Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots of quarantined infections - where do i start!?


  • Please log in to reply
18 replies to this topic

#1 Blue Gecko

Blue Gecko

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 05 December 2011 - 11:22 PM

So, I downloaded a bad file the other day that I thought was a DVD burning program. Turns out it just riddled my computer with viruses and I should have trusted my gut not to download it. A friend recommended the file to me but I was careless when I jumped online to find it. Anyways...I am not sure what website I got it from, as I've already gone through and deleted my history, temp files, etc. with ATF Cleaner.

So when i went to open the downloaded file, it acted like it was loading, then disappeared and my Avira Anti-virus went nuts quarantining files. So, I ran a full scan with Avira and it quarantined a bunch more. I've run Malware Bytes as a full scan and a quick scan, but it came up with nothing. I realized that my Malware Bytes is outdated the second time i loaded the program, but it won't update. It's 95 days out of date. So, i'm not sure what to do to force it to update, but I haven't been successful in updating it so far.

I did some searching online regarding a few of the viruses Avira found and some recommendations for removal. One of which was to restart in Safe Mode, run ATF Cleaner, then Super Anti-spyware. Then reboot in normal mode and remove anything SAS found and run Malware Bytes. SAS found 338 Adware.tracking cookies and also found 2 trojans within itself it looks like:

Trojan.Agent/Gen
C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE.EXE
C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE.EXE

Which the program quarantined also.

Here is the list of viruses Avira quarantined.

EXP/CVE-2010-0840.EK (1 instance)
TR/ATRAPS.Gen2 (6 instances)
TR/Kazy.11683.4 (1 instance)
TR/Rootkit.Gen (5 instances)
TR/Rowindal.D.1 (1 instance)
TR/Spy.ZBot.113152.1 (1 instance)
W32/Patchload.A (19 instances)

What can i do to clean these files and get rid of the viruses?

I've noticed that my Wifi Connection icon in the task bar continuously says "acquiring network address" even though it's connected and I'm using the internet. I also noticed that once in a while when i'm loading a website, it tries to redirect to www.koaz...searchsite.. something I haven't caught the full name of it yet. It's shown up in the status bar and I've stopped transmission before it loads. Then if I refresh the page, because my original website address is still in the address bar, it will load without trying to redirect.

I don't really dare log into anything of any importance on this computer. I'll check my email and such from my husbands computer... but I really need to get these things off of here so I can use this machine again! I'm a bit overwhelmed (and ashamed because I should have known better than to download what i did) and don't know where to start. Can you help? What do you need from me?

Please and thanks in advance! My internet is spotty as I'm in a rural area of Hawaii with a mobile hot spot... but i'll check as often as I can to stay in contact and respond to any replies. Thanks!

BC AdBot (Login to Remove)

 


#2 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 06 December 2011 - 01:14 AM

It tried to redirect me again, I caught more of it this time...

www.kozanekozasearchsystem.com is where it wants to send me.

#3 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 08 December 2011 - 04:08 PM

Can anyone help? Any suggestions? Please? Should i just nuke the computer or will that not even take care of it?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 08 December 2011 - 04:29 PM

Hello, let's see how serious the rootkit is and how it's running after these.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 09 December 2011 - 04:19 PM

Hello,

I ran all the tools and got all the logs. Unfortunately, when I was running Eset, I had left my laptop running while i went to dinner and it got unplugged while I was gone (the pets got a little crazy apparently) and it shutdown, so the 1st Eset Scan, which had found 2 infections before I left (W32/Adware... something, sorry) wasn't available for me to save a log of when I got home. I ran a second scan, and there was no infections found and therefore no log.

The log for the mini tool box was:

MiniToolBox by Farbar
Ran by bLiNx (administrator) on 08-12-2011 at 17:13:43
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : Dell4KDN

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-15-C5-3F-AE-CB



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-13-CE-2C-44-8B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, December 08, 2011 5:05:22 PM

Lease Expires . . . . . . . . . . : Friday, December 09, 2011 5:05:22 PM



Pinging google.com [74.125.127.147] with 32 bytes of data:



Reply from 74.125.127.147: bytes=32 time=216ms TTL=52

Reply from 74.125.127.147: bytes=32 time=243ms TTL=52



Ping statistics for 74.125.127.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 216ms, Maximum = 243ms, Average = 229ms



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=301ms TTL=53

Reply from 98.139.180.149: bytes=32 time=241ms TTL=53



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 241ms, Maximum = 301ms, Average = 271ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 10.0.185.11: Destination host unreachable.

