Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
10 replies to this topic

#1 ktn

ktn

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 31 October 2011 - 04:43 PM

Lately every time I click on a link on google, it redirects me. I think it has made my computer slower than usual. I can't remember when the google redirect problem started happening, but its been awhile. I finally decided to seek help for it. I don't know if I have any other virus/malware problems, but if you guys at bleepingcomputer find any, please help me. Much appreciated!

I'm running Windows XP Home edition. I mostly use Google Chrome, but I think the google redirect virus still affects Firefox.

BC AdBot (Login to Remove)

 


#2 nesrinamb

nesrinamb

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thousand Oaks
  • Local time:08:38 PM

Posted 31 October 2011 - 06:12 PM

yes it does sound like a virus, I would recommend using something like combofix or GMER. Also you should run TDSS killer form Kaspersky, as well as make a complete scan of the system.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 PM

Posted 31 October 2011 - 10:21 PM

From the Blue text above this forum...

do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.


Please DO NOT recommend another to run it.

>>>>>>>>

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

Please do these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 ktn

ktn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 01 November 2011 - 07:32 PM

Yes I am on a router and the only other computer on the network doesn't have the google redirect problem. I started the malwarebytes scan, but it frozed my computer. I will try once again and post the results. Just wanted to update you.

MiniToolBox

MiniToolBox by Farbar
Ran by Kim (administrator) on 01-11-2011 at 16:15:13
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:5555

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 2

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

Error obtaining configuration for interface Local Area Connection.

Error obtaining configuration for interface Wireless Network Connection.



popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : NGUYENFAMILY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : kc.rr.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-13-A9-34-C1-13



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : kc.rr.com

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-16-6F-71-DB-F2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Tuesday, November 01, 2011 2:43:16 PM

Lease Expires . . . . . . . . . . : Wednesday, November 02, 2011 2:43:16 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.225.18, 74.125.225.19, 74.125.225.20, 74.125.225.16
74.125.225.17



Pinging google.com [74.125.225.50] with 32 bytes of data:



Reply from 74.125.225.50: bytes=32 time=28ms TTL=55

Reply from 74.125.225.50: bytes=32 time=27ms TTL=55



Ping statistics for 74.125.225.50:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 72.30.2.43, 98.137.149.56
98.139.180.149



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=83ms TTL=52

Reply from 67.195.160.76: bytes=32 time=82ms TTL=52



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 83ms, Average = 82ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 a9 34 c1 13 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 16 6f 71 db f2 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 20
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 25
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 25
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 25
255.255.255.255 255.255.255.255 192.168.1.101 2 1
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [321464] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/01/2011 02:52:59 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (11/01/2011 02:52:59 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/01/2011 02:52:57 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (11/01/2011 02:52:55 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:31 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (10/31/2011 04:58:31 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:28 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (10/31/2011 04:58:27 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:23 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:20 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (11/01/2011 02:42:46 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/31/2011 04:00:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
Lbd
redbook

Error: (10/31/2011 03:58:56 PM) (Source: Service Control Manager) (User: )
Description: The npkcrypt service failed to start due to the following error:
%%2

Error: (10/31/2011 03:57:20 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume2

Error: (10/31/2011 03:57:20 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume2

Error: (10/30/2011 07:34:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
Imapi
Lbd
redbook

Error: (10/30/2011 07:32:00 PM) (Source: Service Control Manager) (User: )
Description: The npkcrypt service failed to start due to the following error:
%%2

Error: (10/30/2011 07:30:43 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume2

Error: (10/30/2011 07:30:43 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume2

Error: (10/30/2011 04:50:26 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.


