Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Been Infected with:System Security 2012 + Rootkit, Malwarebyte doesn't update


  • This topic is locked This topic is locked
20 replies to this topic

#1 delandelan

delandelan

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 06 November 2011 - 10:56 PM

Hi and thanks for helping.

1) I installed microsoft's malware scanner and after 3 hours it found 9 infections, 2 of which were only partially erased.
2) I tried to reboot into Safe mode with network and I got the blue screen 0x07b(i think, it's been a few hours since it happened) When i researched it the result was that it was related to the boot sector.
3) Chrome wasn't launching.
4) it hasn't been able to reboot successfully (hangs on shutting down screen)
5) Today the GUI for the program system security 2012 popped up and erased or hid all of my desktop programs.
6) Malware bytes couldn't update. error code PROGRAM_ERROR_UPDATING(5,0,CreateFile) Access is denied.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by andy at 20:55:55 on 2011-11-06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.383 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\n7E8TqYCwkIr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070918
uSearch Page = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uSearch Bar = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070918
BHO: AutorunsDisabled - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\andy.dell320.000\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [attxxA0uvS8234A] c:\windows\system32\n7E8TqYCwkIr.exe
mRun: [D4aHsKfLgXjYeI] c:\documents and settings\andy.dell320.000\application data\dwme.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{D311FBDF-C2A8-4637-827C-B254F72EC85D} : DhcpNameServer = 64.71.255.198
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2007-9-18 3456]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-3 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-3 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-3 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-3 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-9 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-9 22216]
S1 txpojmkg;txpojmkg;\??\c:\windows\system32\drivers\txpojmkg.sys --> c:\windows\system32\drivers\txpojmkg.sys [?]
S2 srv11B4;srv11B4;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 gupdate1caf2abb04b3f32;Google Update Service (gupdate1caf2abb04b3f32);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 133104]
.
=============== Created Last 30 ================
.
2011-11-07 01:41:55 446962 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-07 01:39:43 -------- d-----w- c:\documents and settings\andy.dell320.000\application data\ZuciFna6W
2011-11-07 01:39:43 -------- d-----w- c:\documents and settings\andy.dell320.000\application data\dv2n4pW7E8ZCIrO
2011-11-07 00:36:38 -------- d-----w- c:\documents and settings\andy.dell320.000\application data\QaQH6dWK7R9
2011-11-07 00:36:37 -------- d-----w- c:\documents and settings\andy.dell320.000\application data\rgTXqjYCeIrO
2011-11-07 00:17:39 461824 --sha-w- c:\documents and settings\all users\application data\HPYpbHtCoK.exe
2011-11-07 00:16:27 102400 ---ha-w- c:\documents and settings\andy.dell320.000\application data\dwme.exe
2011-11-07 00:16:27 -------- d--h--w- c:\documents and settings\andy.dell320.000\application data\CllOOttzP0cSiv3
2011-11-07 00:16:26 1783296 ---ha-w- c:\windows\system32\n7E8TqYCwkIr.exe
2011-11-07 00:16:26 -------- d--h--w- c:\documents and settings\andy.dell320.000\application data\HBzNc1v2n4m
2011-11-06 20:48:03 -------- d--h--w- c:\windows\system32\MpEngineStore
2011-11-06 17:02:32 -------- d--h--w- c:\documents and settings\andy.dell320.000\local settings\application data\Opera
2011-11-05 15:17:14 -------- d--h--w- c:\documents and settings\andy.dell320.000\application data\Avira
2011-11-05 14:48:35 -------- d--h--w- c:\documents and settings\andy.dell320.000\application data\Malwarebytes
2011-10-20 21:16:20 -------- d--h--w- c:\documents and settings\andy.dell320.000\local settings\application data\Identities
2011-10-11 23:33:49 -------- d-sh--w- c:\documents and settings\andy.dell320.000\PrivacIE
2011-10-11 23:26:12 -------- d-sh--w- c:\documents and settings\andy.dell320.000\IETldCache
2011-10-11 11:07:06 -------- d--h--w- c:\documents and settings\andy.dell320.000\local settings\application data\Microsoft
2011-10-11 11:05:22 -------- d--h--w- C:\Sun
.
==================== Find3M ====================
.
2011-09-04 01:34:14 0 ---ha-w- c:\documents and settings\all users\application data\duxn.exe
2011-09-04 01:34:14 0 ---ha-w- c:\documents and settings\all users\application data\ckyk.exe
2011-09-04 01:34:13 0 ---ha-w- c:\documents and settings\all users\application data\fcns.exe
2011-09-04 01:34:13 0 ---ha-w- c:\documents and settings\all users\application data\afae.exe
2011-08-31 21:00:50 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD082GJ rev.JE100-15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A16F10]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x804EE136] -> \Device\Harddisk0\DR0[0x86D37AB8]
3 CLASSPNP[0xF76B505B] -> ntkrnlpa!IofCallDriver[0x804EE136] -> [0x86AF74E0]
\Driver\00001910[0x86AF6208] -> IRP_MJ_CREATE -> 0x86A16F10
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86D4F31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:57:44.71 ===============




Edited by Orange Blossom, 07 November 2011 - 04:56 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 09 November 2011 - 01:18 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 11 November 2011 - 08:35 PM

Hi and Thanks for replying!

I will need to do this remotely and may take longer, but I think maybe I can make it in five days.

Thanks very much for your help

Regards


D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 11 November 2011 - 08:46 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 12 November 2011 - 12:34 AM

