Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still redirecting after Security Sphere uninstall


  • This topic is locked This topic is locked
26 replies to this topic

#1 billys999

billys999

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 21 October 2011 - 08:54 PM

Thank You for this site,and any help in advance. I got tagged with the Security Sphere download and googled the title. I found the BC uninstall and completed it.Thought all was good. Not quite. The symptoms now vary,sometimes redirecting relative removal links to bizarre security sites,sometimes not allowing any browser to even open.The bug is not allowing booting in Safe Mode with or without networking, even tried 'Last Known',to no avail.Have run several scans utilizing Super anti spyware and Malwarebytes. Which originally detected a trojan. Recent scans reveal nothing. Am currently using AVG antivirus after deleting Mcaffe when it allowed the program through with no warning. It's an old computer and not much ram, it is direct connect via ether to a router,other wireless systems unaffected. I have access to a clean PC which allows DL of DDS,GMER and Defogger. Gmer erred off on final step but displayed this msg on screen to disable IAT/EAT
disk device hardisk0 dro TDL4@MBR code has been found

The requested files are attached,and once again thanks for any assistance.
Billy

Windows XP pro, SP 3

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 25 October 2011 - 01:18 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 25 October 2011 - 01:13 PM

Gringo,

Thank you so much for you response. Here are the scans you requested

Billy

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 25 October 2011 - 01:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 26 October 2011 - 02:09 PM

Gringo, continuing thanks. I dl and ran Combofix. At the completion my AVG, had identified threat files that asked me to delete. I am running the 2012 ver of AVG which does not allow to Disable more that 15 minutes. I do not know if this affected a successful run or not. when completed, my screen had changed back to a wallpaper that we used around christmas, with no icons on the desktop. I rebooted and ran combofix again which it just hung, or stopped at "preparing to run". I have tried to recreate the search in google, selected the 'Bleeping" link and did not get redirected. Computer seems to be running better

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 26 October 2011 - 02:32 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 27 October 2011 - 05:16 PM

Gringo. Am attempting combofix with the added code. it stalls out after completing stage 3

#8 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 27 October 2011 - 05:27 PM

check that...CF broke free after an hour and is running again

#9 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 27 October 2011 - 05:54 PM

