Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with redirect virus?


  • Please log in to reply
15 replies to this topic

#1 t.l.martin

t.l.martin

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 01 December 2011 - 06:15 PM

Hello. Based on some webs searches I'm fairly certain I'm infected with some version of what I've seen called the "Google Redirect Virus".

I am using Firefox 8.0 and in the last few weeks it has begun randomly opening new tabs to random pages (WAYN.com being one I've seen repeatedly) or redirecting me from links I have clicked on to entirely new pages (though not when I click on a link from my bookmarks - so far).

I recently installed FireFTP to my browser (have not used it), and that seems to have been the first thing that may have caused problems. I do also watch tv online (usually direct from the television station's website, but sometimes also from Megavideo or Videobb) and I'm wondering if I've picked something up from there.

Some basic system information:
Windows XP - Home Edition 2002, Service pack 3
Dell Inspiron M1710
TrendMicro Internet Security Version 17.1.1368 (Engine 9.500.1005; Pattern 8.615.50)
My protection levels for web browsing and for the Trend Micro firewall are both at medium

I've run HiJackThis and seen nothing obvious (to me). I have run virus scans using Trend Micro both in regular operating mode and safe mode and nothing has been detected. Malwarebytes also has not detected anything wrong.

Any help is greatly appreciated.

Thanks,
t.l.martin

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 02 December 2011 - 01:28 AM

Welcome aboard Posted Image

Is IE getting redirected as well?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 December 2011 - 10:30 AM

Thanks for the assistance Broni. I really only use Firefox for my web browsing, but I poked around with IE today for a bit and didn't seem to get redirected or have any random pop-ups, but I doubt 15 minutes is all that valid a sampling.

Here's the logs that I've got:


Security Check (after much hassle with Trend Micro trying to block the link I got this open and working :) ):