Hey Gringo,

So,

1. Downloaded Combofix, saved it and then ran it.

2. It rebooted itself.

3. Skype and Antivira loaded while Combofix was loading after the reboot.

4. Combofix produced the report below. The computer is now a little faster.


ComboFix 11-11-11.06 - andy 11/11/2011 23:42:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.569 [GMT -5:00]
Running from: c:\documents and settings\andy.DELL320.000\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\HPYpbHtCoK.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\andy.DELL320.000\Application Data\dwme.exe
C:\Recycle.Bin
c:\recycle.bin\923BF06DC0C0C71
c:\recycle.bin\B6232F3A05B.exe
c:\windows\$NtUninstallKB63517$\1072150177
c:\windows\$NtUninstallKB63517$\2515627500\@
c:\windows\$NtUninstallKB63517$\2515627500\cfg.ini
c:\windows\$NtUninstallKB63517$\2515627500\Desktop.ini
c:\windows\$NtUninstallKB63517$\2515627500\keywords
c:\windows\$NtUninstallKB63517$\2515627500\L\iahonoel
c:\windows\$NtUninstallKB63517$\2515627500\U\00000001.@
c:\windows\$NtUninstallKB63517$\2515627500\U\00000002.@
c:\windows\$NtUninstallKB63517$\2515627500\U\00000004.@
c:\windows\$NtUninstallKB63517$\2515627500\U\80000000.@
c:\windows\$NtUninstallKB63517$\2515627500\U\80000004.@
c:\windows\$NtUninstallKB63517$\2515627500\U\80000032.@
c:\windows\$NtUninstallKB63517$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRV11B4
-------\Service_srv11B4
.
.
((((((((((((((((((((((((( Files Created from 2011-10-12 to 2011-11-12 )))))))))))))))))))))))))))))))
.
.
2011-11-07 01:41 . 2011-11-07 01:41 446962 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-07 01:39 . 2011-11-07 01:39 -------- d-----w- c:\documents and settings\andy.DELL320.000\Application Data\ZuciFna6W
2011-11-07 01:39 . 2011-11-07 01:39 -------- d-----w- c:\documents and settings\andy.DELL320.000\Application Data\dv2n4pW7E8ZCIrO
2011-11-07 00:36 . 2011-11-07 00:36 -------- d-----w- c:\documents and settings\andy.DELL320.000\Application Data\QaQH6dWK7R9
2011-11-07 00:36 . 2011-11-07 00:36 -------- d-----w- c:\documents and settings\andy.DELL320.000\Application Data\rgTXqjYCeIrO
2011-11-07 00:16 . 2011-11-07 00:16 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\CllOOttzP0cSiv3
2011-11-07 00:16 . 2011-11-07 00:16 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\HBzNc1v2n4m
2011-11-06 20:48 . 2011-11-07 00:08 -------- d--h--w- c:\windows\system32\MpEngineStore
2011-11-06 17:02 . 2011-11-06 17:02 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Opera
2011-11-06 17:01 . 2011-11-06 17:02 -------- d--h--w- c:\program files\Opera
2011-11-05 15:17 . 2011-11-05 15:17 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\Avira
2011-11-05 14:48 . 2011-11-05 14:48 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\Malwarebytes
2011-10-20 21:16 . 2011-10-20 21:16 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Identities
2011-10-16 00:03 . 2011-11-12 05:11 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\Skype
2011-10-13 11:21 . 2011-10-13 11:21 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\vlc
2011-10-13 11:05 . 2011-11-06 15:35 -------- d--h--w- c:\documents and settings\andy.DELL320.000\Application Data\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 01:34 . 2011-09-04 01:34 0 ---ha-w- c:\documents and settings\All Users\Application Data\duxn.exe
2011-09-04 01:34 . 2011-09-04 01:34 0 ---ha-w- c:\documents and settings\All Users\Application Data\ckyk.exe
2011-09-04 01:34 . 2011-09-04 01:34 0 ---ha-w- c:\documents and settings\All Users\Application Data\fcns.exe
2011-09-04 01:34 . 2011-09-04 01:34 0 ---ha-w- c:\documents and settings\All Users\Application Data\afae.exe
2011-08-31 21:00 . 2010-05-09 21:30 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ---ha-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ---ha-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-07 11:07 . 2011-04-02 17:52 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22182:TCP"= 22182:TCP:spport
"16620:TCP"= 16620:TCP:spport
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [18/09/2007 10:36 PM 3456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/07/2010 12:12 PM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/05/2010 4:31 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/05/2010 4:30 PM 22216]
S1 txpojmkg;txpojmkg;\??\c:\windows\system32\drivers\txpojmkg.sys --> c:\windows\system32\drivers\txpojmkg.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 gupdate1caf2abb04b3f32;Google Update Service (gupdate1caf2abb04b3f32);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 9:50 AM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 9:50 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:50]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:50]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1018855857-712167752-968647147-1007Core.job
- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-11 23:37]
.
2011-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1018855857-712167752-968647147-1007UA.job
- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-11 23:37]
.
2011-11-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-07-04 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070918
TCP: DhcpNameServer = 64.71.255.198
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mozilla Firefox 6.0.2 (x86 en-US) - c:\program files\Mozilla Firefox\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 00:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD082GJ rev.JE100-15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86B7A31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(716)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\System32\ping.exe
.
**************************************************************************
.
Completion time: 2011-11-12 00:25:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-12 05:25
.
Pre-Run: 137,052,160 bytes free
Post-Run: 337,854,464 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3AFC8EE6D6B334B5CAD1CFAC411F6D3D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 12 November 2011 - 11:47 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 12 November 2011 - 08:56 PM