here we go
ComboFix 11-10-27.06 - Billy 10/27/2011 17:13:00.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.437 [GMT -5:00]
Running from: H:\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\mydnswatch
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2067-02-24 19:21 . 2003-02-05 08:02 79947 ------w- c:\windows\fw20.vxd
2011-10-27 05:09 . 2011-10-27 05:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-10-27 05:09 . 2011-10-27 05:09 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-10-18 22:48 . 2011-10-18 22:48 -------- d-----w- C:\$AVG
2011-10-18 21:19 . 2011-10-18 21:19 -------- dc----w- c:\documents and settings\Billy\Application Data\AVG2012
2011-10-18 21:18 . 2011-10-18 21:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-10-18 21:16 . 2011-10-27 11:38 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-18 21:16 . 2011-10-19 01:58 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-10-18 21:15 . 2011-10-18 21:15 -------- d-----w- c:\program files\AVG
2011-10-18 21:12 . 2011-10-27 11:38 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-18 14:12 . 2011-10-18 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-14 17:28 . 2011-10-18 14:04 -------- dc----w- c:\documents and settings\All Users\Application Data\mJ01300CoHjI01300
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 16:41 . 2007-10-09 18:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2002-08-29 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2002-08-29 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2002-09-23 19:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2002-08-29 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-08-29 11:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-08-03 16:12 . 2011-08-03 16:12 388096 -c--a-r- c:\documents and settings\Billy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2008-01-24 20:11 . 2008-01-28 00:50 690088 ------w- c:\program files\rr-free-setup.exe
2007-07-15 15:07 . 2007-07-15 15:08 2626744 -c----w- c:\program files\comcast_photoshow_deluxe_4.exe
2006-03-22 20:34 . 2006-03-22 20:34 774144 ------w- c:\program files\RngInterstitial.dll
2001-11-17 01:05 . 2001-11-17 01:05 650 ------w- c:\program files\layout.bin
2001-11-17 01:05 . 2001-11-17 01:05 34816 ------w- c:\program files\_Setup.dll
2001-11-17 01:05 . 2001-11-17 01:05 27648 ------w- c:\program files\_ISDel.exe
2007-07-25 12:09 . 2006-12-11 18:24 135680 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 19:01 . 2010-07-02 13:03 24376 ------w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-21 4615552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-06-10 785520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2011-05-18 1233856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
.
c:\documents and settings\Billy\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-28 575488]
UltimateZip Quick Start.lnk - c:\program files\UltimateZip\uzqkst.exe [2004-4-30 323072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-5-27 113664]
America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0\aoltray.exe [2003-1-16 32839]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-1-16 24576]
FlashPath Monitor.lnk - c:\program files\SmartDisk\FlashPath\sdstat.exe [2003-1-25 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
Watch.lnk - c:\windows\TWAIN_32\S6U12BX\WATCH.exe [2003-12-13 356352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-21 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-27 05:25 10536 ------w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Hewlett-Packard\\Remote Graphics Sender\\rgsender.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP LinkUp Sender\\LinkUpZeroC.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP LinkUp Sender\\LinkUpFTSender.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24742:TCP"= 24742:TCP:BitComet 24742 TCP
"24742:UDP"= 24742:UDP:BitComet 24742 UDP
"12466:TCP"= 12466:TCP:BitComet 12466 TCP
"12466:UDP"= 12466:UDP:BitComet 12466 UDP
"22928:TCP"= 22928:TCP:BitComet 22928 TCP
"22928:UDP"= 22928:UDP:BitComet 22928 UDP
"20782:TCP"= 20782:TCP:BitComet 20782 TCP
"20782:UDP"= 20782:UDP:BitComet 20782 UDP
"9828:TCP"= 9828:TCP:BitComet 9828 TCP
"9828:UDP"= 9828:UDP:BitComet 9828 UDP
"45999:TCP"= 45999:TCP:LinkUpFTSender.exe
"7000:TCP"= 7000:TCP:Windows Easy Transfer TCP port
"7000:UDP"= 7000:UDP:Windows Easy Transfer UDP port
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/11/2011 1:13 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/11/2011 1:14 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [7/12/2011 4:55 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 FlashNT;FlashNT;c:\windows\SYSTEM32\DRIVERS\FLASHNT.SYS [1/25/2003 4:39 PM 72784]
R2 HPLinkUpZeroC;HP LinkUp Auto Discovery Service;c:\program files\Hewlett-Packard\HP LinkUp Sender\LinkUpZeroC.exe [8/10/2011 9:15 PM 258616]
R2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\Remote Graphics Sender\rgsendersvc.exe [8/10/2011 9:17 PM 372736]
R2 Sdselect;Sdselect;c:\windows\SYSTEM32\DRIVERS\sdselect.sys [1/25/2003 4:39 PM 73296]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
R3 hprg;hprg;c:\windows\SYSTEM32\DRIVERS\hprg.sys [8/10/2011 9:17 PM 8760]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2010 12:33 AM 136176]
S2 McMPFSvc;McAfee Personal Firewall Service; [x]
S2 RoxLiveShare10;LiveShare P2P Server 10; [x]
S2 SessionLauncher;SessionLauncher; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2010 12:33 AM 136176]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\DRIVERS\fw220.sys --> c:\windows\system32\DRIVERS\fw220.sys [?]
S3 Rdpddersrhh1;Rdpddersrhh1;c:\windows\SYSTEM32\DRIVERS\hsf_cnxt.sys [1/1/1980 1:00 AM 584336]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/12/2011 3:08 PM 11624]
S4 Rdsxsf;Rdsxsf; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 16:58]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 05:32]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 05:32]
.
2011-10-27 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-30 06:47]
.
2011-10-07 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-01-20 00:33]
.
2011-08-06 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-01-20 00:33]
.
2011-10-27 c:\windows\Tasks\User_Feed_Synchronization-{D8B7BC17-3B9B-4DEF-B89C-446332843C89}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
2011-02-11 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-01-20 00:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gulfcoast.cox.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &D&ownload all video with BitComet
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\zmwoyttb.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKfox000&fl=0&ptb=PWd08fxO0_kRRHuwjjDj8w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-27 17:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200JB-75CRA0 rev.16.06V16 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8730931B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4183356004-4266627318-3309149931-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CBA36BCB-30AF-3EFD-9584-3C8E2C7C6AC1}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaoammhhlpgcadcbgp"=hex:6b,61,63,65,70,6d,6f,6d,6d,67,64,6c,65,6c,64,6e,61,63,
68,68,6a,61,00,00
"hamackibkcnifndj"=hex:6b,61,63,65,70,6d,6f,6d,6d,67,64,6c,65,6c,64,6e,61,63,
68,68,6a,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}*]
"Q3FBLH6RIF6MYMN6VD31LVQSMD1"=hex:01,00,00,00,00,00,00,00,5c,63,e8,cf,f7,e6,fd,
3a
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-27 17:49:56
ComboFix-quarantined-files.txt 2011-10-27 22:49
ComboFix2.txt 2007-12-31 09:33
.
Pre-Run: 10,886,221,824 bytes free
Post-Run: 10,885,677,056 bytes free
.
- - End Of File - - 93580DDA6D805874CA641E60E1E6DC31

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 27 October 2011 - 06:27 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 28 October 2011 - 12:07 AM

G, other than having svchost file than occasionally runs amuck and pegs the system, everything seems fine. I am going to shut the system down and see if that process is still acting wacky.
Here are the requested logs....