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Trend Micro Internet Security
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe
Trend Micro Internet Security SfCtlCom.exe
Trend Micro Internet Security UfSeAgnt.exe
Trend Micro BM TMBMSRV.exe
Trend Micro Internet Security TmPfw.exe
Trend Micro Internet Security TmProxy.exe
``````````End of Log````````````




And for MiniToolBox:


MiniToolBox by Farbar
Ran by Theresa (administrator) on 03-12-2011 at 09:37:31
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", ""
"network.proxy.type", 4
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1C-BF-97-0F-CA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.12

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : December 3, 2011 8:50:43 AM

Lease Expires . . . . . . . . . . : December 6, 2011 8:50:43 AM

Server: mymodem
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.17, 74.125.226.16, 74.125.226.20, 74.125.226.18
74.125.226.19

Server: mymodem
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149

Server: mymodem
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c bf 97 0f ca ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.12 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.2.12 192.168.2.12 20
192.168.2.0 255.255.255.0 192.168.2.12 192.168.2.12 25
192.168.2.12 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.12 192.168.2.12 25
224.0.0.0 240.0.0.0 192.168.2.12 192.168.2.12 25
255.255.255.255 255.255.255.255 192.168.2.12 192.168.2.12 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

=========================== Installed Programs ============================

Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Illustrator 9.0 (Version: 9.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe SVG Viewer (Version: 1.0)
Amazon Kindle
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.3.127)
Autodesk SketchBookExpress 2010 R1 (Version: 4.12.0001)
Bonjour (Version: 2.0.3.0)
Broadcom Advanced Control Suite (Version: 8.68.05)
Browser Address Error Redirector (Version: 1.00.0000)
CardRd81 (Version: 4.00.0000.0004)
CCScore (Version: 7.00.0000.0001)
Character Builder (Version: 1.10.0000)
Conexant HDA D110 MDC V.92 Modem
Corel Painter Sketch Pad
Corel SketchPad - ICA (Version: 1.0)
CR2 (Version: 4.00.0000.0003)
Creative Audio Pack
Creative MediaSource 5 (Version: 5.00)
Dell DataSafe Online (Version: 1.0.21)
Dell Support Center (Version: 2.0.07282)
Dell System Restore (Version: 2.00.0000)
Digital Line Detect (Version: 1.15)
DivX Content Uploader (Version: 1.2.1)
DivX Setup (Version: 2.3.0.20)
ESSBrwr (Version: 7.00.0000.0003)
ESSCDBK (Version: 7.00.0000.0002)
ESScore (Version: 7.00.0000.0008)
ESSgui (Version: 7.00.0000.0002)
ESSini (Version: 7.00.0000.0003)
ESSPCD (Version: 7.00.0000.0002)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.00.0000.0002)
GetDataBack for NTFS (Version: 3.30.001)
Guild Wars
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
IconHandler 32 bit (Version: 1.0)
Image Web Server IE Plugin 2,0,0,104 (Version: 2.0.0.104)
Intel® PROSet/Wireless Software (Version: 10.5.1.0)
IPM (Version: 1.1)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
kgcbase (Version: 5.03.0000.0004)
Kodak EasyShare software
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
mCore (Version: 7.20.0000)
mDrWiFi (Version: 7.20.0000)
MediaDirect (Version: 4.7)
messiahStudio5 (Version: 5.0.0)
mHlpDell (Version: 7.20.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 08.05.0818)
mIWA (Version: 7.20.0000)
mLogView (Version: 7.20.0000)
mMHouse (Version: 7.20.0000)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
mPfMgr (Version: 7.20.0000)
mPfWiz (Version: 7.20.0000)
mProSafe (Version: 7.20.0000)
mSSO (Version: 7.20.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
mWlsSafe (Version: 7.20.0000)
mWMI (Version: 7.20.0000)
mXML (Version: 7.20.0000)
mZConfig (Version: 7.20.0000)
netbrdg (Version: 7.00.0000.0003)
NVIDIA Drivers
OfotoXMI (Version: 7.00.0000.0002)
OutlookAddinSetup (Version: 1.0.0)
OverDrive Media Console (Version: 2.1.0)
Painter Sketch Pad (Version: 1.1)
Pando Media Booster (Version: 2.3.4.3)
Picasa 3 (Version: 3.8)
PopCap Browser Plugin
QuickSet (Version: 7.1.16)
QuickTime (Version: 7.69.80.9)
Registration (Version: 01)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
SearchAssist
SFR (Version: 7.00.0000.0004)
SFR2 (Version: 3.03.0000.0002)
SHASTA (Version: 6.04.0000.0001)
skin0001 (Version: 7.00.0000.0002)
SKINXSDK (Version: 7.00.0000.0001)
Skype web features (Version: 1.0.3971)
Skype™ 4.1 (Version: 4.1.179)
Sonic Activation Module (Version: 1.0)
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Sound Blaster Audigy ADVANCED MB Product Registration
staticcr (Version: 7.00.0000.0002)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
The Lord of the Rings Online™ v03.02.03.8013 (Version: 03.02.03.8013)
tooltips (Version: 7.00.0000.0002)
Trend Micro Internet Security (Version: 17.0)
Tropico: Paradise Island
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.0.5 (Version: 1.0.5)