Hello Gringo,

Thanks a tonne for your help so far. So here goes,

1. Downloaded, saved and then ran TDSSKiller

2. It identified Rootkit and cured it (there were two of them)

3. It automatically requested a reboot and I complied

4. Obtained a report from the C:/ drive and have pasted it below:

20:34:50.0937 3080 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
20:34:51.0031 3080 ============================================================
20:34:51.0031 3080 Current date / time: 2011/11/12 20:34:51.0031
20:34:51.0031 3080 SystemInfo:
20:34:51.0031 3080
20:34:51.0031 3080 OS Version: 5.1.2600 ServicePack: 2.0
20:34:51.0031 3080 Product type: Workstation
20:34:51.0031 3080 ComputerName: DELL320
20:34:51.0031 3080 UserName: andy
20:34:51.0031 3080 Windows directory: C:\WINDOWS
20:34:51.0031 3080 System windows directory: C:\WINDOWS
20:34:51.0031 3080 Processor architecture: Intel x86
20:34:51.0031 3080 Number of processors: 1
20:34:51.0031 3080 Page size: 0x1000
20:34:51.0031 3080 Boot type: Normal boot
20:34:51.0031 3080 ============================================================
20:34:52.0843 3080 Initialize success
20:34:54.0328 3260 ============================================================
20:34:54.0328 3260 Scan started
20:34:54.0328 3260 Mode: Manual;
20:34:54.0328 3260 ============================================================
20:34:55.0843 3260 Abiosdsk - ok
20:34:55.0890 3260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:34:55.0890 3260 abp480n5 - ok
20:34:55.0937 3260 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:34:55.0953 3260 ACPI - ok
20:34:56.0000 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:34:56.0000 3260 ACPIEC - ok
20:34:56.0031 3260 ADIHdAudAddService (f959f333a01f5c109e9d644c3bd8301c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
20:34:56.0046 3260 ADIHdAudAddService - ok
20:34:56.0078 3260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:34:56.0078 3260 adpu160m - ok
20:34:56.0125 3260 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
20:34:56.0125 3260 aec - ok
20:34:56.0156 3260 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
20:34:56.0156 3260 AFD - ok
20:34:56.0234 3260 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:34:56.0234 3260 agp440 - ok
20:34:56.0265 3260 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:34:56.0265 3260 agpCPQ - ok
20:34:56.0296 3260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:34:56.0296 3260 Aha154x - ok
20:34:56.0328 3260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:34:56.0328 3260 aic78u2 - ok
20:34:56.0359 3260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:34:56.0359 3260 aic78xx - ok
20:34:56.0390 3260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:34:56.0390 3260 AliIde - ok
20:34:56.0421 3260 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:34:56.0421 3260 alim1541 - ok
20:34:56.0453 3260 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:34:56.0453 3260 amdagp - ok
20:34:56.0484 3260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:34:56.0484 3260 amsint - ok
20:34:56.0531 3260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:34:56.0531 3260 asc - ok
20:34:56.0562 3260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:34:56.0562 3260 asc3350p - ok
20:34:56.0578 3260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:34:56.0578 3260 asc3550 - ok
20:34:56.0625 3260 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:34:56.0625 3260 AsyncMac - ok
20:34:56.0656 3260 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:34:56.0656 3260 atapi - ok
20:34:56.0671 3260 Atdisk - ok
20:34:56.0796 3260 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:34:56.0843 3260 ati2mtag - ok
20:34:57.0046 3260 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
20:34:57.0046 3260 atiide - ok
20:34:57.0062 3260 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:34:57.0062 3260 Atmarpc - ok
20:34:57.0125 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:34:57.0125 3260 audstub - ok
20:34:57.0203 3260 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:34:57.0203 3260 avgio - ok
20:34:57.0234 3260 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:34:57.0234 3260 avgntflt - ok
20:34:57.0265 3260 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:34:57.0265 3260 avipbb - ok
20:34:57.0296 3260 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:34:57.0296 3260 bcm4sbxp - ok
20:34:57.0328 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:34:57.0328 3260 Beep - ok
20:34:57.0343 3260 catchme - ok
20:34:57.0375 3260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:34:57.0375 3260 cbidf - ok
20:34:57.0390 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:34:57.0390 3260 cbidf2k - ok
20:34:57.0453 3260 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:34:57.0453 3260 CCDECODE - ok
20:34:57.0484 3260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:34:57.0484 3260 cd20xrnt - ok
20:34:57.0515 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:34:57.0515 3260 Cdaudio - ok
20:34:57.0546 3260 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:34:57.0546 3260 Cdfs - ok
20:34:57.0578 3260 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:34:57.0578 3260 Cdrom - ok
20:34:57.0609 3260 Changer - ok
20:34:57.0796 3260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:34:57.0796 3260 CmdIde - ok
20:34:57.0906 3260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:34:57.0906 3260 Cpqarray - ok
20:34:57.0953 3260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:34:57.0953 3260 dac2w2k - ok
20:34:57.0984 3260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:34:57.0984 3260 dac960nt - ok
20:34:58.0031 3260 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:34:58.0031 3260 Disk - ok
20:34:58.0078 3260 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:34:58.0093 3260 dmboot - ok
20:34:58.0109 3260 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:34:58.0125 3260 dmio - ok
20:34:58.0140 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:34:58.0140 3260 dmload - ok
20:34:58.0187 3260 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:34:58.0187 3260 DMusic - ok
20:34:58.0234 3260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:34:58.0234 3260 dpti2o - ok
20:34:58.0265 3260 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:34:58.0265 3260 drmkaud - ok
20:34:58.0343 3260 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
20:34:58.0343 3260 DSproct - ok
20:34:58.0375 3260 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:34:58.0375 3260 E100B - ok
20:34:58.0421 3260 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:34:58.0437 3260 Fastfat - ok
20:34:58.0468 3260 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:34:58.0468 3260 Fdc - ok
20:34:58.0500 3260 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:34:58.0515 3260 Fips - ok
20:34:58.0546 3260 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:34:58.0546 3260 Flpydisk - ok
20:34:58.0593 3260 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:34:58.0609 3260 FltMgr - ok
20:34:58.0625 3260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:34:58.0625 3260 Fs_Rec - ok
20:34:58.0640 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:34:58.0640 3260 Ftdisk - ok
20:34:58.0671 3260 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:34:58.0671 3260 Gpc - ok
20:34:58.0718 3260 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:34:58.0718 3260 HDAudBus - ok
20:34:58.0781 3260 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:34:58.0781 3260 HidUsb - ok
20:34:58.0812 3260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:34:58.0812 3260 hpn - ok
20:34:58.0859 3260 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:34:58.0859 3260 HPZid412 - ok
20:34:58.0875 3260 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:34:58.0875 3260 HPZipr12 - ok
20:34:58.0921 3260 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:34:58.0921 3260 HPZius12 - ok
20:34:58.0968 3260 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
20:34:58.0984 3260 HTTP - ok
20:34:59.0000 3260 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:34:59.0015 3260 i2omgmt - ok
20:34:59.0031 3260 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:34:59.0031 3260 i2omp - ok
20:34:59.0062 3260 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:34:59.0062 3260 i8042prt - ok
20:34:59.0093 3260 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:34:59.0093 3260 Imapi - ok
20:34:59.0125 3260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:34:59.0125 3260 ini910u - ok
20:34:59.0156 3260 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:34:59.0156 3260 IntelIde - ok
20:34:59.0187 3260 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:34:59.0187 3260 intelppm - ok
20:34:59.0203 3260 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:34:59.0203 3260 Ip6Fw - ok
20:34:59.0234 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:34:59.0234 3260 IpFilterDriver - ok
20:34:59.0265 3260 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:34:59.0265 3260 IpInIp - ok
20:34:59.0312 3260 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:34:59.0312 3260 IpNat - ok
20:34:59.0328 3260 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:34:59.0328 3260 IPSec - ok
20:34:59.0359 3260 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:34:59.0359 3260 IRENUM - ok
20:34:59.0390 3260 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:34:59.0390 3260 isapnp - ok
20:34:59.0421 3260 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:34:59.0421 3260 Kbdclass - ok
20:34:59.0453 3260 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:34:59.0453 3260 kbdhid - ok
20:34:59.0515 3260 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
20:34:59.0515 3260 kmixer - ok
20:34:59.0562 3260 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
20:34:59.0562 3260 KSecDD - ok
20:34:59.0593 3260 lbrtfdc - ok
20:34:59.0656 3260 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
20:34:59.0656 3260 LVUSBSta - ok
20:34:59.0687 3260 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
20:34:59.0687 3260 MBAMProtector - ok
20:34:59.0703 3260 MBAMSwissArmy - ok
20:34:59.0734 3260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:34:59.0750 3260 mnmdd - ok
20:34:59.0765 3260 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:34:59.0781 3260 Modem - ok
20:34:59.0796 3260 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:34:59.0796 3260 Mouclass - ok
20:34:59.0812 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:34:59.0812 3260 mouhid - ok
20:34:59.0843 3260 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:34:59.0843 3260 MountMgr - ok
20:34:59.0875 3260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:34:59.0875 3260 mraid35x - ok
20:34:59.0921 3260 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:34:59.0921 3260 MRxDAV - ok
20:34:59.0984 3260 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:35:00.0000 3260 MRxSmb - ok
20:35:00.0015 3260 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:35:00.0015 3260 Msfs - ok
20:35:00.0062 3260 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:35:00.0062 3260 MSKSSRV - ok
20:35:00.0109 3260 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:35:00.0109 3260 MSPCLOCK - ok
20:35:00.0125 3260 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:35:00.0125 3260 MSPQM - ok