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8033

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/27/2011 11:14:24 PM
mbam-log-2011-10-27 (23-14-24).txt

Scan type: Quick scan
Objects scanned: 188314
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:08 PM, on 10/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Remote Graphics Sender\rgsendersvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Hewlett-Packard\Remote Graphics Sender\rgsender.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\Program Files\Hewlett-Packard\HP LinkUp Sender\LinkUpZeroC.exe
C:\WINDOWS\TWAIN_32\S6U12BX\WATCH.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\UltimateZip\uzqkst.exe
C:\Program Files\Hewlett-Packard\HP LinkUp Sender\LinkUpFTSender.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hewlett-Packard\Remote Graphics Sender\rgsender_gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gulfcoast.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.comcast.net/comcast.html"); (C:\Documents and Settings\BILLY\Application Data\Mozilla\Profiles\default\d21iv9qo.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BILLY\Application Data\Mozilla\Profiles\default\d21iv9qo.slt\prefs.js)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: FlashPath Monitor.lnk = C:\Program Files\SmartDisk\FlashPath\sdstat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.6.0_17) -
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - GEAR Software Inc. - (no file)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LinkUp Auto Discovery Service (HPLinkUpZeroC) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP LinkUp Sender\LinkUpZeroC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - MagicISO, Inc. - (no file)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: Rdpddersrhh1 - Conexant Systems - C:\WINDOWS\System32\drivers\HSF_CNXT.sys
O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\Remote Graphics Sender\rgsendersvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Conexant Systems - (no file)
O23 - Service: Roxio UPnP Renderer 9 - Conexant Systems - (no file)
O23 - Service: Roxio Upnp Server 9 - Conexant Systems - (no file)
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Conexant Systems - (no file)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Conexant Systems - (no file)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12009 bytes

Java and Adobe updated, old versions deleted

#12 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 28 October 2011 - 03:02 AM

Firefox does not seem to be working....

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:17 PM

Posted 28 October 2011 - 03:13 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 28 October 2011 - 03:06 PM

Gring. Apologize for the delay here is the tdss report after a reboot was requested. One infected rootkit file.