Microsoft Office Sessions:
=========================
Error: (11/01/2011 02:52:59 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (11/01/2011 02:52:59 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (11/01/2011 02:52:57 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (11/01/2011 02:52:55 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:31 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (10/31/2011 04:58:31 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:28 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (10/31/2011 04:58:27 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:23 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/31/2011 04:58:20 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.2.8900)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (Version: 10.1.85.3)
Adobe Photoshop Elements 3.0 (Version: 003.000.0000)
Adobe Reader 9.4.5 (Version: 9.4.5)
AiO_Scan_CDA (Version: 70.0.149.000)
AiOSoftwareNPI (Version: 70.0.149.000)
AVG 2011 (Version: 10.0.1411)
AVG 2011 (Version: 10.0.2092)
Bonjour (Version: 1.0.106)
Browser Defender 2.0.6.15 (Version: 2.0.6.15)
BufferChm (Version: 70.0.170.000)
C3100 (Version: 70.0.149.000)
c3100_Help (Version: 70.0.149.000)
Corel Painter Essentials 2 (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Destinations (Version: 70.0.170.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DVD or CD Sharing (Version: 1.0.1.4)
DVgate Plus
Fax_CDA (Version: 70.0.149.000)
Google Chrome (Version: 15.0.874.106)
Google Update Helper (Version: 1.3.21.79)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0.A
HPPhotoSmartExpress (Version: 70.0.170.000)
HTC Driver Installer (Version: 2.0.7.016)
HTC Sync (Version: 2.0.33)
Image Converter 2 Plus (Version: 2.2.01)
InstantShareDevicesMFC (Version: 70.0.170.000)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO (Version: 5.0-B11.739)
ISScript (Version: 3.00.185)
Macromedia Shockwave Player (Version: 10.1.3.18)
Malwarebytes' Anti-Malware
McAfee Security Scan Plus (Version: 2.0.181.2)
McAfee SiteAdvisor (Version: 3.4.143)
mCore (Version: 1.31.0000)
mDriver (Version: 1.31.0000)
Memory Stick Formatter
Messenger Plus! Live (Version: 4.82.0.368)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.05.0818)
mMHouse (Version: 1.31.0000)
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
mPfMgr (Version: 1.31.0000)
mProSafe (Version: 9.00.0000)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.31.0000)
NewCopy_CDA (Version: 70.0.149.000)
NVIDIA Drivers
OCR Software by I.R.I.S 7.0 (Version: 7.0)
Office 2003 Trial Assistant (Version: 1.0.0)
OpenMG Secure Module 4.3.00 (Version: 4.3.00.08302)
OpenOffice.org 3.0 (Version: 3.0.9358)
PanoStandAlone (Version: 70.0.170.000)
PhotoScape
ProductContextNPI (Version: 70.0.149.000)
Quicken 2006 (Version: 15.1.3.1)
QuickTime (Version: 7.62.14.0)
Readme (Version: 70.0.149.000)
Realtek High Definition Audio Driver (Version: 1.92)
Samsung Media Studio (Version: 5)
Samsung PC Studio (Version: 3.0.0.60203)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
Segoe UI (Version: 14.0.4327.805)
Setting Utility Series
Skype™ 5.5 (Version: 5.5.115)
Sony MP4 Shared Library (Version: 2.0)
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library (Version: 2.0.01)
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Doctor 7.0 (Version: 7.0)
Status (Version: 70.0.170.000)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.1.51.0)
Tablet
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central (Version: 1.1.02.071205)
VAIO Entertainment Platform (Version: 1.2.20.10060)
VAIO Event Service (Version: 2.2.00.06130)
VAIO Light Flo Wallpaper
VAIO Media 5.0 (Version: 5.0.00)
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0 (Version: 5.0.00)
VAIO Media Registration Tool 5.0 (Version: 5.0.00)
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management (Version: 1.7.01.10190)
VAIO Registration (Version: 15.1.0)
VAIO Security Center (Version: 1.02.1202)
VAIO Support Central (Version: 1.1.0.051121)
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA (Version: 4.02)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.5.0540.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 95%
Total physical RAM: 1014.11 MB
Available physical RAM: 44.42 MB
Total Pagefile: 2441.49 MB
Available Pagefile: 703.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.22 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:87.15 GB) (Free:29.69 GB) NTFS
2 Drive d: () (Removable) (Total:1.88 GB) (Free:0.31 GB) FAT