Reply from 10.0.185.11: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 3f ae cb ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 13 ce 2c 44 8b ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 25
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 25
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 25
255.255.255.255 255.255.255.255 192.168.1.2 2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2011 04:14:22 PM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 11.0.8341.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/08/2011 04:13:16 PM) (Source: Application Hang) (User: )
Description: Hanging application Iedit_.exe, version 12.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/04/2011 10:01:47 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/04/2011 04:05:54 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crt> with error: This operation returned because the timeout period expired.

Error: (12/04/2011 04:05:54 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crt> with error: This operation returned because the timeout period expired.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: This operation returned because the timeout period expired.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt> with error: This operation returned because the timeout period expired.

Error: (12/04/2011 04:05:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (12/08/2011 05:13:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:51 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:50 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:49 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:48 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:48 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:47 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (12/08/2011 05:13:47 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (12/08/2011 04:14:22 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE11.0.8341.0hungapp0.0.0.000000000

Error: (12/08/2011 04:13:16 PM) (Source: Application Hang)(User: )
Description: Iedit_.exe12.0.0.0hungapp0.0.0.000000000

Error: (12/04/2011 10:01:47 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.51.0.1118hungapp0.0.0.000000000

Error: (12/04/2011 04:05:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crtThis operation returned because the timeout period expired.

Error: (12/04/2011 04:05:54 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/EE869387FFFD8349AB5AD14322588789A457B012.crtThis operation returned because the timeout period expired.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crtThis operation returned because the timeout period expired.

Error: (12/04/2011 04:05:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crtThis operation returned because the timeout period expired.