04:36:30.0796 1656 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
04:36:32.0796 1656 ============================================================
04:36:32.0796 1656 Current date / time: 2011/10/28 04:36:32.0796
04:36:32.0796 1656 SystemInfo:
04:36:32.0796 1656
04:36:32.0796 1656 OS Version: 5.1.2600 ServicePack: 3.0
04:36:32.0796 1656 Product type: Workstation
04:36:32.0796 1656 ComputerName: TIKI-BAR
04:36:32.0796 1656 UserName: Billy
04:36:32.0796 1656 Windows directory: C:\WINDOWS
04:36:32.0796 1656 System windows directory: C:\WINDOWS
04:36:32.0796 1656 Processor architecture: Intel x86
04:36:32.0796 1656 Number of processors: 1
04:36:32.0796 1656 Page size: 0x1000
04:36:32.0796 1656 Boot type: Normal boot
04:36:32.0796 1656 ============================================================
04:36:45.0406 1656 Initialize success
04:37:03.0031 0856 ============================================================
04:37:03.0031 0856 Scan started
04:37:03.0031 0856 Mode: Manual;
04:37:03.0031 0856 ============================================================
04:37:04.0406 0856 Abiosdsk - ok
04:37:04.0515 0856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
04:37:04.0531 0856 abp480n5 - ok
04:37:04.0625 0856 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:37:04.0625 0856 ACPI - ok
04:37:04.0703 0856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
04:37:04.0703 0856 ACPIEC - ok
04:37:04.0812 0856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
04:37:04.0812 0856 adpu160m - ok
04:37:04.0859 0856 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
04:37:04.0875 0856 aeaudio - ok
04:37:04.0937 0856 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:37:04.0953 0856 aec - ok
04:37:05.0031 0856 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:37:05.0031 0856 AFD - ok
04:37:05.0109 0856 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
04:37:05.0109 0856 AFS2K - ok
04:37:05.0171 0856 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
04:37:05.0187 0856 agp440 - ok
04:37:05.0234 0856 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
04:37:05.0234 0856 agpCPQ - ok
04:37:05.0328 0856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
04:37:05.0343 0856 Aha154x - ok
04:37:05.0421 0856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
04:37:05.0421 0856 aic78u2 - ok
04:37:05.0531 0856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
04:37:05.0531 0856 aic78xx - ok
04:37:05.0640 0856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
04:37:05.0640 0856 AliIde - ok
04:37:05.0734 0856 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
04:37:05.0734 0856 alim1541 - ok
04:37:05.0812 0856 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
04:37:05.0812 0856 amdagp - ok
04:37:05.0921 0856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
04:37:05.0921 0856 amsint - ok
04:37:06.0046 0856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
04:37:06.0046 0856 asc - ok
04:37:06.0125 0856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
04:37:06.0125 0856 asc3350p - ok
04:37:06.0218 0856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
04:37:06.0234 0856 asc3550 - ok
04:37:06.0359 0856 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:37:06.0359 0856 AsyncMac - ok
04:37:06.0421 0856 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:37:06.0421 0856 atapi - ok
04:37:06.0484 0856 Atdisk - ok
04:37:06.0609 0856 ati2mtaa (075e091eebb450eedae9da74f5b46494) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
04:37:06.0671 0856 ati2mtaa - ok
04:37:06.0750 0856 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:37:06.0765 0856 Atmarpc - ok
04:37:06.0875 0856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:37:06.0875 0856 audstub - ok
04:37:07.0000 0856 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
04:37:07.0000 0856 AVGIDSDriver - ok
04:37:07.0062 0856 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
04:37:07.0062 0856 AVGIDSEH - ok
04:37:07.0093 0856 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
04:37:07.0109 0856 AVGIDSFilter - ok
04:37:07.0187 0856 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
04:37:07.0187 0856 AVGIDSShim - ok
04:37:07.0265 0856 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
04:37:07.0265 0856 Avgldx86 - ok
04:37:07.0343 0856 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
04:37:07.0343 0856 Avgmfx86 - ok
04:37:07.0406 0856 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
04:37:07.0421 0856 Avgrkx86 - ok
04:37:07.0546 0856 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
04:37:07.0578 0856 Avgtdix - ok
04:37:07.0671 0856 basic2 (9372cc48814a17e67c28945eb4acc189) C:\WINDOWS\system32\DRIVERS\basic2.sys
04:37:07.0671 0856 basic2 - ok
04:37:07.0734 0856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:37:07.0734 0856 Beep - ok
04:37:07.0812 0856 bvrp_pci - ok
04:37:08.0015 0856 catchme - ok
04:37:08.0109 0856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
04:37:08.0125 0856 cbidf - ok
04:37:08.0171 0856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:37:08.0171 0856 cbidf2k - ok
04:37:08.0281 0856 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:37:08.0281 0856 CCDECODE - ok
04:37:08.0343 0856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
04:37:08.0359 0856 cd20xrnt - ok
04:37:08.0406 0856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:37:08.0406 0856 Cdaudio - ok
04:37:08.0500 0856 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:37:08.0515 0856 Cdfs - ok
04:37:08.0593 0856 Cdr4_xp (9714b7c918c6543d69074ec101f86ac4) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
04:37:08.0625 0856 Cdr4_xp - ok
04:37:08.0687 0856 Cdralw2k (0d856d16c08440bfb566d6cdd9948d4e) C:\WINDOWS\system32\drivers\Cdralw2k.sys
04:37:08.0687 0856 Cdralw2k - ok
04:37:08.0765 0856 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