========================= Users: ========================================

User accounts for \\NGUYENFAMILY

Administrator ASPNET Back Up
Guest HelpAssistant Kim
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini012810-01.dmp
C:\WINDOWS\Minidump\Mini030109-01.dmp
C:\WINDOWS\Minidump\Mini032908-01.dmp
C:\WINDOWS\Minidump\Mini080708-01.dmp
C:\WINDOWS\Minidump\Mini081208-01.dmp
C:\WINDOWS\Minidump\Mini092609-01.dmp
C:\WINDOWS\Minidump\Mini101709-01.dmp
C:\WINDOWS\Minidump\Mini103108-01.dmp
C:\WINDOWS\Minidump\Mini112208-01.dmp
C:\WINDOWS\Minidump\Mini112208-02.dmp
C:\WINDOWS\Minidump\Mini112208-03.dmp

**** End of log ****











TSSKILLER Log

16:19:31.0093 4592 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
16:19:32.0187 4592 ============================================================
16:19:32.0187 4592 Current date / time: 2011/11/01 16:19:32.0187
16:19:32.0187 4592 SystemInfo:
16:19:32.0187 4592
16:19:32.0187 4592 OS Version: 5.1.2600 ServicePack: 3.0
16:19:32.0187 4592 Product type: Workstation
16:19:32.0187 4592 ComputerName: NGUYENFAMILY
16:19:32.0187 4592 UserName: Kim
16:19:32.0187 4592 Windows directory: C:\WINDOWS
16:19:32.0187 4592 System windows directory: C:\WINDOWS
16:19:32.0187 4592 Processor architecture: Intel x86
16:19:32.0187 4592 Number of processors: 1
16:19:32.0187 4592 Page size: 0x1000
16:19:32.0187 4592 Boot type: Normal boot
16:19:32.0187 4592 ============================================================
16:19:40.0390 4592 Initialize success
16:19:51.0375 3756 ============================================================
16:19:51.0375 3756 Scan started
16:19:51.0375 3756 Mode: Manual;
16:19:51.0375 3756 ============================================================
16:19:54.0265 3756 Abiosdsk - ok
16:19:54.0281 3756 abp480n5 - ok
16:19:54.0328 3756 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:19:54.0328 3756 ACPI - ok
16:19:54.0375 3756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:19:54.0390 3756 ACPIEC - ok
16:19:54.0406 3756 adpu160m - ok
16:19:54.0453 3756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:19:54.0453 3756 aec - ok
16:19:54.0515 3756 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:19:54.0515 3756 AegisP - ok
16:19:54.0578 3756 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
16:19:54.0609 3756 AFD - ok
16:19:54.0625 3756 Aha154x - ok
16:19:54.0640 3756 aic78u2 - ok
16:19:54.0656 3756 aic78xx - ok
16:19:54.0687 3756 AliIde - ok
16:19:54.0703 3756 amsint - ok
16:19:54.0750 3756 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:19:55.0203 3756 ApfiltrService - ok
16:19:55.0421 3756 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:19:55.0843 3756 Arp1394 - ok
16:19:56.0156 3756 asc - ok
16:19:56.0171 3756 asc3350p - ok
16:19:56.0203 3756 asc3550 - ok
16:19:56.0265 3756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:19:56.0609 3756 AsyncMac - ok
16:19:56.0750 3756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:19:56.0750 3756 atapi - ok
16:19:56.0765 3756 Atdisk - ok
16:19:56.0812 3756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:19:57.0093 3756 Atmarpc - ok
16:19:57.0312 3756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:19:57.0562 3756 audstub - ok
16:19:57.0687 3756 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:19:57.0718 3756 AVGIDSDriver - ok
16:19:57.0843 3756 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:19:57.0843 3756 AVGIDSEH - ok
16:19:57.0890 3756 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:19:57.0890 3756 AVGIDSFilter - ok
16:19:57.0937 3756 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:19:57.0937 3756 AVGIDSShim - ok
16:19:58.0062 3756 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:19:58.0234 3756 Avgldx86 - ok
16:19:58.0296 3756 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:19:58.0296 3756 Avgmfx86 - ok
16:19:58.0343 3756 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:19:58.0343 3756 Avgrkx86 - ok
16:19:58.0390 3756 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:19:58.0437 3756 Avgtdix - ok
16:19:58.0500 3756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:19:58.0812 3756 Beep - ok
16:19:58.0843 3756 catchme - ok
16:19:59.0000 3756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:19:59.0437 3756 cbidf2k - ok
16:19:59.0656 3756 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:19:59.0921 3756 CCDECODE - ok
16:19:59.0937 3756 cd20xrnt - ok
16:20:00.0000 3756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:20:00.0375 3756 Cdaudio - ok