VPRINTOL (Version: 7.00.0000.0001)
Wacom Tablet
WebFldrs XP (Version: 9.50.7523)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WIRELESS (Version: 7.00.0000.0002)
Xiph QuickTime Components

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 2046.39 MB
Available physical RAM: 1318.14 MB
Total Pagefile: 3939.36 MB
Available Pagefile: 3315.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:227.51 GB) (Free:104.08 GB) NTFS
2 Drive d: (WIZARD_OF_OZ_70TH_ANNIVERSARY) (CDROM) (Total:6.67 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\LAPTOP

Administrator Guest HelpAssistant
SUPPORT_388945a0 Theresa


**** End of log ****


And for Malwarebytes:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8297

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03/12/2011 10:28:22 AM
mbam-log-2011-12-03 (10-28-22).txt

Scan type: Quick scan
Objects scanned: 195869
Time elapsed: 15 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And finally, for GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-03 10:03:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_HM250JI rev.HS100-11
Running: 8dw0g24r_GMER.exe; Driver: C:\DOCUME~1\Theresa\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT 89557CC0 ZwCreateKey
SSDT 895571C0 ZwCreateProcess
SSDT 89557480 ZwCreateProcessEx
SSDT 89558B20 ZwCreateThread
SSDT 89558240 ZwDeleteKey
SSDT 89558500 ZwDeleteValueKey
SSDT 89558CC0 ZwLoadDriver
SSDT 89557740 ZwOpenProcess
SSDT 89557F80 ZwSetValueKey
SSDT 89557A00 ZwTerminateProcess
SSDT 89558980 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8419380, 0x21FEFD, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB586D280]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BC000C
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3536] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0146000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0147000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0114000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4676] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4676] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A88231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A88231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A88231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A88231B

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9C072D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB16215$\3701215809 0 bytes
File C:\WINDOWS\$NtUninstallKB16215$\3726253746 0 bytes
File C:\WINDOWS\$NtUninstallKB16215$\3726253746\L 0 bytes
File C:\WINDOWS\$NtUninstallKB16215$\3726253746\L\odetmngk 138496 bytes
File C:\WINDOWS\$NtUninstallKB16215$\3726253746\U 0 bytes
File C:\WINDOWS\$NtUninstallKB16215$\3726253746\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 03 December 2011 - 11:48 AM

We have couple of issues there starting with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 December 2011 - 01:55 PM

Here the TDSS log:

13:48:56.0468 0668 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:48:56.0890 0668 ============================================================
13:48:56.0890 0668 Current date / time: 2011/12/03 13:48:56.0890
13:48:56.0890 0668 SystemInfo:
13:48:56.0890 0668
13:48:56.0890 0668 OS Version: 5.1.2600 ServicePack: 3.0
13:48:56.0890 0668 Product type: Workstation
13:48:56.0890 0668 ComputerName: LAPTOP
13:48:56.0890 0668 UserName: Theresa
13:48:56.0890 0668 Windows directory: C:\WINDOWS
13:48:56.0890 0668 System windows directory: C:\WINDOWS
13:48:56.0890 0668 Processor architecture: Intel x86
13:48:56.0890 0668 Number of processors: 2
13:48:56.0890 0668 Page size: 0x1000
13:48:56.0890 0668 Boot type: Normal boot
13:48:56.0890 0668 ============================================================
13:48:58.0156 0668 Initialize success
13:49:04.0640 4384 ============================================================
13:49:04.0640 4384 Scan started
13:49:04.0640 4384 Mode: Manual;
13:49:04.0640 4384 ============================================================
13:49:06.0203 4384 Abiosdsk - ok
13:49:06.0281 4384 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:49:06.0312 4384 abp480n5 - ok
13:49:06.0375 4384 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:49:06.0375 4384 ACPI - ok
13:49:06.0421 4384 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:49:06.0437 4384 ACPIEC - ok
13:49:06.0453 4384 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:49:06.0500 4384 adpu160m - ok
13:49:06.0531 4384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:49:06.0578 4384 aec - ok
13:49:06.0640 4384 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:49:06.0671 4384 AegisP - ok
13:49:06.0796 4384 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:49:06.0796 4384 AFD - ok
13:49:06.0812 4384 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:49:06.0843 4384 agp440 - ok
13:49:06.0859 4384 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:49:06.0890 4384 agpCPQ - ok