04:37:08.0781 0856 cdrbsdrv - ok
04:37:08.0890 0856 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:37:08.0890 0856 Cdrom - ok
04:37:09.0015 0856 Changer - ok
04:37:09.0125 0856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
04:37:09.0125 0856 CmdIde - ok
04:37:09.0203 0856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
04:37:09.0203 0856 Cpqarray - ok
04:37:09.0296 0856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
04:37:09.0312 0856 dac2w2k - ok
04:37:09.0390 0856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
04:37:09.0390 0856 dac960nt - ok
04:37:09.0578 0856 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:37:09.0578 0856 Disk - ok
04:37:09.0656 0856 DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
04:37:09.0656 0856 DLABMFSM - ok
04:37:09.0750 0856 DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
04:37:09.0750 0856 DLABOIOM - ok
04:37:09.0812 0856 DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
04:37:09.0812 0856 DLACDBHM - ok
04:37:09.0921 0856 DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
04:37:09.0921 0856 DLADResM - ok
04:37:09.0984 0856 DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
04:37:10.0000 0856 DLAIFS_M - ok
04:37:10.0046 0856 DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
04:37:10.0062 0856 DLAOPIOM - ok
04:37:10.0125 0856 DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
04:37:10.0125 0856 DLAPoolM - ok
04:37:10.0187 0856 DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
04:37:10.0187 0856 DLARTL_M - ok
04:37:10.0234 0856 DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
04:37:10.0250 0856 DLAUDFAM - ok
04:37:10.0312 0856 DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
04:37:10.0312 0856 DLAUDF_M - ok
04:37:10.0468 0856 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:37:10.0484 0856 dmboot - ok
04:37:10.0578 0856 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:37:10.0593 0856 dmio - ok
04:37:10.0656 0856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:37:10.0656 0856 dmload - ok
04:37:10.0734 0856 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:37:10.0734 0856 DMusic - ok
04:37:10.0859 0856 Dot4 HPH11 (02e5d9216994b7c77bbfe01adcb783a4) C:\WINDOWS\system32\DRIVERS\hphid411.sys
04:37:10.0859 0856 Dot4 HPH11 - ok
04:37:10.0984 0856 Dot4Print HPH11 (0fcc3ed5a97260eec98ceae8167e940a) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
04:37:10.0984 0856 Dot4Print HPH11 - ok
04:37:11.0046 0856 Dot4Usb HPH11 (08b9bf9c88867d3b70473657ae4307b3) C:\WINDOWS\system32\drivers\hphius11.sys
04:37:11.0046 0856 Dot4Usb HPH11 - ok
04:37:11.0109 0856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
04:37:11.0125 0856 dpti2o - ok
04:37:11.0171 0856 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:37:11.0187 0856 drmkaud - ok
04:37:11.0250 0856 drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
04:37:11.0265 0856 drvmcdb - ok
04:37:11.0343 0856 DRVNDDM (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
04:37:11.0359 0856 DRVNDDM - ok
04:37:11.0531 0856 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
04:37:11.0546 0856 DSproct - ok
04:37:11.0640 0856 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
04:37:11.0640 0856 dsunidrv - ok
04:37:11.0734 0856 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
04:37:11.0734 0856 E100B - ok
04:37:11.0828 0856 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
04:37:11.0828 0856 EL90XBC - ok
04:37:11.0968 0856 Fallback (9ea76a7f28cd968f8adc709e479f23b2) C:\WINDOWS\system32\DRIVERS\fallback.sys
04:37:12.0000 0856 Fallback - ok
04:37:12.0078 0856 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:37:12.0078 0856 Fastfat - ok
04:37:12.0203 0856 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:37:12.0203 0856 Fdc - ok
04:37:12.0250 0856 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:37:12.0265 0856 Fips - ok
04:37:12.0343 0856 FlashNT (336d337a862fb994edad4426fc275fc6) C:\WINDOWS\system32\drivers\FlashNT.sys
04:37:12.0359 0856 FlashNT - ok
04:37:12.0453 0856 Flpydisk (badedbf182e560fa9a179b0f5f552958) C:\WINDOWS\system32\Drivers\Sdfloppy.sys
04:37:12.0453 0856 Flpydisk - ok
04:37:12.0515 0856 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:37:12.0515 0856 FltMgr - ok
04:37:12.0609 0856 Fsks (b7b262d0431374f3afd1349e35b368d9) C:\WINDOWS\system32\DRIVERS\fsksnt.sys
04:37:12.0625 0856 Fsks - ok
04:37:12.0734 0856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:37:12.0734 0856 Fs_Rec - ok
04:37:12.0781 0856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:37:12.0781 0856 Ftdisk - ok
04:37:12.0859 0856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
04:37:12.0875 0856 GEARAspiWDM - ok
04:37:12.0968 0856 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:37:12.0968 0856 Gpc - ok
04:37:13.0062 0856 GT680x (3ed7c522c3361b7f3dd9ae12fb0ee603) C:\WINDOWS\system32\DRIVERS\GT680x.SYS
04:37:13.0062 0856 GT680x - ok
04:37:13.0218 0856 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:37:13.0250 0856 HidUsb - ok
04:37:13.0390 0856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
04:37:13.0390 0856 hpn - ok
04:37:13.0468 0856 hprg (2a797cc54b88c883dc67ea61c666b4a6) C:\WINDOWS\system32\DRIVERS\hprg.sys
04:37:13.0468 0856 hprg - ok
04:37:13.0625 0856 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
04:37:13.0687 0856 HSFHWBS2 - ok
04:37:13.0843 0856 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
04:37:13.0890 0856 HSF_DP - ok
04:37:14.0093 0856 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
04:37:14.0125 0856 hsf_msft - ok
04:37:14.0218 0856 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:37:14.0218 0856 HTTP - ok
04:37:14.0328 0856 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
04:37:14.0328 0856 i2omgmt - ok
04:37:14.0406 0856 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