16:20:00.0593 3756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:20:00.0937 3756 Cdfs - ok
16:20:01.0218 3756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:20:01.0218 3756 Cdrom - ok
16:20:01.0250 3756 Changer - ok
16:20:01.0296 3756 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:20:01.0671 3756 CmBatt - ok
16:20:01.0781 3756 CmdIde - ok
16:20:01.0843 3756 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:20:01.0859 3756 Compbatt - ok
16:20:01.0875 3756 Cpqarray - ok
16:20:01.0906 3756 dac2w2k - ok
16:20:01.0921 3756 dac960nt - ok
16:20:01.0937 3756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:20:01.0953 3756 Disk - ok
16:20:02.0046 3756 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:20:02.0578 3756 dmboot - ok
16:20:02.0703 3756 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
16:20:03.0000 3756 DMICall - ok
16:20:03.0187 3756 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:20:03.0578 3756 dmio - ok
16:20:03.0734 3756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:20:04.0000 3756 dmload - ok
16:20:04.0046 3756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:20:04.0046 3756 DMusic - ok
16:20:04.0078 3756 dpti2o - ok
16:20:04.0156 3756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:20:04.0156 3756 drmkaud - ok
16:20:04.0265 3756 dump_wmimmc - ok
16:20:04.0390 3756 EagleNT - ok
16:20:04.0421 3756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:20:04.0437 3756 Fastfat - ok
16:20:04.0468 3756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:20:04.0796 3756 Fdc - ok
16:20:04.0953 3756 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:20:05.0265 3756 Fips - ok
16:20:05.0312 3756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:20:05.0578 3756 Flpydisk - ok
16:20:05.0750 3756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:20:05.0750 3756 FltMgr - ok
16:20:05.0781 3756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:20:06.0031 3756 Fs_Rec - ok
16:20:06.0296 3756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:20:06.0312 3756 Ftdisk - ok
16:20:06.0328 3756 GEARAspiWDM - ok
16:20:06.0375 3756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:20:06.0593 3756 Gpc - ok
16:20:06.0656 3756 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:20:06.0671 3756 HDAudBus - ok
16:20:06.0796 3756 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:20:07.0046 3756 hidusb - ok
16:20:07.0187 3756 hpn - ok
16:20:07.0234 3756 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:20:07.0562 3756 HPZid412 - ok
16:20:07.0718 3756 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:20:07.0734 3756 HPZipr12 - ok
16:20:07.0781 3756 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:20:08.0171 3756 HPZius12 - ok
16:20:08.0343 3756 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
16:20:08.0796 3756 HSFHWAZL - ok
16:20:09.0015 3756 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
16:20:09.0328 3756 HSF_DPV - ok
16:20:09.0781 3756 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
16:20:10.0062 3756 HTCAND32 - ok
16:20:10.0296 3756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:20:10.0328 3756 HTTP - ok
16:20:10.0359 3756 i2omgmt - ok
16:20:10.0375 3756 i2omp - ok
16:20:10.0421 3756 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:20:10.0703 3756 i8042prt - ok
16:20:11.0328 3756 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:20:12.0234 3756 ialm - ok
16:20:12.0437 3756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:20:12.0453 3756 Imapi - ok
16:20:12.0468 3756 ini910u - ok
16:20:12.0828 3756 IntcAzAudAddService (8443479648f804445e9dafef0f219231) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:20:13.0000 3756 IntcAzAudAddService - ok
16:20:13.0265 3756 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:20:13.0265 3756 IntelIde - ok
16:20:13.0390 3756 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:20:13.0453 3756 intelppm - ok
16:20:13.0515 3756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:20:13.0890 3756 Ip6Fw - ok
16:20:14.0125 3756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:20:14.0609 3756 IpFilterDriver - ok
16:20:14.0828 3756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:20:15.0421 3756 IpInIp - ok
16:20:15.0671 3756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:20:15.0671 3756 IpNat - ok
16:20:15.0843 3756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:20:16.0375 3756 IPSec - ok