20:35:00.0156 3260 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:35:00.0156 3260 mssmbios - ok
20:35:00.0218 3260 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
20:35:00.0218 3260 MSTEE - ok
20:35:00.0234 3260 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:35:00.0234 3260 Mup - ok
20:35:00.0296 3260 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:35:00.0296 3260 NABTSFEC - ok
20:35:00.0328 3260 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:35:00.0328 3260 NDIS - ok
20:35:00.0375 3260 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:35:00.0375 3260 NdisIP - ok
20:35:00.0421 3260 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:35:00.0421 3260 NdisTapi - ok
20:35:00.0437 3260 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:35:00.0453 3260 Ndisuio - ok
20:35:00.0468 3260 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:35:00.0468 3260 NdisWan - ok
20:35:00.0484 3260 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:35:00.0500 3260 NDProxy - ok
20:35:00.0531 3260 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:35:00.0531 3260 NetBIOS - ok
20:35:00.0562 3260 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:35:00.0562 3260 NetBT - ok
20:35:00.0609 3260 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:35:00.0609 3260 Npfs - ok
20:35:00.0671 3260 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
20:35:00.0671 3260 Ntfs - ok
20:35:00.0703 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:35:00.0703 3260 Null - ok
20:35:00.0796 3260 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:35:00.0812 3260 nv - ok
20:35:00.0843 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:35:00.0843 3260 NwlnkFlt - ok
20:35:00.0859 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:35:00.0875 3260 NwlnkFwd - ok
20:35:00.0906 3260 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:35:00.0906 3260 Parport - ok
20:35:00.0953 3260 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:35:00.0953 3260 PartMgr - ok
20:35:00.0968 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:35:00.0968 3260 ParVdm - ok
20:35:01.0000 3260 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:35:01.0000 3260 PCI - ok
20:35:01.0015 3260 PCIDump - ok
20:35:01.0046 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:35:01.0046 3260 PCIIde - ok
20:35:01.0078 3260 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:35:01.0078 3260 Pcmcia - ok
20:35:01.0093 3260 PDCOMP - ok
20:35:01.0109 3260 PDFRAME - ok
20:35:01.0125 3260 PDRELI - ok
20:35:01.0140 3260 PDRFRAME - ok
20:35:01.0171 3260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:35:01.0171 3260 perc2 - ok
20:35:01.0203 3260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:35:01.0203 3260 perc2hib - ok
20:35:01.0250 3260 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:35:01.0265 3260 PptpMiniport - ok
20:35:01.0281 3260 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:35:01.0281 3260 PSched - ok
20:35:01.0296 3260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:35:01.0296 3260 Ptilink - ok
20:35:01.0390 3260 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
20:35:01.0406 3260 QCMerced - ok
20:35:01.0421 3260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:35:01.0421 3260 ql1080 - ok
20:35:01.0437 3260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:35:01.0437 3260 Ql10wnt - ok
20:35:01.0468 3260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:35:01.0468 3260 ql12160 - ok
20:35:01.0500 3260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:35:01.0500 3260 ql1240 - ok
20:35:01.0531 3260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:35:01.0531 3260 ql1280 - ok
20:35:01.0562 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:35:01.0562 3260 RasAcd - ok
20:35:01.0578 3260 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:35:01.0578 3260 Rasl2tp - ok
20:35:01.0625 3260 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:35:01.0625 3260 RasPppoe - ok
20:35:01.0640 3260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:35:01.0640 3260 Raspti - ok
20:35:01.0687 3260 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:35:01.0687 3260 Rdbss - ok
20:35:01.0718 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:35:01.0718 3260 RDPCDD - ok
20:35:01.0750 3260 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:35:01.0750 3260 rdpdr - ok
20:35:01.0781 3260 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
20:35:01.0796 3260 RDPWD - ok
20:35:01.0828 3260 redbook (b19b286a7b3a23960a8b56dc87f7d4f0) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:35:01.0828 3260 redbook ( Rootkit.Win32.ZAccess.j ) - infected
20:35:01.0828 3260 redbook - detected Rootkit.Win32.ZAccess.j (0)
20:35:01.0906 3260 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
20:35:01.0906 3260 SDDMI2 - ok
20:35:01.0953 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:35:01.0953 3260 Secdrv - ok
20:35:02.0000 3260 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
20:35:02.0015 3260 SenFiltService - ok
20:35:02.0062 3260 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:35:02.0062 3260 serenum - ok
20:35:02.0078 3260 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:35:02.0078 3260 Serial - ok
20:35:02.0093 3260 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:35:02.0093 3260 Sfloppy - ok
20:35:02.0125 3260 Simbad - ok
20:35:02.0156 3260 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:35:02.0156 3260 sisagp - ok
20:35:02.0203 3260 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:35:02.0203 3260 SLIP - ok
20:35:02.0234 3260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:35:02.0234 3260 Sparrow - ok
20:35:02.0281 3260 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
20:35:02.0281 3260 splitter - ok
20:35:02.0312 3260 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:35:02.0312 3260 sr - ok
20:35:02.0375 3260 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
20:35:02.0390 3260 Srv - ok
20:35:02.0437 3260 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:35:02.0437 3260 ssmdrv - ok
20:35:02.0468 3260 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:35:02.0468 3260 streamip - ok
20:35:02.0500 3260 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:35:02.0515 3260 swenum - ok
20:35:02.0546 3260 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:35:02.0546 3260 swmidi - ok
20:35:02.0593 3260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:35:02.0593 3260 symc810 - ok
20:35:02.0640 3260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:35:02.0640 3260 symc8xx - ok
20:35:02.0656 3260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:35:02.0656 3260 sym_hi - ok
20:35:02.0671 3260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:35:02.0687 3260 sym_u3 - ok
20:35:02.0703 3260 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:35:02.0718 3260 sysaudio - ok
20:35:02.0781 3260 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:35:02.0781 3260 Tcpip - ok
20:35:02.0812 3260 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:35:02.0812 3260 TDPIPE - ok
20:35:02.0843 3260 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:35:02.0843 3260 TDTCP - ok
20:35:02.0875 3260 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:35:02.0875 3260 TermDD - ok
20:35:02.0921 3260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:35:02.0921 3260 TosIde - ok
20:35:02.0953 3260 txpojmkg - ok
20:35:02.0968 3260 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:35:02.0984 3260 Udfs - ok
20:35:03.0000 3260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:35:03.0015 3260 ultra - ok
20:35:03.0046 3260 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
20:35:03.0062 3260 Update - ok
20:35:03.0140 3260 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
20:35:03.0140 3260 usbaudio - ok
20:35:03.0171 3260 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:35:03.0187 3260 usbccgp - ok
20:35:03.0203 3260 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:35:03.0203 3260 usbehci - ok
20:35:03.0234 3260 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:35:03.0234 3260 usbhub - ok
20:35:03.0265 3260 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:35:03.0265 3260 usbohci - ok
20:35:03.0281 3260 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:35:03.0281 3260 usbprint - ok
20:35:03.0343 3260 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:35:03.0343 3260 usbscan - ok
20:35:03.0375 3260 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:35:03.0375 3260 USBSTOR - ok
20:35:03.0406 3260 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:35:03.0406 3260 usbuhci - ok
20:35:03.0437 3260 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:35:03.0437 3260 VgaSave - ok
20:35:03.0468 3260 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:35:03.0468 3260 viaagp - ok
20:35:03.0500 3260 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:35:03.0515 3260 ViaIde - ok
20:35:03.0546 3260 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:35:03.0546 3260 VolSnap - ok
20:35:03.0593 3260 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:35:03.0593 3260 Wanarp - ok
20:35:03.0625 3260 WDICA - ok
20:35:03.0656 3260 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
20:35:03.0656 3260 wdmaud - ok
20:35:03.0750 3260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:35:03.0750 3260 WS2IFSL - ok
20:35:03.0796 3260 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:35:03.0796 3260 WSTCODEC - ok
20:35:03.0843 3260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:35:03.0843 3260 WudfPf - ok
20:35:03.0875 3260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:35:03.0875 3260 WudfRd - ok
20:35:03.0953 3260 ZSMC301b (c56186d355078f933b08b0858d48bdfc) C:\WINDOWS\system32\Drivers\usbVM31b.sys
20:35:03.0953 3260 ZSMC301b - ok
20:35:03.0984 3260 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
20:35:03.0984 3260 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
20:35:03.0984 3260 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
20:35:04.0000 3260 Boot (0x1200) (afee170445e048892662edc25c40e56a) \Device\Harddisk0\DR0\Partition0
20:35:04.0000 3260 \Device\Harddisk0\DR0\Partition0 - ok
20:35:04.0015 3260 ============================================================
20:35:04.0015 3260 Scan finished
20:35:04.0015 3260 ============================================================
20:35:04.0031 3456 Detected object count: 2
20:35:04.0031 3456 Actual detected object count: 2
20:35:31.0671 3456 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813
20:35:33.0031 3456 Backup copy found, using it..
20:35:33.0062 3456 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
20:35:34.0359 3456 redbook ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
20:35:34.0406 3456 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
20:35:34.0406 3456 \Device\Harddisk0\DR0 - ok
20:35:34.0406 3456 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
20:35:39.0593 1388 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 12 November 2011 - 09:05 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
c:\documents and settings\All Users\Application Data\duxn.exe
c:\documents and settings\All Users\Application Data\ckyk.exe
c:\documents and settings\All Users\Application Data\fcns.exe
c:\documents and settings\All Users\Application Data\afae.exe