04:37:14.0421 0856 i2omp - ok
04:37:14.0515 0856 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:37:14.0531 0856 i8042prt - ok
04:37:14.0703 0856 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
04:37:14.0734 0856 i81x - ok
04:37:14.0906 0856 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
04:37:14.0921 0856 iAimFP0 - ok
04:37:14.0984 0856 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
04:37:14.0984 0856 iAimFP1 - ok
04:37:15.0031 0856 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
04:37:15.0046 0856 iAimFP2 - ok
04:37:15.0109 0856 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
04:37:15.0125 0856 iAimFP3 - ok
04:37:15.0250 0856 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
04:37:15.0250 0856 iAimFP4 - ok
04:37:15.0359 0856 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
04:37:15.0359 0856 iAimTV0 - ok
04:37:15.0421 0856 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
04:37:15.0437 0856 iAimTV1 - ok
04:37:15.0484 0856 iAimTV2 - ok
04:37:15.0609 0856 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
04:37:15.0609 0856 iAimTV3 - ok
04:37:15.0718 0856 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
04:37:15.0718 0856 iAimTV4 - ok
04:37:15.0875 0856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:37:15.0890 0856 Imapi - ok
04:37:16.0015 0856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
04:37:16.0031 0856 ini910u - ok
04:37:16.0125 0856 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
04:37:16.0156 0856 IntelIde - ok
04:37:16.0250 0856 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:37:16.0250 0856 intelppm - ok
04:37:16.0359 0856 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:37:16.0375 0856 ip6fw - ok
04:37:16.0484 0856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:37:16.0500 0856 IpFilterDriver - ok
04:37:16.0609 0856 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:37:16.0625 0856 IpInIp - ok
04:37:16.0781 0856 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:37:16.0812 0856 IpNat - ok
04:37:16.0921 0856 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:37:16.0937 0856 IPSec - ok
04:37:17.0015 0856 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:37:17.0031 0856 IRENUM - ok
04:37:17.0125 0856 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:37:17.0125 0856 isapnp - ok
04:37:17.0390 0856 K56 (a4e3277398c8aba999483d4c658c9696) C:\WINDOWS\system32\DRIVERS\k56nt.sys
04:37:17.0484 0856 K56 - ok
04:37:17.0640 0856 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:37:17.0640 0856 Kbdclass - ok
04:37:17.0765 0856 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:37:17.0796 0856 kmixer - ok
04:37:17.0890 0856 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:37:17.0906 0856 KSecDD - ok
04:37:18.0000 0856 lbrtfdc - ok
04:37:18.0093 0856 McAfeePF - ok
04:37:18.0218 0856 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
04:37:18.0234 0856 mcdbus - ok
04:37:18.0312 0856 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
04:37:18.0312 0856 mdmxsdk - ok
04:37:18.0390 0856 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
04:37:18.0390 0856 mferkdk - ok
04:37:18.0593 0856 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
04:37:18.0593 0856 mfesmfk - ok
04:37:18.0703 0856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:37:18.0703 0856 mnmdd - ok
04:37:18.0781 0856 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:37:18.0781 0856 Modem - ok
04:37:18.0875 0856 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
04:37:18.0875 0856 MODEMCSA - ok
04:37:19.0000 0856 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:37:19.0000 0856 Mouclass - ok
04:37:19.0062 0856 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:37:19.0062 0856 MountMgr - ok
04:37:19.0140 0856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
04:37:19.0140 0856 mraid35x - ok
04:37:19.0250 0856 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:37:19.0281 0856 MRxDAV - ok
04:37:19.0390 0856 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:37:19.0421 0856 MRxSmb - ok
04:37:19.0531 0856 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:37:19.0531 0856 Msfs - ok
04:37:19.0640 0856 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:37:19.0640 0856 MSKSSRV - ok
04:37:19.0718 0856 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:37:19.0718 0856 MSPCLOCK - ok
04:37:19.0828 0856 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:37:19.0828 0856 MSPQM - ok
04:37:19.0937 0856 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:37:19.0937 0856 mssmbios - ok
04:37:20.0000 0856 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:37:20.0015 0856 MSTEE - ok
04:37:20.0109 0856 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:37:20.0140 0856 Mup - ok
04:37:20.0281 0856 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:37:20.0312 0856 NABTSFEC - ok
04:37:20.0375 0856 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:37:20.0390 0856 NDIS - ok
04:37:20.0546 0856 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:37:20.0546 0856 NdisIP - ok
04:37:20.0640 0856 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:37:20.0640 0856 NdisTapi - ok
04:37:20.0703 0856 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:37:20.0703 0856 Ndisuio - ok
04:37:20.0828 0856 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:37:20.0828 0856 NdisWan - ok
04:37:20.0937 0856 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:37:20.0937 0856 NDProxy - ok
04:37:21.0000 0856 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:37:21.0000 0856 NetBIOS - ok
04:37:21.0093 0856 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:37:21.0109 0856 NetBT - ok
04:37:21.0250 0856 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\System32\drivers\NMSCFG.SYS
04:37:21.0265 0856 NMSCFG - ok
04:37:21.0328 0856 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:37:21.0343 0856 Npfs - ok