13:49:06.0906 4384 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:49:06.0937 4384 Aha154x - ok
13:49:06.0953 4384 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:49:06.0984 4384 aic78u2 - ok
13:49:07.0000 4384 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:49:07.0031 4384 aic78xx - ok
13:49:07.0046 4384 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:49:07.0062 4384 AliIde - ok
13:49:07.0078 4384 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:49:07.0125 4384 alim1541 - ok
13:49:07.0140 4384 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:49:07.0171 4384 amdagp - ok
13:49:07.0187 4384 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:49:07.0218 4384 amsint - ok
13:49:07.0296 4384 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
13:49:07.0312 4384 APPDRV - ok
13:49:07.0343 4384 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:49:07.0375 4384 Arp1394 - ok
13:49:07.0375 4384 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:49:07.0406 4384 asc - ok
13:49:07.0406 4384 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:49:07.0437 4384 asc3350p - ok
13:49:07.0453 4384 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:49:07.0468 4384 asc3550 - ok
13:49:07.0484 4384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:49:07.0500 4384 AsyncMac - ok
13:49:07.0515 4384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:49:07.0515 4384 atapi - ok
13:49:07.0531 4384 Atdisk - ok
13:49:07.0546 4384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:49:07.0562 4384 Atmarpc - ok
13:49:07.0593 4384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:49:07.0593 4384 audstub - ok
13:49:07.0625 4384 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:49:07.0656 4384 b57w2k - ok
13:49:07.0671 4384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:49:07.0687 4384 Beep - ok
13:49:07.0734 4384 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:49:07.0750 4384 cbidf - ok
13:49:07.0750 4384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:49:07.0765 4384 cbidf2k - ok
13:49:07.0796 4384 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:49:07.0812 4384 cd20xrnt - ok
13:49:07.0812 4384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:49:07.0828 4384 Cdaudio - ok
13:49:07.0843 4384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:49:07.0859 4384 Cdfs - ok
13:49:07.0890 4384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:49:07.0906 4384 Cdrom - ok
13:49:07.0906 4384 Changer - ok
13:49:07.0937 4384 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:49:07.0953 4384 CmBatt - ok
13:49:08.0000 4384 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:49:08.0000 4384 CmdIde - ok
13:49:08.0015 4384 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:49:08.0031 4384 Compbatt - ok
13:49:08.0046 4384 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:49:08.0062 4384 Cpqarray - ok
13:49:08.0125 4384 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
13:49:08.0140 4384 ctsfm2k - ok
13:49:08.0156 4384 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
13:49:08.0203 4384 CTUSFSYN - ok
13:49:08.0250 4384 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:49:08.0296 4384 dac2w2k - ok
13:49:08.0312 4384 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:49:08.0328 4384 dac960nt - ok
13:49:08.0343 4384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:49:08.0359 4384 Disk - ok
13:49:08.0421 4384 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
13:49:08.0437 4384 DLABMFSM - ok
13:49:08.0453 4384 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:49:08.0468 4384 DLABOIOM - ok
13:49:08.0484 4384 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:49:08.0500 4384 DLACDBHM - ok
13:49:08.0531 4384 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
13:49:08.0546 4384 DLADResM - ok
13:49:08.0546 4384 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:49:08.0578 4384 DLAIFS_M - ok
13:49:08.0578 4384 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:49:08.0593 4384 DLAOPIOM - ok
13:49:08.0609 4384 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:49:08.0625 4384 DLAPoolM - ok
13:49:08.0640 4384 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
13:49:08.0656 4384 DLARTL_M - ok
13:49:08.0671 4384 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:49:08.0718 4384 DLAUDFAM - ok
13:49:08.0734 4384 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:49:08.0765 4384 DLAUDF_M - ok
13:49:08.0812 4384 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:49:08.0875 4384 dmboot - ok
13:49:08.0906 4384 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:49:08.0921 4384 dmio - ok
13:49:08.0953 4384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:49:08.0968 4384 dmload - ok
13:49:09.0000 4384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:49:09.0031 4384 DMusic - ok
13:49:09.0078 4384 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:49:09.0093 4384 dpti2o - ok
13:49:09.0109 4384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:49:09.0125 4384 drmkaud - ok