Folder::
c:\documents and settings\andy.DELL320.000\Application Data\ZuciFna6W
c:\documents and settings\andy.DELL320.000\Application Data\dv2n4pW7E8ZCIrO
c:\documents and settings\andy.DELL320.000\Application Data\QaQH6dWK7R9
c:\documents and settings\andy.DELL320.000\Application Data\rgTXqjYCeIrO
c:\documents and settings\andy.DELL320.000\Application Data\CllOOttzP0cSiv3
c:\documents and settings\andy.DELL320.000\Application Data\HBzNc1v2n4m


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[b]"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 14 November 2011 - 11:46 PM

Hi Gringo,

Thanks for your continuing help.

1. Desktop icons that had disappeared when my computer was initially attacked by the virus still have not come back. However those that went away after I rebooted, just came back.

2. The computer seems a lot faster now.

3. Find report below:

ComboFix 11-11-11.06 - andy 14/11/2011 23:26:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.990.526 [GMT -5:00]
Running from: c:\documents and settings\andy.DELL320.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\andy.DELL320.000\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\documents and settings\All Users\Application Data\afae.exe"
"c:\documents and settings\All Users\Application Data\ckyk.exe"
"c:\documents and settings\All Users\Application Data\duxn.exe"
"c:\documents and settings\All Users\Application Data\fcns.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\afae.exe
c:\documents and settings\All Users\Application Data\ckyk.exe
c:\documents and settings\All Users\Application Data\duxn.exe
c:\documents and settings\All Users\Application Data\fcns.exe
c:\documents and settings\andy.DELL320.000\Application Data\CllOOttzP0cSiv3
c:\documents and settings\andy.DELL320.000\Application Data\dv2n4pW7E8ZCIrO
c:\documents and settings\andy.DELL320.000\Application Data\HBzNc1v2n4m
c:\documents and settings\andy.DELL320.000\Application Data\ldr.ini
c:\documents and settings\andy.DELL320.000\Application Data\QaQH6dWK7R9
c:\documents and settings\andy.DELL320.000\Application Data\QaQH6dWK7R9\System Security 2012.ico
c:\documents and settings\andy.DELL320.000\Application Data\rgTXqjYCeIrO
c:\documents and settings\andy.DELL320.000\Application Data\ZuciFna6W
c:\documents and settings\andy.DELL320.000\Application Data\ZuciFna6W\System Security 2012.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-07 01:41 . 2011-11-07 01:41 446962 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-06 20:48 . 2011-11-13 17:03 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-06 17:02 . 2011-11-06 17:02 -------- d-----w- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Opera
2011-11-06 17:01 . 2011-11-06 17:02 -------- d-----w- c:\program files\Opera
2011-11-05 15:17 . 2011-11-05 15:17 -------- d-----w- c:\documents and settings\andy.DELL320.000\Application Data\Avira
2011-11-05 14:48 . 2011-11-05 14:48 -------- d-----w- c:\documents and settings\andy.DELL320.000\Application Data\Malwarebytes
2011-10-20 21:16 . 2011-10-20 21:16 -------- d-----w- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 01:35 . 2004-08-11 21:09 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-31 21:00 . 2010-05-09 21:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-07 11:07 . 2011-04-02 17:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-12_05.11.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-15 04:34 . 2011-11-15 04:34 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
- 2011-08-10 07:01 . 2011-10-10 18:30 23040 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 23040 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 27136 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 27136 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 11264 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 11264 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 12288 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 12288 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-11-13 17:09 . 2011-11-13 17:09 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-06-18 07:10 . 2011-06-18 07:10 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-02-16 23:22 . 2011-06-18 07:10 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-02-16 23:22 . 2011-11-13 17:12 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-08-10 07:01 . 2011-10-10 18:30 4096 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 4096 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 409600 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 409600 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 286720 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 286720 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 249856 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 249856 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 794624 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 794624 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-08-10 07:01 . 2011-10-10 18:30 135168 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-08-10 07:01 . 2011-11-13 17:09 135168 c:\windows\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-08-10 22:43 . 2011-08-10 22:43 3795968 c:\windows\Installer\34ee52a.msp
+ 2011-07-26 13:17 . 2011-07-26 13:17 6824960 c:\windows\Installer\34ee510.msp
+ 2011-09-07 02:48 . 2011-09-07 02:48 8181248 c:\windows\Installer\34ee4fe.msp
+ 2011-07-27 12:39 . 2011-07-27 12:39 9892352 c:\windows\Installer\34ee4f6.msp
+ 2011-11-03 18:31 . 2011-11-03 18:31 5525504 c:\windows\Installer\34ee4ee.msp
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2007-11-23 16:13 . 2011-10-28 03:04 50295240 c:\windows\system32\MRT.exe
+ 2011-11-13 17:09 . 2011-11-13 17:09 20333568 c:\windows\Installer\34ee534.msp
+ 2011-07-26 21:33 . 2011-07-26 21:33 10984448 c:\windows\Installer\34ee522.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\andy.DELL320.000\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22182:TCP"= 22182:TCP:spport
"16620:TCP"= 16620:TCP:spport
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [18/09/2007 10:36 PM 3456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/07/2010 12:12 PM 136360]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/05/2010 4:31 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/05/2010 4:30 PM 22216]
S1 txpojmkg;txpojmkg;\??\c:\windows\system32\drivers\txpojmkg.sys --> c:\windows\system32\drivers\txpojmkg.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 gupdate1caf2abb04b3f32;Google Update Service (gupdate1caf2abb04b3f32);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 9:50 AM 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2010 9:50 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:50]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 14:50]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1018855857-712167752-968647147-1007Core.job
- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-11 23:37]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1018855857-712167752-968647147-1007UA.job
- c:\documents and settings\andy.DELL320.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-11 23:37]
.
2011-11-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-07-04 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=1070918
TCP: DhcpNameServer = 64.71.255.198
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-63316532.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-14 23:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-14 23:41:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 04:41
ComboFix2.txt 2011-11-12 05:25
.
Pre-Run: 56,274,944 bytes free
Post-Run: 80,031,744 bytes free
.
- - End Of File - - 4CA77CF9745F363B1479BE8F32D4DF2A