16:20:16.0625 3756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:20:16.0906 3756 IRENUM - ok
16:20:16.0953 3756 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:20:16.0968 3756 isapnp - ok
16:20:17.0046 3756 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:20:17.0265 3756 Kbdclass - ok
16:20:17.0437 3756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:20:17.0453 3756 kmixer - ok
16:20:17.0578 3756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:20:17.0578 3756 KSecDD - ok
16:20:17.0609 3756 Lbd - ok
16:20:17.0625 3756 lbrtfdc - ok
16:20:17.0718 3756 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:20:17.0718 3756 mdmxsdk - ok
16:20:17.0781 3756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:20:18.0062 3756 mnmdd - ok
16:20:18.0250 3756 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:20:18.0562 3756 Modem - ok
16:20:18.0750 3756 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:20:18.0984 3756 Mouclass - ok
16:20:19.0109 3756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:20:19.0250 3756 mouhid - ok
16:20:19.0421 3756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:20:19.0421 3756 MountMgr - ok
16:20:19.0453 3756 mraid35x - ok
16:20:19.0468 3756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:20:19.0515 3756 MRxDAV - ok
16:20:19.0593 3756 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:20:19.0593 3756 MRxSmb - ok
16:20:19.0640 3756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:20:19.0640 3756 Msfs - ok
16:20:19.0687 3756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:20:20.0000 3756 MSKSSRV - ok
16:20:20.0171 3756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:20:20.0312 3756 MSPCLOCK - ok
16:20:20.0343 3756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:20:20.0546 3756 MSPQM - ok
16:20:20.0734 3756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:20:20.0750 3756 mssmbios - ok
16:20:20.0796 3756 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:20:21.0062 3756 MSTEE - ok
16:20:21.0281 3756 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
16:20:21.0296 3756 Mup - ok
16:20:21.0359 3756 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:20:21.0625 3756 NABTSFEC - ok
16:20:21.0796 3756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:20:21.0812 3756 NDIS - ok
16:20:21.0843 3756 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:20:22.0328 3756 NdisIP - ok
16:20:22.0593 3756 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:20:22.0781 3756 NdisTapi - ok
16:20:22.0828 3756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:20:22.0828 3756 Ndisuio - ok
16:20:22.0906 3756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:20:23.0281 3756 NdisWan - ok
16:20:23.0484 3756 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
16:20:23.0734 3756 NDProxy - ok
16:20:23.0781 3756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:20:23.0781 3756 NetBIOS - ok
16:20:23.0859 3756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:20:24.0109 3756 NetBT - ok
16:20:24.0281 3756 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:20:24.0296 3756 NIC1394 - ok
16:20:24.0328 3756 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
16:20:24.0546 3756 nm - ok
16:20:24.0609 3756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:20:24.0625 3756 Npfs - ok
16:20:24.0671 3756 npkcrypt - ok
16:20:24.0734 3756 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
16:20:25.0125 3756 NPPTNT2 - ok
16:20:25.0296 3756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:20:25.0312 3756 Ntfs - ok
16:20:25.0375 3756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:20:25.0609 3756 Null - ok
16:20:25.0671 3756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:20:25.0890 3756 NwlnkFlt - ok
16:20:26.0062 3756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:20:26.0406 3756 NwlnkFwd - ok
16:20:26.0468 3756 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
16:20:26.0468 3756 NwlnkIpx - ok
16:20:26.0531 3756 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
16:20:26.0531 3756 NwlnkNb - ok
16:20:26.0578 3756 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
16:20:26.0578 3756 NwlnkSpx - ok
16:20:26.0625 3756 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:20:26.0625 3756 ohci1394 - ok
16:20:26.0796 3756 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:20:27.0015 3756 Parport - ok
16:20:27.0031 3756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:20:27.0046 3756 PartMgr - ok
16:20:27.0093 3756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:20:27.0156 3756 ParVdm - ok