13:49:09.0140 4384 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:49:09.0156 4384 DRVMCDB - ok
13:49:09.0171 4384 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:49:09.0187 4384 DRVNDDM - ok
13:49:09.0234 4384 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:49:09.0265 4384 E100B - ok
13:49:09.0312 4384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:49:09.0328 4384 Fastfat - ok
13:49:09.0375 4384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:49:09.0390 4384 Fdc - ok
13:49:09.0437 4384 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:49:09.0453 4384 Fips - ok
13:49:09.0468 4384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:49:09.0484 4384 Flpydisk - ok
13:49:09.0500 4384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:49:09.0515 4384 FltMgr - ok
13:49:09.0546 4384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:49:09.0546 4384 Fs_Rec - ok
13:49:09.0562 4384 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:49:09.0593 4384 Ftdisk - ok
13:49:09.0656 4384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:49:09.0687 4384 GEARAspiWDM - ok
13:49:09.0718 4384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:49:09.0750 4384 Gpc - ok
13:49:09.0765 4384 guardian2 (50113353ded9a0772741a1c6aa908fa7) C:\WINDOWS\system32\Drivers\oz776.sys
13:49:09.0781 4384 guardian2 - ok
13:49:09.0796 4384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:49:09.0828 4384 HDAudBus - ok
13:49:09.0843 4384 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:49:09.0859 4384 HidUsb - ok
13:49:09.0875 4384 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:49:09.0906 4384 hpn - ok
13:49:09.0968 4384 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
13:49:10.0046 4384 HSF_DPV - ok
13:49:10.0062 4384 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
13:49:10.0093 4384 HSXHWAZL - ok
13:49:10.0140 4384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:49:10.0156 4384 HTTP - ok
13:49:10.0171 4384 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:49:10.0187 4384 i2omgmt - ok
13:49:10.0218 4384 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:49:10.0234 4384 i2omp - ok
13:49:10.0265 4384 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:49:10.0296 4384 i8042prt - ok
13:49:10.0312 4384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:49:10.0328 4384 Imapi - ok
13:49:10.0375 4384 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:49:10.0406 4384 ini910u - ok
13:49:10.0421 4384 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:49:10.0437 4384 IntelIde - ok
13:49:10.0484 4384 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:49:10.0484 4384 intelppm - ok
13:49:10.0515 4384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:49:10.0546 4384 Ip6Fw - ok
13:49:10.0562 4384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:49:10.0578 4384 IpFilterDriver - ok
13:49:10.0578 4384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:49:10.0593 4384 IpInIp - ok
13:49:10.0640 4384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:49:10.0671 4384 IpNat - ok
13:49:10.0703 4384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:49:10.0718 4384 IPSec - ok
13:49:10.0765 4384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:49:10.0781 4384 IRENUM - ok
13:49:10.0828 4384 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:49:10.0859 4384 isapnp - ok
13:49:10.0875 4384 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:49:10.0890 4384 Kbdclass - ok
13:49:10.0937 4384 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:49:10.0953 4384 kbdhid - ok
13:49:11.0000 4384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:49:11.0000 4384 kmixer - ok
13:49:11.0031 4384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:49:11.0031 4384 KSecDD - ok
13:49:11.0046 4384 lbrtfdc - ok
13:49:11.0093 4384 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\WINDOWS\system32\drivers\libusb0.sys
13:49:11.0109 4384 libusb0 - ok
13:49:11.0171 4384 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:49:11.0187 4384 mdmxsdk - ok
13:49:11.0250 4384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:49:11.0265 4384 mnmdd - ok
13:49:11.0312 4384 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:49:11.0328 4384 Modem - ok
13:49:11.0437 4384 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
13:49:11.0531 4384 monfilt - ok
13:49:11.0593 4384 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:49:11.0625 4384 Mouclass - ok
13:49:11.0687 4384 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:49:11.0734 4384 mouhid - ok
13:49:11.0765 4384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:49:11.0796 4384 MountMgr - ok
13:49:11.0828 4384 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:49:11.0875 4384 mraid35x - ok
13:49:11.0890 4384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:49:11.0921 4384 MRxDAV - ok
13:49:12.0000 4384 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:49:12.0000 4384 MRxSmb - ok
