1100 Ndisuio - ok
09:44:34.0453 1100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:44:34.0500 1100 NdisWan - ok
09:44:34.0562 1100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:44:34.0562 1100 NDProxy - ok
09:44:34.0578 1100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:44:34.0578 1100 NetBIOS - ok
09:44:34.0593 1100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:44:34.0640 1100 NetBT - ok
09:44:34.0671 1100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:44:34.0671 1100 Npfs - ok
09:44:34.0687 1100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:44:34.0703 1100 Ntfs - ok
09:44:34.0765 1100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:44:34.0765 1100 Null - ok
09:44:34.0812 1100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:44:34.0828 1100 NwlnkFlt - ok
09:44:34.0843 1100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:44:34.0875 1100 NwlnkFwd - ok
09:44:34.0953 1100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:44:35.0000 1100 Parport - ok
09:44:35.0031 1100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:44:35.0031 1100 PartMgr - ok
09:44:35.0078 1100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:44:35.0093 1100 ParVdm - ok
09:44:35.0093 1100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:44:35.0093 1100 PCI - ok
09:44:35.0109 1100 PCIDump - ok
09:44:35.0140 1100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:44:35.0140 1100 PCIIde - ok
09:44:35.0171 1100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:44:35.0203 1100 Pcmcia - ok
09:44:35.0203 1100 PDCOMP - ok
09:44:35.0218 1100 PDFRAME - ok
09:44:35.0234 1100 PDRELI - ok
09:44:35.0234 1100 PDRFRAME - ok
09:44:35.0265 1100 pepifilter - ok
09:44:35.0281 1100 perc2 - ok
09:44:35.0296 1100 perc2hib - ok
09:44:35.0312 1100 PID_PEPI - ok
09:44:35.0343 1100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:44:35.0375 1100 PptpMiniport - ok
09:44:35.0390 1100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:44:35.0437 1100 PSched - ok
09:44:35.0453 1100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:44:35.0468 1100 Ptilink - ok
09:44:35.0484 1100 ql1080 - ok
09:44:35.0484 1100 Ql10wnt - ok
09:44:35.0500 1100 ql12160 - ok
09:44:35.0515 1100 ql1240 - ok
09:44:35.0531 1100 ql1280 - ok
09:44:35.0546 1100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:44:35.0546 1100 RasAcd - ok
09:44:35.0562 1100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:44:35.0625 1100 Rasl2tp - ok
09:44:35.0640 1100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:44:35.0687 1100 RasPppoe - ok
09:44:35.0687 1100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:44:35.0734 1100 Raspti - ok
09:44:35.0750 1100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:44:35.0750 1100 Rdbss - ok
09:44:35.0765 1100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:44:35.0781 1100 RDPCDD - ok
09:44:35.0796 1100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:44:35.0843 1100 rdpdr - ok
09:44:35.0890 1100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:44:35.0890 1100 RDPWD - ok
09:44:35.0921 1100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:44:35.0953 1100 redbook - ok
09:44:36.0000 1100 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:44:36.0046 1100 RimUsb - ok
09:44:36.0078 1100 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
09:44:36.0187 1100 RT73 - ok
09:44:36.0312 1100 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:44:36.0312 1100 SASDIFSV - ok
09:44:36.0328 1100 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:44:36.0328 1100 SASKUTIL - ok
09:44:36.0375 1100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:44:36.0390 1100 Secdrv - ok
09:44:36.0453 1100 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:44:36.0484 1100 senfilt - ok
09:44:36.0546 1100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:44:36.0562 1100 serenum - ok
09:44:36.0578 1100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:44:36.0640 1100 Serial - ok
09:44:36.0687 1100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:44:36.0703 1100 Sfloppy - ok
09:44:36.0718 1100 Simbad - ok
09:44:36.0765 1100 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:44:36.0765 1100 SLIP - ok
09:44:36.0828 1100 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:44:36.0843 1100 smwdm - ok
09:44:36.0859 1100 Sparrow - ok
09:44:36.0875 1100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:44:36.0890 1100 splitter - ok
09:44:36.0921 1100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:44:36.0921 1100 sr - ok
09:44:36.0953 1100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:44:36.0953 1100 Srv - ok
09:44:37.0000 1100 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:44:37.0015 1100 StillCam - ok