16:20:27.0328 3756 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:20:27.0343 3756 PCI - ok
16:20:27.0375 3756 PCIDump - ok
16:20:27.0406 3756 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:20:27.0421 3756 PCIIde - ok
16:20:27.0468 3756 Pcmcia (9bc06f1a283bbb421c2606461cbe8e0b) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:20:27.0468 3756 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pcmcia.sys. Real md5: 9bc06f1a283bbb421c2606461cbe8e0b, Fake md5: 9e89ef60e9ee05e3f2eef2da7397f1c1
16:20:27.0484 3756 Pcmcia ( Rootkit.Win32.TDSS.tdl3 ) - infected
16:20:27.0484 3756 Pcmcia - detected Rootkit.Win32.TDSS.tdl3 (0)
16:20:27.0531 3756 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
16:20:27.0562 3756 PCTCore - ok
16:20:27.0578 3756 PDCOMP - ok
16:20:27.0609 3756 PDFRAME - ok
16:20:27.0625 3756 PDRELI - ok
16:20:27.0656 3756 PDRFRAME - ok
16:20:27.0687 3756 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
16:20:27.0687 3756 PenClass - ok
16:20:27.0718 3756 perc2 - ok
16:20:27.0734 3756 perc2hib - ok
16:20:27.0812 3756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:20:27.0968 3756 PptpMiniport - ok
16:20:28.0000 3756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:20:28.0171 3756 PSched - ok
16:20:28.0328 3756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:20:28.0468 3756 Ptilink - ok
16:20:28.0531 3756 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:20:28.0562 3756 PxHelp20 - ok
16:20:28.0578 3756 ql1080 - ok
16:20:28.0609 3756 Ql10wnt - ok
16:20:28.0625 3756 ql12160 - ok
16:20:28.0640 3756 ql1240 - ok
16:20:28.0671 3756 ql1280 - ok
16:20:28.0703 3756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:20:28.0875 3756 RasAcd - ok
16:20:29.0031 3756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:20:29.0250 3756 Rasl2tp - ok
16:20:29.0281 3756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:20:29.0562 3756 RasPppoe - ok
16:20:29.0718 3756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:20:29.0968 3756 Raspti - ok
16:20:30.0046 3756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:20:30.0062 3756 Rdbss - ok
16:20:30.0218 3756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:20:30.0421 3756 RDPCDD - ok
16:20:30.0500 3756 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:20:30.0796 3756 RDPWD - ok
16:20:30.0968 3756 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:20:30.0968 3756 redbook - ok
16:20:31.0078 3756 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
16:20:31.0484 3756 RTL8023xp - ok
16:20:31.0828 3756 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:20:31.0828 3756 s24trans - ok
16:20:31.0921 3756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:20:32.0031 3756 Secdrv - ok
16:20:32.0093 3756 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:20:32.0406 3756 Serial - ok
16:20:32.0593 3756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:20:32.0875 3756 Sfloppy - ok
16:20:32.0906 3756 Simbad - ok
16:20:32.0937 3756 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:20:33.0156 3756 SLIP - ok
16:20:33.0343 3756 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
16:20:33.0609 3756 SNC - ok
16:20:33.0671 3756 SonyImgF (b98be9c307a7f6695203a294276f9cd8) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
16:20:33.0859 3756 SonyImgF - ok
16:20:34.0015 3756 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:20:34.0390 3756 SONYPVU1 - ok
16:20:34.0671 3756 Sparrow - ok
16:20:34.0875 3756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:20:34.0890 3756 splitter - ok
16:20:34.0968 3756 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:20:34.0984 3756 sr - ok
16:20:35.0078 3756 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
16:20:35.0187 3756 Srv - ok
16:20:35.0640 3756 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:20:36.0109 3756 StillCam - ok
16:20:36.0734 3756 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:20:37.0140 3756 streamip - ok
16:20:37.0484 3756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:20:37.0796 3756 swenum - ok
16:20:38.0187 3756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:20:38.0218 3756 swmidi - ok
16:20:38.0328 3756 symc810 - ok
16:20:38.0390 3756 symc8xx - ok
16:20:38.0515 3756 sym_hi - ok
16:20:38.0609 3756 sym_u3 - ok
16:20:38.0718 3756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:20:38.0734 3756 sysaudio - ok
16:20:38.0921 3756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:20:39.0000 3756 Tcpip - ok