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 15 November 2011 - 07:42 AM

Hello

this is what I want you to run first - http://download.bleepingcomputer.com/grinler/unhide.exe


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 15 November 2011 - 03:18 PM

Hello Gringo,

1.I followed all the instructions and no reboot was required.

2.I ran TDSSKiller and have pasted the report below:

15:13:40.0531 1380 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
15:13:40.0890 1380 ============================================================
15:13:40.0890 1380 Current date / time: 2011/11/15 15:13:40.0890
15:13:40.0890 1380 SystemInfo:
15:13:40.0890 1380
15:13:40.0890 1380 OS Version: 5.1.2600 ServicePack: 2.0
15:13:40.0890 1380 Product type: Workstation
15:13:40.0890 1380 ComputerName: DELL320
15:13:40.0890 1380 UserName: andy
15:13:40.0890 1380 Windows directory: C:\WINDOWS
15:13:40.0890 1380 System windows directory: C:\WINDOWS
15:13:40.0890 1380 Processor architecture: Intel x86
15:13:40.0890 1380 Number of processors: 1
15:13:40.0890 1380 Page size: 0x1000
15:13:40.0890 1380 Boot type: Normal boot
15:13:40.0890 1380 ============================================================
15:13:42.0187 1380 Initialize success
15:14:49.0546 2408 ============================================================
15:14:49.0546 2408 Scan started
15:14:49.0546 2408 Mode: Manual;
15:14:49.0546 2408 ============================================================
15:14:50.0046 2408 Abiosdsk - ok
15:14:50.0078 2408 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:14:50.0093 2408 abp480n5 - ok
15:14:50.0109 2408 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:50.0125 2408 ACPI - ok
15:14:50.0140 2408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:14:50.0156 2408 ACPIEC - ok
15:14:50.0187 2408 ADIHdAudAddService (f959f333a01f5c109e9d644c3bd8301c) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:14:50.0187 2408 ADIHdAudAddService - ok
15:14:50.0218 2408 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:14:50.0218 2408 adpu160m - ok
15:14:50.0281 2408 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
15:14:50.0281 2408 aec - ok
15:14:50.0328 2408 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
15:14:50.0328 2408 AFD - ok
15:14:50.0359 2408 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:14:50.0359 2408 agp440 - ok
15:14:50.0390 2408 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:14:50.0390 2408 agpCPQ - ok
15:14:50.0421 2408 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:14:50.0421 2408 Aha154x - ok
15:14:50.0437 2408 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:14:50.0437 2408 aic78u2 - ok
15:14:50.0468 2408 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:14:50.0468 2408 aic78xx - ok
15:14:50.0500 2408 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:14:50.0500 2408 AliIde - ok
15:14:50.0531 2408 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:14:50.0531 2408 alim1541 - ok
15:14:50.0546 2408 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:14:50.0546 2408 amdagp - ok
15:14:50.0578 2408 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:14:50.0578 2408 amsint - ok
15:14:50.0625 2408 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:14:50.0625 2408 asc - ok
15:14:50.0656 2408 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:14:50.0656 2408 asc3350p - ok
15:14:50.0671 2408 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:14:50.0671 2408 asc3550 - ok
15:14:50.0718 2408 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:50.0718 2408 AsyncMac - ok
15:14:50.0750 2408 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:50.0750 2408 atapi - ok
15:14:50.0765 2408 Atdisk - ok
15:14:50.0890 2408 ati2mtag (c51608bba3248be2f6d21b132910752a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:14:50.0937 2408 ati2mtag - ok
15:14:50.0984 2408 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
15:14:50.0984 2408 atiide - ok
15:14:51.0015 2408 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:51.0015 2408 Atmarpc - ok
15:14:51.0046 2408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:51.0046 2408 audstub - ok
15:14:51.0125 2408 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:14:51.0140 2408 avgio - ok
15:14:51.0156 2408 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:14:51.0171 2408 avgntflt - ok
15:14:51.0187 2408 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:14:51.0187 2408 avipbb - ok
15:14:51.0218 2408 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:14:51.0218 2408 bcm4sbxp - ok
15:14:51.0250 2408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:14:51.0250 2408 Beep - ok
15:14:51.0265 2408 catchme - ok
15:14:51.0296 2408 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:14:51.0296 2408 cbidf - ok
15:14:51.0312 2408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:51.0312 2408 cbidf2k - ok
15:14:51.0375 2408 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:14:51.0375 2408 CCDECODE - ok
15:14:51.0406 2408 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:14:51.0406 2408 cd20xrnt - ok
15:14:51.0437 2408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:51.0437 2408 Cdaudio - ok
15:14:51.0453 2408 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:51.0453 2408 Cdfs - ok
15:14:51.0500 2408 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:51.0500 2408 Cdrom - ok
15:14:51.0515 2408 Changer - ok
15:14:51.0562 2408 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:14:51.0562 2408 CmdIde - ok
15:14:51.0593 2408 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:14:51.0593 2408 Cpqarray - ok
15:14:51.0625 2408 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:14:51.0625 2408 dac2w2k - ok
15:14:51.0640 2408 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:14:51.0640 2408 dac960nt - ok
15:14:51.0687 2408 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:14:51.0687 2408 Disk - ok
15:14:51.0750 2408 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:14:51.0750 2408 dmboot - ok
15:14:51.0781 2408 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:14:51.0781 2408 dmio - ok
15:14:51.0796 2408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:14:51.0796 2408 dmload - ok
15:14:51.0843 2408 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:14:51.0843 2408 DMusic - ok
15:14:51.0890 2408 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:14:51.0890 2408 dpti2o - ok
15:14:51.0921 2408 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:14:51.0921 2408 drmkaud - ok
15:14:52.0000 2408 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
15:14:52.0000 2408 DSproct - ok
15:14:52.0031 2408 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:14:52.0031 2408 E100B - ok
15:14:52.0078 2408 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:14:52.0078 2408 Fastfat - ok
15:14:52.0109 2408 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:14:52.0125 2408 Fdc - ok
15:14:52.0140 2408 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:14:52.0140 2408 Fips - ok
15:14:52.0171 2408 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:14:52.0171 2408 Flpydisk - ok
15:14:52.0218 2408 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:14:52.0218 2408 FltMgr - ok
15:14:52.0234 2408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:14:52.0250 2408 Fs_Rec - ok
15:14:52.0265 2408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:14:52.0265 2408 Ftdisk - ok
15:14:52.0296 2408 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:14:52.0296 2408 Gpc - ok
15:14:52.0343 2408 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:14:52.0343 2408 HDAudBus - ok