13:49:12.0031 4384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:49:12.0046 4384 Msfs - ok
13:49:12.0093 4384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:49:12.0125 4384 MSKSSRV - ok
13:49:12.0140 4384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:49:12.0156 4384 MSPCLOCK - ok
13:49:12.0171 4384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:49:12.0203 4384 MSPQM - ok
13:49:12.0234 4384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:49:12.0250 4384 mssmbios - ok
13:49:12.0281 4384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:49:12.0281 4384 Mup - ok
13:49:12.0296 4384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:49:12.0343 4384 NDIS - ok
13:49:12.0390 4384 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:49:12.0390 4384 NdisTapi - ok
13:49:12.0406 4384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:49:12.0437 4384 Ndisuio - ok
13:49:12.0437 4384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:49:12.0484 4384 NdisWan - ok
13:49:12.0546 4384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:49:12.0546 4384 NDProxy - ok
13:49:12.0562 4384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:49:12.0593 4384 NetBIOS - ok
13:49:12.0625 4384 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:49:12.0656 4384 NetBT - ok
13:49:12.0781 4384 NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
13:49:12.0875 4384 NETw3x32 - ok
13:49:12.0921 4384 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:49:12.0921 4384 NIC1394 - ok
13:49:12.0937 4384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:49:12.0953 4384 Npfs - ok
13:49:12.0968 4384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:49:13.0015 4384 Ntfs - ok
13:49:13.0046 4384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:49:13.0062 4384 Null - ok
13:49:13.0171 4384 nv (7f4551a2a1e96b4a6c29ef19dacce18c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:49:13.0296 4384 nv - ok
13:49:13.0343 4384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:49:13.0359 4384 NwlnkFlt - ok
13:49:13.0375 4384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:49:13.0406 4384 NwlnkFwd - ok
13:49:13.0468 4384 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:49:13.0468 4384 ohci1394 - ok
13:49:13.0531 4384 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
13:49:13.0593 4384 ossrv - ok
13:49:13.0625 4384 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:49:13.0640 4384 Parport - ok
13:49:13.0656 4384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:49:13.0671 4384 PartMgr - ok
13:49:13.0750 4384 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:49:13.0765 4384 ParVdm - ok
13:49:13.0781 4384 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:49:13.0796 4384 PCI - ok
13:49:13.0812 4384 PCIDump - ok
13:49:13.0828 4384 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:49:13.0843 4384 PCIIde - ok
13:49:13.0859 4384 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:49:13.0890 4384 Pcmcia - ok
13:49:13.0906 4384 PDCOMP - ok
13:49:13.0906 4384 PDFRAME - ok
13:49:13.0921 4384 PDRELI - ok
13:49:13.0937 4384 PDRFRAME - ok
13:49:13.0937 4384 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:49:14.0000 4384 perc2 - ok
13:49:14.0031 4384 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:49:14.0046 4384 perc2hib - ok
13:49:14.0125 4384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:49:14.0140 4384 PptpMiniport - ok
13:49:14.0156 4384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:49:14.0171 4384 PSched - ok
13:49:14.0203 4384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:49:14.0218 4384 Ptilink - ok
13:49:14.0250 4384 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:49:14.0265 4384 PxHelp20 - ok
13:49:14.0312 4384 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:49:14.0328 4384 ql1080 - ok
13:49:14.0343 4384 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:49:14.0375 4384 Ql10wnt - ok
13:49:14.0390 4384 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:49:14.0406 4384 ql12160 - ok
13:49:14.0468 4384 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:49:14.0484 4384 ql1240 - ok
13:49:14.0546 4384 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:49:14.0578 4384 ql1280 - ok
13:49:14.0609 4384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:49:14.0625 4384 RasAcd - ok
13:49:14.0640 4384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:49:14.0656 4384 Rasl2tp - ok
13:49:14.0671 4384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:49:14.0687 4384 RasPppoe - ok
13:49:14.0750 4384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:49:14.0765 4384 Raspti - ok
13:49:14.0812 4384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:49:14.0843 4384 Rdbss - ok
13:49:14.0859 4384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:49:14.0859 4384 RDPCDD - ok
13:49:14.0921 4384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:49:14.0953 4384 rdpdr - ok
13:49:15.0000 4384 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:49:15.0000 4384 RDPWD - ok