04:37:21.0453 0856 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:37:21.0484 0856 Ntfs - ok
04:37:21.0562 0856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:37:21.0562 0856 Null - ok
04:37:21.0734 0856 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
04:37:21.0781 0856 nv - ok
04:37:21.0906 0856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:37:21.0921 0856 NwlnkFlt - ok
04:37:21.0984 0856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:37:21.0984 0856 NwlnkFwd - ok
04:37:22.0078 0856 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
04:37:22.0078 0856 omci - ok
04:37:22.0156 0856 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
04:37:22.0156 0856 P3 - ok
04:37:22.0250 0856 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
04:37:22.0250 0856 Parport - ok
04:37:22.0328 0856 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:37:22.0343 0856 PartMgr - ok
04:37:22.0390 0856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:37:22.0390 0856 ParVdm - ok
04:37:22.0468 0856 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:37:22.0468 0856 PCI - ok
04:37:22.0546 0856 PCIDump - ok
04:37:22.0625 0856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:37:22.0625 0856 PCIIde - ok
04:37:22.0687 0856 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
04:37:22.0703 0856 Pcmcia - ok
04:37:22.0765 0856 PDCOMP - ok
04:37:22.0828 0856 PDFRAME - ok
04:37:22.0859 0856 PDRELI - ok
04:37:22.0937 0856 PDRFRAME - ok
04:37:23.0015 0856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
04:37:23.0015 0856 perc2 - ok
04:37:23.0078 0856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
04:37:23.0078 0856 perc2hib - ok
04:37:23.0265 0856 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:37:23.0265 0856 PptpMiniport - ok
04:37:23.0312 0856 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
04:37:23.0312 0856 Processor - ok
04:37:23.0390 0856 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:37:23.0390 0856 PSched - ok
04:37:23.0468 0856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:37:23.0468 0856 Ptilink - ok
04:37:23.0578 0856 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
04:37:23.0578 0856 PxHelp20 - ok
04:37:23.0640 0856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
04:37:23.0656 0856 ql1080 - ok
04:37:23.0718 0856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
04:37:23.0718 0856 Ql10wnt - ok
04:37:23.0796 0856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
04:37:23.0812 0856 ql12160 - ok
04:37:23.0890 0856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
04:37:23.0890 0856 ql1240 - ok
04:37:24.0000 0856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
04:37:24.0000 0856 ql1280 - ok
04:37:24.0078 0856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:37:24.0078 0856 RasAcd - ok
04:37:24.0156 0856 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:37:24.0156 0856 Rasl2tp - ok
04:37:24.0234 0856 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:37:24.0234 0856 RasPppoe - ok
04:37:24.0328 0856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:37:24.0328 0856 Raspti - ok
04:37:24.0375 0856 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:37:24.0390 0856 Rdbss - ok
04:37:24.0453 0856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:37:24.0453 0856 RDPCDD - ok
04:37:24.0578 0856 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:37:24.0593 0856 rdpdr - ok
04:37:24.0703 0856 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:37:24.0703 0856 RDPWD - ok
04:37:24.0796 0856 Rdsxsf - ok
04:37:24.0921 0856 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:37:24.0921 0856 redbook - ok
04:37:25.0046 0856 Rksample (4c35e57300a2dc5932a8e29efa527c32) C:\WINDOWS\system32\DRIVERS\rksample.sys
04:37:25.0078 0856 Rksample - ok
04:37:25.0250 0856 SABProcEnum - ok
04:37:25.0359 0856 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:37:25.0359 0856 SASDIFSV - ok
04:37:25.0406 0856 SASENUM (2a5b34c162294160244ad71a943cd366) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
04:37:25.0421 0856 SASENUM - ok
04:37:25.0468 0856 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:37:25.0484 0856 SASKUTIL - ok
04:37:25.0609 0856 Sdselect (7c4b01e60c2fd76ed7bc408b87d226c3) C:\WINDOWS\system32\drivers\Sdselect.sys
04:37:25.0609 0856 Sdselect - ok
04:37:25.0718 0856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:37:25.0718 0856 Secdrv - ok
04:37:25.0828 0856 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:37:25.0843 0856 serenum - ok
04:37:25.0937 0856 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:37:25.0937 0856 Serial - ok
04:37:26.0062 0856 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:37:26.0062 0856 Sfloppy - ok
04:37:26.0203 0856 Simbad - ok
04:37:26.0250 0856 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
04:37:26.0250 0856 sisagp - ok
04:37:26.0328 0856 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:37:26.0328 0856 SLIP - ok
04:37:26.0453 0856 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
04:37:26.0468 0856 smwdm - ok
04:37:26.0640 0856 SoftFax (413cfa795cad19a010889df0ec060408) C:\WINDOWS\system32\DRIVERS\faxnt.sys
04:37:26.0671 0856 SoftFax - ok
04:37:26.0718 0856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
04:37:26.0734 0856 Sparrow - ok
04:37:26.0796 0856 SpeakerPhone (c11082c80723771c1979eacf7fdde1c3) C:\WINDOWS\system32\DRIVERS\spkpnt.sys
04:37:26.0812 0856 SpeakerPhone - ok
04:37:26.0937 0856 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:37:26.0937 0856 splitter - ok
04:37:27.0031 0856 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:37:27.0031 0856 sr - ok
04:37:27.0187 0856 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:37:27.0187 0856 Srv - ok
04:37:27.0312 0856 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:37:27.0312 0856 streamip - ok