09:44:37.0046 1100 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:44:37.0062 1100 streamip - ok
09:44:37.0093 1100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:44:37.0093 1100 swenum - ok
09:44:37.0125 1100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:44:37.0156 1100 swmidi - ok
09:44:37.0171 1100 symc810 - ok
09:44:37.0187 1100 symc8xx - ok
09:44:37.0203 1100 sym_hi - ok
09:44:37.0203 1100 sym_u3 - ok
09:44:37.0234 1100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:44:37.0281 1100 sysaudio - ok
09:44:37.0343 1100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:44:37.0343 1100 Tcpip - ok
09:44:37.0375 1100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:44:37.0375 1100 TDPIPE - ok
09:44:37.0406 1100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:44:37.0406 1100 TDTCP - ok
09:44:37.0437 1100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:44:37.0437 1100 TermDD - ok
09:44:37.0453 1100 TosIde - ok
09:44:37.0500 1100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:44:37.0531 1100 Udfs - ok
09:44:37.0546 1100 ultra - ok
09:44:37.0578 1100 UMAXPCLS (931e8cafcaa536e8252cd7a375ff9794) C:\WINDOWS\system32\DRIVERS\umaxpcls.sys
09:44:37.0593 1100 UMAXPCLS - ok
09:44:37.0656 1100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:44:37.0671 1100 Update - ok
09:44:37.0734 1100 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:44:37.0765 1100 usbaudio - ok
09:44:37.0796 1100 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:44:37.0812 1100 usbbus - ok
09:44:37.0859 1100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:44:37.0875 1100 usbccgp - ok
09:44:37.0921 1100 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:44:37.0937 1100 UsbDiag - ok
09:44:37.0968 1100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:44:38.0000 1100 usbehci - ok
09:44:38.0046 1100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:44:38.0093 1100 usbhub - ok
09:44:38.0109 1100 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:44:38.0140 1100 USBModem - ok
09:44:38.0156 1100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:44:38.0187 1100 usbprint - ok
09:44:38.0203 1100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:44:38.0218 1100 usbscan - ok
09:44:38.0250 1100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:44:38.0250 1100 USBSTOR - ok
09:44:38.0281 1100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:44:38.0296 1100 usbuhci - ok
09:44:38.0312 1100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:44:38.0328 1100 VgaSave - ok
09:44:38.0343 1100 ViaIde - ok
09:44:38.0359 1100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:44:38.0359 1100 VolSnap - ok
09:44:38.0390 1100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:44:38.0421 1100 Wanarp - ok
09:44:38.0421 1100 WDICA - ok
09:44:38.0453 1100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:44:38.0484 1100 wdmaud - ok
09:44:38.0562 1100 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:44:38.0593 1100 WpdUsb - ok
09:44:38.0640 1100 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:44:38.0656 1100 WSTCODEC - ok
09:44:38.0703 1100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:44:38.0703 1100 WudfPf - ok
09:44:38.0718 1100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:44:38.0781 1100 WudfRd - ok
09:44:38.0812 1100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:44:38.0890 1100 \Device\Harddisk0\DR0 - ok
09:44:38.0890 1100 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR3
09:44:39.0062 1100 \Device\Harddisk1\DR3 - ok
09:44:39.0078 1100 Boot (0x1200) (935712a755272b67a954343a9fa8bf8d) \Device\Harddisk0\DR0\Partition0
09:44:39.0078 1100 \Device\Harddisk0\DR0\Partition0 - ok
09:44:39.0078 1100 Boot (0x1200) (10204cf2c52d8dfa5a3784a5d7843101) \Device\Harddisk1\DR3\Partition0
09:44:39.0078 1100 \Device\Harddisk1\DR3\Partition0 - ok
09:44:39.0078 1100 ============================================================
09:44:39.0078 1100 Scan finished
09:44:39.0078 1100 ============================================================
09:44:39.0093 2696 Detected object count: 0
09:44:39.0093 2696 Actual detected object count: 0

The computer seems to be working fine now. No redirect, no pop ups while on the internet. My desktop is back II can access my start menu and program files. Do you think it is clean?

I appreciate all your help.

Leslie

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:22 AM

Posted 20 October 2011 - 11:51 AM

Good news :)

Couple more checks...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:12:22 AM

Posted 20 October 2011 - 11:38 PM

I ran the ESST Scanner first because I didn't see the top part of your post. It found no threats. Then I ran the Temp File Cleaner. The computer seems to be running great.

Leslie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users