15:14:52.0390 2408 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:14:52.0390 2408 HidUsb - ok
15:14:52.0437 2408 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:14:52.0437 2408 hpn - ok
15:14:52.0468 2408 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:14:52.0468 2408 HPZid412 - ok
15:14:52.0484 2408 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:14:52.0484 2408 HPZipr12 - ok
15:14:52.0515 2408 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:14:52.0531 2408 HPZius12 - ok
15:14:52.0578 2408 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
15:14:52.0578 2408 HTTP - ok
15:14:52.0609 2408 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:14:52.0609 2408 i2omgmt - ok
15:14:52.0640 2408 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:14:52.0640 2408 i2omp - ok
15:14:52.0671 2408 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:14:52.0671 2408 i8042prt - ok
15:14:52.0703 2408 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:14:52.0703 2408 Imapi - ok
15:14:52.0734 2408 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:14:52.0734 2408 ini910u - ok
15:14:52.0750 2408 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:14:52.0750 2408 IntelIde - ok
15:14:52.0781 2408 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:14:52.0781 2408 intelppm - ok
15:14:52.0812 2408 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:14:52.0812 2408 Ip6Fw - ok
15:14:52.0843 2408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:14:52.0843 2408 IpFilterDriver - ok
15:14:52.0859 2408 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:14:52.0859 2408 IpInIp - ok
15:14:52.0906 2408 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:14:52.0906 2408 IpNat - ok
15:14:52.0937 2408 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:14:52.0937 2408 IPSec - ok
15:14:52.0968 2408 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:14:52.0968 2408 IRENUM - ok
15:14:53.0000 2408 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:14:53.0000 2408 isapnp - ok
15:14:53.0015 2408 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:14:53.0031 2408 Kbdclass - ok
15:14:53.0078 2408 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:14:53.0078 2408 kbdhid - ok
15:14:53.0125 2408 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
15:14:53.0125 2408 kmixer - ok
15:14:53.0171 2408 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
15:14:53.0171 2408 KSecDD - ok
15:14:53.0203 2408 lbrtfdc - ok
15:14:53.0265 2408 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
15:14:53.0265 2408 LVUSBSta - ok
15:14:53.0312 2408 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
15:14:53.0312 2408 MBAMProtector - ok
15:14:53.0328 2408 MBAMSwissArmy - ok
15:14:53.0359 2408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:14:53.0359 2408 mnmdd - ok
15:14:53.0390 2408 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:14:53.0390 2408 Modem - ok
15:14:53.0421 2408 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:14:53.0421 2408 Mouclass - ok
15:14:53.0437 2408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:14:53.0437 2408 mouhid - ok
15:14:53.0468 2408 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:14:53.0468 2408 MountMgr - ok
15:14:53.0500 2408 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:14:53.0500 2408 mraid35x - ok
15:14:53.0546 2408 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:14:53.0562 2408 MRxDAV - ok
15:14:53.0625 2408 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:14:53.0625 2408 MRxSmb - ok
15:14:53.0656 2408 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:14:53.0656 2408 Msfs - ok
15:14:53.0687 2408 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:14:53.0687 2408 MSKSSRV - ok
15:14:53.0734 2408 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:14:53.0734 2408 MSPCLOCK - ok
15:14:53.0765 2408 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:14:53.0765 2408 MSPQM - ok
15:14:53.0796 2408 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:14:53.0796 2408 mssmbios - ok
15:14:53.0843 2408 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:14:53.0843 2408 MSTEE - ok
15:14:53.0859 2408 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:14:53.0859 2408 Mup - ok
15:14:53.0890 2408 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:14:53.0906 2408 NABTSFEC - ok
15:14:53.0937 2408 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:14:53.0937 2408 NDIS - ok
15:14:53.0968 2408 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:14:53.0968 2408 NdisIP - ok
15:14:54.0015 2408 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:14:54.0015 2408 NdisTapi - ok
15:14:54.0046 2408 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:14:54.0046 2408 Ndisuio - ok
15:14:54.0078 2408 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:14:54.0078 2408 NdisWan - ok
15:14:54.0093 2408 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:14:54.0093 2408 NDProxy - ok
15:14:54.0140 2408 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:14:54.0140 2408 NetBIOS - ok
15:14:54.0171 2408 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:14:54.0171 2408 NetBT - ok
15:14:54.0218 2408 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:14:54.0218 2408 Npfs - ok
15:14:54.0281 2408 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
15:14:54.0296 2408 Ntfs - ok
15:14:54.0343 2408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:14:54.0343 2408 Null - ok
15:14:54.0421 2408 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:14:54.0453 2408 nv - ok
15:14:54.0484 2408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:14:54.0484 2408 NwlnkFlt - ok
15:14:54.0500 2408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:14:54.0500 2408 NwlnkFwd - ok
15:14:54.0546 2408 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:14:54.0546 2408 Parport - ok
15:14:54.0593 2408 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:14:54.0593 2408 PartMgr - ok
15:14:54.0609 2408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:14:54.0609 2408 ParVdm - ok
15:14:54.0640 2408 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:14:54.0640 2408 PCI - ok
15:14:54.0656 2408 PCIDump - ok
15:14:54.0687 2408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:14:54.0687 2408 PCIIde - ok
15:14:54.0718 2408 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:14:54.0718 2408 Pcmcia - ok
15:14:54.0734 2408 PDCOMP - ok
15:14:54.0750 2408 PDFRAME - ok
15:14:54.0765 2408 PDRELI - ok
15:14:54.0781 2408 PDRFRAME - ok
15:14:54.0812 2408 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:14:54.0812 2408 perc2 - ok
15:14:54.0843 2408 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:14:54.0843 2408 perc2hib - ok
15:14:54.0906 2408 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:14:54.0906 2408 PptpMiniport - ok
15:14:54.0937 2408 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:14:54.0937 2408 PSched - ok
15:14:54.0953 2408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:14:54.0953 2408 Ptilink - ok
15:14:55.0046 2408 QCMerced (9a155d31b8e52f41b258282092cc93a7) C:\WINDOWS\system32\DRIVERS\LVCM.sys
15:14:55.0062 2408 QCMerced - ok
15:14:55.0078 2408 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:14:55.0078 2408 ql1080 - ok
15:14:55.0093 2408 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:14:55.0093 2408 Ql10wnt - ok
15:14:55.0125 2408 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:14:55.0125 2408 ql12160 - ok
15:14:55.0156 2408 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:14:55.0156 2408 ql1240 - ok
15:14:55.0171 2408 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:14:55.0187 2408 ql1280 - ok