16:20:39.0078 3756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:20:39.0281 3756 TDPIPE - ok
16:20:39.0531 3756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:20:39.0750 3756 TDTCP - ok
16:20:40.0156 3756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:20:40.0703 3756 TermDD - ok
16:20:40.0890 3756 tifmsony (519a9a8fc39434b4ad4623ef8b0e0d4b) C:\WINDOWS\system32\drivers\tifmsony.sys
16:20:40.0968 3756 tifmsony - ok
16:20:41.0031 3756 TosIde - ok
16:20:41.0156 3756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:20:41.0750 3756 Udfs - ok
16:20:41.0890 3756 ultra - ok
16:20:41.0953 3756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:20:41.0968 3756 Update - ok
16:20:42.0046 3756 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:20:42.0265 3756 usbaudio - ok
16:20:42.0296 3756 usbbus - ok
16:20:42.0375 3756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:20:42.0593 3756 usbccgp - ok
16:20:42.0734 3756 UsbDiag - ok
16:20:42.0781 3756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:20:42.0937 3756 usbehci - ok
16:20:43.0046 3756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:20:43.0062 3756 usbhub - ok
16:20:43.0093 3756 USBModem - ok
16:20:43.0125 3756 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:20:43.0468 3756 usbprint - ok
16:20:43.0625 3756 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:20:43.0859 3756 usbscan - ok
16:20:43.0890 3756 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:20:43.0890 3756 usbstor - ok
16:20:43.0921 3756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:20:44.0156 3756 usbuhci - ok
16:20:44.0343 3756 usbvm321 (f9d550545afec1d581d2539f3488c4cd) C:\WINDOWS\system32\Drivers\usbvm321.sys
16:20:44.0546 3756 usbvm321 - ok
16:20:44.0609 3756 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
16:20:44.0859 3756 usb_rndisx - ok
16:20:45.0109 3756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:20:45.0343 3756 VgaSave - ok
16:20:45.0359 3756 ViaIde - ok
16:20:45.0406 3756 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:20:45.0406 3756 VolSnap - ok
16:20:45.0625 3756 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
16:20:45.0921 3756 w29n51 - ok
16:20:46.0125 3756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:20:46.0406 3756 Wanarp - ok
16:20:46.0500 3756 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:20:46.0796 3756 wanatw - ok
16:20:46.0953 3756 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
16:20:46.0953 3756 wceusbsh - ok
16:20:47.0109 3756 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:20:47.0203 3756 Wdf01000 - ok
16:20:47.0218 3756 WDICA - ok
16:20:47.0281 3756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:20:47.0281 3756 wdmaud - ok
16:20:47.0375 3756 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:20:47.0609 3756 winachsf - ok
16:20:47.0828 3756 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:20:47.0984 3756 WpdUsb - ok
16:20:48.0062 3756 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:20:48.0218 3756 WS2IFSL - ok
16:20:48.0375 3756 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:20:48.0609 3756 WSTCODEC - ok
16:20:48.0687 3756 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:20:48.0687 3756 WudfPf - ok
16:20:48.0718 3756 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:20:48.0937 3756 WudfRd - ok
16:20:49.0078 3756 XDva281 - ok
16:20:49.0156 3756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:20:49.0281 3756 \Device\Harddisk0\DR0 - ok
16:20:49.0296 3756 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
16:20:49.0296 3756 \Device\Harddisk1\DR3 - ok
16:20:49.0296 3756 Boot (0x1200) (bffeb2b794ae1449bed3fb5e83a26685) \Device\Harddisk0\DR0\Partition0
16:20:49.0312 3756 \Device\Harddisk0\DR0\Partition0 - ok
16:20:49.0312 3756 Boot (0x1200) (261671099b92716bb7807555c28918f5) \Device\Harddisk1\DR3\Partition0
16:20:49.0312 3756 \Device\Harddisk1\DR3\Partition0 - ok
16:20:49.0312 3756 ============================================================
16:20:49.0312 3756 Scan finished
16:20:49.0312 3756 ============================================================
16:20:49.0328 3320 Detected object count: 1
16:20:49.0328 3320 Actual detected object count: 1
16:21:51.0078 3320 Backup copy found, using it..
16:21:51.0546 3320 C:\WINDOWS\system32\DRIVERS\pcmcia.sys - will be cured on reboot
16:21:51.0562 3320 Pcmcia ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
16:22:50.0218 5876 Deinitialize success