13:49:15.0031 4384 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:49:15.0062 4384 redbook - ok
13:49:15.0078 4384 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:49:15.0093 4384 rimmptsk - ok
13:49:15.0140 4384 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
13:49:15.0156 4384 rimsptsk - ok
13:49:15.0171 4384 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
13:49:15.0218 4384 rismxdp - ok
13:49:15.0281 4384 s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
13:49:15.0296 4384 s24trans - ok
13:49:15.0328 4384 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:49:15.0359 4384 sdbus - ok
13:49:15.0421 4384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:49:15.0453 4384 Secdrv - ok
13:49:15.0531 4384 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:49:15.0546 4384 serenum - ok
13:49:15.0593 4384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:49:15.0625 4384 Serial - ok
13:49:15.0687 4384 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:49:15.0718 4384 sffdisk - ok
13:49:15.0765 4384 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:49:15.0796 4384 sffp_sd - ok
13:49:15.0875 4384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:49:15.0890 4384 Sfloppy - ok
13:49:15.0906 4384 Simbad - ok
13:49:15.0953 4384 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:49:15.0984 4384 sisagp - ok
13:49:16.0000 4384 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:49:16.0031 4384 Sparrow - ok
13:49:16.0093 4384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:49:16.0109 4384 splitter - ok
13:49:16.0140 4384 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:49:16.0171 4384 sr - ok
13:49:16.0234 4384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:49:16.0250 4384 Srv - ok
13:49:16.0343 4384 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
13:49:16.0453 4384 STHDA - ok
13:49:16.0484 4384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:49:16.0500 4384 swenum - ok
13:49:16.0515 4384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:49:16.0531 4384 swmidi - ok
13:49:16.0578 4384 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:49:16.0609 4384 symc810 - ok
13:49:16.0656 4384 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:49:16.0671 4384 symc8xx - ok
13:49:16.0734 4384 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:49:16.0750 4384 sym_hi - ok
13:49:16.0812 4384 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:49:16.0828 4384 sym_u3 - ok
13:49:16.0921 4384 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:49:16.0937 4384 SynTP - ok
13:49:16.0984 4384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:49:17.0000 4384 sysaudio - ok
13:49:17.0062 4384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:49:17.0078 4384 Tcpip - ok
13:49:17.0109 4384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:49:17.0125 4384 TDPIPE - ok
13:49:17.0140 4384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:49:17.0156 4384 TDTCP - ok
13:49:17.0203 4384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:49:17.0218 4384 TermDD - ok
13:49:17.0281 4384 tmactmon (02ffe7402fb07f2f64d1ac6866345087) C:\WINDOWS\system32\drivers\tmactmon.sys
13:49:17.0312 4384 tmactmon - ok
13:49:17.0390 4384 tmcfw (73d3b5d101e3202c268ffe851574b6eb) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
13:49:17.0500 4384 tmcfw - ok
13:49:17.0515 4384 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\WINDOWS\system32\drivers\tmcomm.sys
13:49:17.0546 4384 tmcomm - ok
13:49:17.0562 4384 tmevtmgr (efe60b70fa964459dde55039c5b05be7) C:\WINDOWS\system32\drivers\tmevtmgr.sys
13:49:17.0578 4384 tmevtmgr - ok
13:49:17.0640 4384 tmpreflt (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
13:49:17.0656 4384 tmpreflt - ok
13:49:17.0734 4384 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
13:49:17.0734 4384 tmtdi - ok
13:49:17.0796 4384 tmxpflt (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
13:49:17.0859 4384 tmxpflt - ok
13:49:17.0921 4384 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:49:17.0921 4384 TosIde - ok
13:49:18.0015 4384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:49:18.0031 4384 Udfs - ok
13:49:18.0078 4384 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:49:18.0093 4384 ultra - ok
13:49:18.0187 4384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:49:18.0218 4384 Update - ok
13:49:18.0265 4384 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:49:18.0296 4384 usbaudio - ok
13:49:18.0312 4384 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:49:18.0328 4384 usbccgp - ok
13:49:18.0343 4384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:49:18.0375 4384 usbehci - ok
13:49:18.0406 4384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:49:18.0421 4384 usbhub - ok
13:49:18.0500 4384 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:49:18.0515 4384 usbscan - ok
13:49:18.0546 4384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:49:18.0562 4384 USBSTOR - ok