15:14:55.0203 2408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:14:55.0203 2408 RasAcd - ok
15:14:55.0234 2408 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:14:55.0234 2408 Rasl2tp - ok
15:14:55.0281 2408 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:14:55.0281 2408 RasPppoe - ok
15:14:55.0296 2408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:14:55.0296 2408 Raspti - ok
15:14:55.0328 2408 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:14:55.0343 2408 Rdbss - ok
15:14:55.0359 2408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:14:55.0359 2408 RDPCDD - ok
15:14:55.0390 2408 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:14:55.0390 2408 rdpdr - ok
15:14:55.0437 2408 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
15:14:55.0453 2408 RDPWD - ok
15:14:55.0484 2408 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:14:55.0484 2408 redbook - ok
15:14:55.0562 2408 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
15:14:55.0562 2408 SDDMI2 - ok
15:14:55.0609 2408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:14:55.0609 2408 Secdrv - ok
15:14:55.0640 2408 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
15:14:55.0656 2408 SenFiltService - ok
15:14:55.0671 2408 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:14:55.0671 2408 serenum - ok
15:14:55.0687 2408 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:14:55.0703 2408 Serial - ok
15:14:55.0718 2408 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:14:55.0718 2408 Sfloppy - ok
15:14:55.0750 2408 Simbad - ok
15:14:55.0765 2408 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:14:55.0765 2408 sisagp - ok
15:14:55.0828 2408 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:14:55.0828 2408 SLIP - ok
15:14:55.0859 2408 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:14:55.0859 2408 Sparrow - ok
15:14:55.0906 2408 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
15:14:55.0906 2408 splitter - ok
15:14:55.0937 2408 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:14:55.0937 2408 sr - ok
15:14:56.0000 2408 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
15:14:56.0015 2408 Srv - ok
15:14:56.0062 2408 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:14:56.0062 2408 ssmdrv - ok
15:14:56.0093 2408 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:14:56.0093 2408 streamip - ok
15:14:56.0125 2408 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:14:56.0125 2408 swenum - ok
15:14:56.0156 2408 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:14:56.0156 2408 swmidi - ok
15:14:56.0203 2408 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:14:56.0203 2408 symc810 - ok
15:14:56.0218 2408 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:14:56.0234 2408 symc8xx - ok
15:14:56.0250 2408 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:14:56.0250 2408 sym_hi - ok
15:14:56.0281 2408 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:14:56.0281 2408 sym_u3 - ok
15:14:56.0312 2408 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:14:56.0312 2408 sysaudio - ok
15:14:56.0375 2408 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:14:56.0390 2408 Tcpip - ok
15:14:56.0406 2408 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:14:56.0406 2408 TDPIPE - ok
15:14:56.0437 2408 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:14:56.0437 2408 TDTCP - ok
15:14:56.0468 2408 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:14:56.0468 2408 TermDD - ok
15:14:56.0531 2408 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:14:56.0531 2408 TosIde - ok
15:14:56.0546 2408 txpojmkg - ok
15:14:56.0578 2408 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:14:56.0578 2408 Udfs - ok
15:14:56.0609 2408 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:14:56.0609 2408 ultra - ok
15:14:56.0656 2408 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
15:14:56.0671 2408 Update - ok
15:14:56.0734 2408 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
15:14:56.0734 2408 usbaudio - ok
15:14:56.0781 2408 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:14:56.0781 2408 usbccgp - ok
15:14:56.0796 2408 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:14:56.0796 2408 usbehci - ok
15:14:56.0828 2408 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:14:56.0828 2408 usbhub - ok
15:14:56.0843 2408 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:14:56.0843 2408 usbohci - ok
15:14:56.0875 2408 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:14:56.0875 2408 usbprint - ok
15:14:56.0921 2408 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:14:56.0921 2408 usbscan - ok
15:14:56.0953 2408 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:14:56.0953 2408 USBSTOR - ok
15:14:56.0984 2408 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:14:56.0984 2408 usbuhci - ok
15:14:57.0015 2408 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:14:57.0031 2408 VgaSave - ok
15:14:57.0046 2408 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:14:57.0046 2408 viaagp - ok
15:14:57.0078 2408 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:14:57.0078 2408 ViaIde - ok
15:14:57.0109 2408 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:14:57.0109 2408 VolSnap - ok
15:14:57.0156 2408 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:14:57.0156 2408 Wanarp - ok
15:14:57.0171 2408 WDICA - ok
15:14:57.0203 2408 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
15:14:57.0218 2408 wdmaud - ok
15:14:57.0296 2408 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:14:57.0296 2408 WS2IFSL - ok
15:14:57.0343 2408 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:14:57.0343 2408 WSTCODEC - ok
15:14:57.0390 2408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:14:57.0406 2408 WudfPf - ok
15:14:57.0421 2408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:14:57.0421 2408 WudfRd - ok
15:14:57.0500 2408 ZSMC301b (c56186d355078f933b08b0858d48bdfc) C:\WINDOWS\system32\Drivers\usbVM31b.sys
15:14:57.0500 2408 ZSMC301b - ok
15:14:57.0531 2408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:14:57.0671 2408 \Device\Harddisk0\DR0 - ok
15:14:57.0671 2408 Boot (0x1200) (afee170445e048892662edc25c40e56a) \Device\Harddisk0\DR0\Partition0
15:14:57.0671 2408 \Device\Harddisk0\DR0\Partition0 - ok
15:14:57.0687 2408 ============================================================
15:14:57.0687 2408 Scan finished
15:14:57.0687 2408 ============================================================
15:14:57.0703 2116 Detected object count: 0
15:14:57.0703 2116 Actual detected object count: 0

#12 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 15 November 2011 - 03:24 PM

Hi Gringo,

I forgot to mention that I have to do some work for my office computer, and I am not sure but I used my memory card while the computer might have been infected. is there any way to see if the flash drive is clean so that I can keep working on it?

Thanks,

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 16 November 2011 - 08:20 AM

Hello

run this one the infected computer with the usb installed - http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/



how is the computer doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:15 PM

Posted 19 November 2011 - 12:28 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 19 November 2011 - 01:25 PM

Hi Gringo,

Thanks for your help,

I think the computer is still running faster than before,

BUT


there were some files that disappeared from my desktop since the virus attacked. Do you think there's a way of bringing them back?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users