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 PM

Posted 01 November 2011 - 08:18 PM

OK, yhe rootkit found should stop your Redirect..

Try MBAM in Safe MOde.

How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ktn

ktn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 02 November 2011 - 09:08 PM

This is the Mbam log! Looks like something was infected..

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8064

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11/2/2011 9:06:49 PM
mbam-log-2011-11-02 (21-06-49).txt

Scan type: Quick scan
Objects scanned: 230761
Time elapsed: 21 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-3817220516-2542076182-3326362983-1006\Dc477\cd joe jonas - see no more (feat. chris brown).com (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 PM

Posted 02 November 2011 - 09:40 PM

It appears to have found a Downloader in a Song and cleaned it, That is very rare.

This makes me want to run one last scan..

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 ktn

ktn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 04 November 2011 - 05:49 AM

This is what it found:

C:\Documents and Settings\Kim\Desktop\cnet_revosetup_exe.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\Documents and Settings\Kim\Local Settings\temp\ICReinstall\cnet_Pazera_Free_MP4_to_AVI_Converter_zip.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\Documents and Settings\Kim\Local Settings\temp\ICReinstall\cnet_revosetup_exe.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\Documents and Settings\Kim\Local Settings\temp\is1598539481\zgInstaller.exe	a variant of Win32/Toolbar.Zugo application	deleted - quarantined
C:\RECYCLER\S-1-5-21-3817220516-2542076182-3326362983-1006\Dc476.zip	probably a variant of Win32/Agent.HXWFOAK trojan	deleted - quarantined
C:\RECYCLER\S-1-5-21-3817220516-2542076182-3326362983-1006\Dc712.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP374\A0380700.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\System Volume Information\_restore{021D2686-EBFF-4030-BCBF-2BC93998321F}\RP374\A0380704.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\WINDOWS\system32\ts.dll	a variant of Win32/Sheldor.NAG trojan	cleaned by deleting - quarantined


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 PM

Posted 04 November 2011 - 10:39 AM

Looks good, how is it running now?
Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ktn

ktn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 04 November 2011 - 03:22 PM

Definitely faster, thanks for all your help! I will update to Adobe Reader X.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 PM

Posted 04 November 2011 - 08:11 PM

You're welcome!! Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users