13:49:18.0609 4384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:49:18.0625 4384 usbuhci - ok
13:49:18.0656 4384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:49:18.0671 4384 VgaSave - ok
13:49:18.0718 4384 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:49:18.0750 4384 viaagp - ok
13:49:18.0765 4384 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:49:18.0781 4384 ViaIde - ok
13:49:18.0812 4384 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:49:18.0828 4384 VolSnap - ok
13:49:18.0953 4384 vsapint (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
13:49:19.0000 4384 vsapint - ok
13:49:19.0125 4384 wacmoumonitor (17bdade5a09d0b0f85f6fd95e3a68ecd) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
13:49:19.0140 4384 wacmoumonitor - ok
13:49:19.0187 4384 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
13:49:19.0203 4384 wacommousefilter - ok
13:49:19.0265 4384 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
13:49:19.0281 4384 wacomvhid - ok
13:49:19.0328 4384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:49:19.0343 4384 Wanarp - ok
13:49:19.0359 4384 WDICA - ok
13:49:19.0375 4384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:49:19.0390 4384 wdmaud - ok
13:49:19.0468 4384 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:49:19.0578 4384 winachsf - ok
13:49:19.0625 4384 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:49:19.0625 4384 WmiAcpi - ok
13:49:19.0687 4384 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:49:19.0734 4384 WudfPf - ok
13:49:19.0781 4384 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:49:19.0812 4384 WudfRd - ok
13:49:19.0828 4384 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
13:49:19.0828 4384 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
13:49:19.0828 4384 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
13:49:19.0859 4384 Boot (0x1200) (301bbfb23fd5b44bceffdd1b0d64299b) \Device\Harddisk0\DR0\Partition0
13:49:19.0859 4384 \Device\Harddisk0\DR0\Partition0 - ok
13:49:19.0859 4384 ============================================================
13:49:19.0859 4384 Scan finished
13:49:19.0859 4384 ============================================================
13:49:19.0875 2120 Detected object count: 1
13:49:19.0875 2120 Actual detected object count: 1
13:49:34.0218 2120 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
13:49:34.0218 2120 \Device\Harddisk0\DR0 - ok
13:49:34.0218 2120 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
13:49:40.0203 1572 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 03 December 2011 - 03:58 PM

Please re-run the tool so we can see it comes up clean.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 December 2011 - 04:30 PM

The newest TDSS scan comes up saying "No threats found". :D

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 03 December 2011 - 04:38 PM

Very well.

How is redirection?

Next, we have "hosts" file missing and we have to recreate it.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

==============================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 December 2011 - 05:09 PM

Here you go:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:08 on 03/12/2011 by Theresa
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 711 bytes [22:07 03/12/2011] [22:07 03/12/2011]
lmhosts.sam --a---- 3683 bytes [18:51 10/08/2004] [11:00 04/08/2004]
networks --a---- 407 bytes [18:51 10/08/2004] [11:00 04/08/2004]
protocol --a---- 799 bytes [18:51 10/08/2004] [11:00 04/08/2004]
services --a---- 7116 bytes [18:51 10/08/2004] [11:00 04/08/2004]
tmvsthfss.bin --a---- 734 bytes [03:42 02/02/2008] [10:39 20/03/2009]
tmvsthfud.bin --a---- 734 bytes [03:42 02/02/2008] [10:39 20/03/2009]

---Folders---
None found.

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 03 December 2011 - 05:10 PM

Good :)

How is redirection?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 December 2011 - 05:18 PM

Shoot. Sorry, little crazy here today and I missed that bit. Redirection doesn't seem to be happening, and no random pages have opened today at all.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 03 December 2011 - 06:42 PM

Very good :)

Last checks....

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 03 December 2011 - 08:26 PM

Yay! ESET reports no threats found. :)

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:27 PM

Posted 03 December 2011 - 08:34 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

4. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

5. Run Temporary File Cleaner (TFC) weekly.

6. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

7. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 t.l.martin

t.l.martin
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 04 December 2011 - 11:04 AM

Thanks so much for your patience and assistance Broni. I'm updating my scheduling/software to include your recommendations and dropping a tip in the donate jar. You've been great!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users