04:37:27.0375 0856 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:37:27.0390 0856 swenum - ok
04:37:27.0453 0856 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:37:27.0453 0856 swmidi - ok
04:37:27.0593 0856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
04:37:27.0593 0856 symc810 - ok
04:37:27.0687 0856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
04:37:27.0687 0856 symc8xx - ok
04:37:27.0765 0856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
04:37:27.0765 0856 sym_hi - ok
04:37:27.0875 0856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
04:37:27.0890 0856 sym_u3 - ok
04:37:27.0937 0856 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:37:27.0937 0856 sysaudio - ok
04:37:28.0078 0856 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:37:28.0093 0856 Tcpip - ok
04:37:28.0171 0856 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:37:28.0171 0856 TDPIPE - ok
04:37:28.0265 0856 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:37:28.0265 0856 TDTCP - ok
04:37:28.0375 0856 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:37:28.0406 0856 TermDD - ok
04:37:28.0531 0856 Tones (e0f10a379239b4fab319c55a9cd6bc96) C:\WINDOWS\system32\DRIVERS\tonesnt.sys
04:37:28.0531 0856 Tones - ok
04:37:28.0640 0856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
04:37:28.0640 0856 TosIde - ok
04:37:28.0734 0856 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:37:28.0734 0856 Udfs - ok
04:37:28.0859 0856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
04:37:28.0859 0856 ultra - ok
04:37:28.0937 0856 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:37:28.0953 0856 Update - ok
04:37:29.0046 0856 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
04:37:29.0062 0856 usbaudio - ok
04:37:29.0156 0856 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:37:29.0187 0856 usbccgp - ok
04:37:29.0296 0856 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:37:29.0296 0856 usbehci - ok
04:37:29.0375 0856 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:37:29.0375 0856 usbhub - ok
04:37:29.0437 0856 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:37:29.0453 0856 usbprint - ok
04:37:29.0593 0856 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:37:29.0593 0856 usbscan - ok
04:37:29.0671 0856 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:37:29.0671 0856 USBSTOR - ok
04:37:29.0734 0856 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:37:29.0734 0856 usbuhci - ok
04:37:29.0843 0856 V124 (177b65899d418f8c8f037b20567a99d6) C:\WINDOWS\system32\DRIVERS\v124nt.sys
04:37:29.0859 0856 V124 - ok
04:37:29.0921 0856 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:37:29.0921 0856 VgaSave - ok
04:37:30.0031 0856 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
04:37:30.0031 0856 viaagp - ok
04:37:30.0125 0856 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
04:37:30.0125 0856 ViaIde - ok
04:37:30.0203 0856 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:37:30.0203 0856 VolSnap - ok
04:37:30.0421 0856 VX3000 (b763b9807e6927004916c999fdb44c77) C:\WINDOWS\system32\DRIVERS\VX3000.sys
04:37:30.0578 0856 VX3000 - ok
04:37:30.0734 0856 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:37:30.0734 0856 Wanarp - ok
04:37:30.0796 0856 wanatw (ba1d9278448cb26152a18b6a06b61ea3) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
04:37:30.0796 0856 wanatw - ok
04:37:30.0875 0856 WDICA - ok
04:37:30.0968 0856 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:37:30.0968 0856 wdmaud - ok
04:37:31.0078 0856 winachsf (a941aa38e3951058e584c4bbddd56ed9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
04:37:31.0093 0856 winachsf - ok
04:37:31.0375 0856 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:37:31.0406 0856 WS2IFSL - ok
04:37:31.0515 0856 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:37:31.0515 0856 WSTCODEC - ok
04:37:31.0640 0856 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:37:31.0687 0856 WudfPf - ok
04:37:31.0796 0856 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:37:31.0812 0856 WudfRd - ok
04:37:31.0921 0856 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
04:37:31.0921 0856 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
04:37:31.0921 0856 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
04:37:31.0937 0856 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR3
04:37:31.0953 0856 \Device\Harddisk1\DR3 - ok
04:37:31.0968 0856 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
04:37:31.0984 0856 \Device\Harddisk2\DR5 - ok
04:37:32.0031 0856 Boot (0x1200) (897dd050796e60f6a33dc84cf8d816fe) \Device\Harddisk0\DR0\Partition0
04:37:32.0031 0856 \Device\Harddisk0\DR0\Partition0 - ok
04:37:32.0062 0856 Boot (0x1200) (d89dae8112154378aa6380c7c217da94) \Device\Harddisk1\DR3\Partition0
04:37:32.0062 0856 \Device\Harddisk1\DR3\Partition0 - ok
04:37:32.0078 0856 Boot (0x1200) (6c80828d266a048c297b4b1e6f494d1c) \Device\Harddisk2\DR5\Partition0
04:37:32.0078 0856 \Device\Harddisk2\DR5\Partition0 - ok
04:37:32.0093 0856 ============================================================
04:37:32.0093 0856 Scan finished
04:37:32.0093 0856 ============================================================
04:37:32.0140 1476 Detected object count: 1
04:37:32.0140 1476 Actual detected object count: 1
04:37:56.0750 1476 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
04:37:56.0750 1476 \Device\Harddisk0\DR0 - ok
04:37:56.0750 1476 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
04:38:07.0968 0872 Deinitialize success

#15 billys999

billys999
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 28 October 2011 - 03:12 PM

G, After rebooting I reran tdss Killer when it did not continue on it's own. Apparently the infected file has been removed, as the next log is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users