Error: (12/04/2011 04:05:24 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 2.6.0.19140)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS2 (Version: 12.0.1)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Setup (Version: 2.0)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
Aim Plugin for QQ Games
Aimersoft Video Studio Express(Build 1.2.0.25)
AIMTunes
ALPS Touch Pad Driver
America Online (Choose which version to remove)
Any Video Converter 2.6.7
Any Video Editor 1.3.1 (Version: 1.3.1)
AOLIcon (Version: 1.00.0000)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoImpression 5
ArcSoft TotalMedia Extreme
Ask Toolbar (Version: 1.13.1.0)
Avira Free Antivirus (Version: 12.0.0.861)
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Broadcom Management Programs 2 (Version: 7.82.01)
Cakewalk Pyro 5
CameraHelperMsi (Version: 13.30.1395.0)
CCleaner (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant D110 MDC V.9x Modem
Coupon Printer for Windows (Version: 4.0)
Coupon Printer for Windows (Version: 5.0.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell Support 3.1 (Version: 5.1.760)
Dell System Restore (Version: 2.00.0000)
Digital Line Detect (Version: 1.14)
DivX Web Player (Version: 1.4.2)
Download Updater (AOL LLC)
Dr Glitter Light (Version: 1.45)
Drive Manager (Version: 1.00.0012)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
erLT (Version: 1.20.138.34)
Express Invoice
FileZilla Client 3.5.1 (Version: 3.5.1)
Foxit Reader (Version: 4.2.0.928)
Free Notes & Office Ink (Version: )
Garmin Communicator Plugin (Version: 2.8.1)
Garmin POI Loader (Version: 2.5.4.0)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
getPlus® for Adobe (Version: 1.5.2.35)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
HD-DV decoder (Version: 1.03.00)
HijackThis 2.0.2 (Version: 2.0.2)
Hugin 2009.4.0 (Version: 2009.4.0)
InstallVC90Support (Version: 1.01.0000)
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless Software (Version: 9.00.0000)
Internal Network Card Power Management (Version: 1.7.0)
Internet Explorer Default Page (Version: 1.00.03)
Jalbum (Version: 8.8)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Jasc Paint Shop Photo Album 5 (Version: 5.21)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
JBidwatcher 2
K-Lite Codec Pack 6.3.0 (Full) (Version: 6.3.0)
Learn2 Player (Uninstall Only)
Lexmark 2600 Series
Lexmark Fax Solutions
Lexmark Toolbar (Version: 4.6.37.0)
Logitech Updater (Version: 1.70)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Macromedia Dreamweaver MX 2004 (Version: 7.0)
Macromedia Extension Manager (Version: 1.5)
Macromedia Fireworks MX 2004 (Version: 7)
Macromedia Flash MX 2004 (Version: 7)
Macromedia Flash Player (Version: 7.0.19.0)
Macromedia FreeHand MXa (Version: 11.0.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
mCore (Version: 1.19.0000)
mDrWiFi (Version: 1.19.0000)
MediaFACE 4.2 (Version: 4.2)
MediaFACE 4.2 Image Library (Version: 4.2)
mHlpDell (Version: 1.19.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office OneNote 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Project Professional 2003 (Version: 11.0.8173.0)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Web Publishing Wizard 1.52
mIWA (Version: 1.19.0000)
mIWCA (Version: 1.19.0000)
mLogView (Version: 1.19.0000)
mMHouse (Version: 1.19.0000)
Mobile Broadband Generic Drivers (Version: 2.03.18.001.28)
MobiLink 3 (Version: 3.00.59.016)
Modem Helper (Version: 2.41)
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
mPfMgr (Version: 1.19.0000)
mPfWiz (Version: 1.19.0000)
mProSafe (Version: 9.00.0000)
mSSO (Version: 1.19.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mToolkit (Version: 1.19.0000)
Music Editor Free
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 9.00.2028)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.19.0000)
MyRate from Progressive Insurance (Version: 2.0.0)
mZConfig (Version: 1.19.0000)
NetWaiting (Version: 2.5.16)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
Pen Pad Driver with Macro Key Manager
Photo Explosion 3.0 Special Edition (Version: 3.0.1.1)
PhotoPos Pro Toolbar
Picaboo 2.5 (Version: 2.5)
Picaboo X (Version: 10.142)
Picaboo X (Version: 10.142P)
Picasa 3 (Version: 3.8)
Power Presenter RE II (Version: )
PowerDVD 5.5
QQ Games (Version: 2.0.102.36)
QuickBooks Simple Start Special Edition (Version: )
QuickSet (Version: 3.9.4)
QuickTime (Version: 7.62.14.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Scratch Live 2.2.0 (22033) (Version: 2.2.0)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.1 (Version: 5.1.104)
Sonic DLA (Version: 4.95)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1136)
Table2CSS 3.10.4
TaxCut Michigan 2008 (Version: 1.08.4101)
TaxCut Premium + Efile 2008 (Version: 08.06.7101)
Ulead PhotoImpact 12 (Version: 12.0)
VC 9.0 Runtime (Version: 1.0.0)
VMware View Client (Version: 3.1.1.1212)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.581 )
Winamp Remote (Version: 2.2008.0508.1530)
Winamp Toolbar
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WordPerfect Office 12 (Version: 12.01)
ZoneAlarm Firewall (Version: 10.1.065.000)
ZoneAlarm Free (Version: 10.1.065.000)
ZoneAlarm Security (Version: 10.1.065.000)
ZoneAlarm Security Toolbar (Version: 6.7.0.6)
ZoneAlarm Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 2039.37 MB
Available physical RAM: 1567.33 MB
Total Pagefile: 2645.86 MB
Available Pagefile: 2256.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:71 GB) (Free:8.88 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL4KDN

Administrator bLiNx Guest
HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini053108-01.dmp
C:\WINDOWS\Minidump\Mini082810-01.dmp
C:\WINDOWS\Minidump\Mini122608-01.dmp

**** End of log ****


And the one for TDSKiller was:

17:15:57.0343 1612 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
17:15:58.0250 1612 ============================================================
17:15:58.0250 1612 Current date / time: 2011/12/08 17:15:58.0250
17:15:58.0250 1612 SystemInfo:
17:15:58.0250 1612
17:15:58.0250 1612 OS Version: 5.1.2600 ServicePack: 3.0
17:15:58.0250 1612 Product type: Workstation
17:15:58.0250 1612 ComputerName: DELL4KDN
17:15:58.0250 1612 UserName: bLiNx
17:15:58.0250 1612 Windows directory: C:\WINDOWS
17:15:58.0250 1612 System windows directory: C:\WINDOWS
17:15:58.0250 1612 Processor architecture: Intel x86
17:15:58.0250 1612 Number of processors: 1
17:15:58.0250 1612 Page size: 0x1000
17:15:58.0250 1612 Boot type: Normal boot
17:15:58.0250 1612 ============================================================
17:16:00.0281 1612 Initialize success
17:16:18.0984 2556 ============================================================
17:16:18.0984 2556 Scan started
17:16:18.0984 2556 Mode: Manual;
17:16:18.0984 2556 ============================================================
17:16:19.0843 2556 Abiosdsk - ok
17:16:19.0906 2556 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:16:19.0937 2556 abp480n5 - ok
17:16:20.0015 2556 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:16:20.0015 2556 ACPI - ok
17:16:20.0062 2556 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:16:20.0078 2556 ACPIEC - ok
17:16:20.0125 2556 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:16:20.0218 2556 adpu160m - ok
17:16:20.0265 2556 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:16:20.0281 2556 aec - ok
17:16:20.0343 2556 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:16:20.0343 2556 AegisP - ok
17:16:20.0406 2556 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
17:16:20.0406 2556 Afc - ok
17:16:20.0531 2556 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:16:20.0531 2556 AFD - ok
17:16:20.0593 2556 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:16:20.0625 2556 agp440 - ok
17:16:20.0656 2556 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:16:20.0703 2556 agpCPQ - ok
17:16:20.0765 2556 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:16:20.0828 2556 Aha154x - ok
17:16:20.0875 2556 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:16:20.0906 2556 aic78u2 - ok
17:16:20.0953 2556 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:16:20.0984 2556 aic78xx - ok
17:16:21.0046 2556 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:16:21.0078 2556 AliIde - ok
17:16:21.0203 2556 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:16:21.0250 2556 alim1541 - ok
17:16:21.0343 2556 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:16:21.0375 2556 amdagp - ok
17:16:21.0437 2556 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:16:21.0484 2556 amsint - ok
17:16:21.0546 2556 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:16:21.0546 2556 ApfiltrService - ok
17:16:21.0609 2556 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
17:16:21.0625 2556 APPDRV - ok
17:16:21.0656 2556 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:16:21.0671 2556 Arp1394 - ok
17:16:21.0703 2556 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:16:21.0750 2556 asc - ok
17:16:21.0843 2556 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:16:21.0875 2556 asc3350p - ok
17:16:21.0921 2556 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:16:21.0953 2556 asc3550 - ok
17:16:22.0031 2556 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:16:22.0062 2556 AsyncMac - ok
17:16:22.0140 2556 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:16:22.0140 2556 atapi - ok
17:16:22.0171 2556 Atdisk - ok
17:16:22.0203 2556 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:16:22.0250 2556 Atmarpc - ok
17:16:22.0343 2556 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:16:22.0343 2556 audstub - ok
17:16:22.0406 2556 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:16:22.0406 2556 avgntflt - ok
17:16:22.0484 2556 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:16:22.0484 2556 avipbb - ok
17:16:22.0593 2556 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:16:22.0609 2556 avkmgr - ok
17:16:22.0656 2556 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
17:16:22.0656 2556 bcm4sbxp - ok
17:16:22.0671 2556 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:16:22.0687 2556 Beep - ok
17:16:22.0718 2556 bvrp_pci - ok
17:16:22.0843 2556 catchme - ok
17:16:22.0890 2556 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:16:22.0937 2556 cbidf - ok
17:16:22.0953 2556 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:16:22.0953 2556 cbidf2k - ok
17:16:23.0015 2556 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:16:23.0046 2556 CCDECODE - ok
17:16:23.0109 2556 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:16:23.0140 2556 cd20xrnt - ok
17:16:23.0187 2556 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:16:23.0187 2556 Cdaudio - ok
17:16:23.0296 2556 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:16:23.0296 2556 Cdfs - ok
17:16:23.0328 2556 Cdrom (9b9793e9caf8c66459b4248a01e027d0) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:16:23.0343 2556 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9b9793e9caf8c66459b4248a01e027d0, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
17:16:23.0343 2556 Cdrom ( Rootkit.Win32.ZAccess.g ) - infected
17:16:23.0343 2556 Cdrom - detected Rootkit.Win32.ZAccess.g (0)
17:16:23.0359 2556 Changer - ok
17:16:23.0421 2556 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:16:23.0421 2556 CmBatt - ok
17:16:23.0468 2556 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:16:23.0500 2556 CmdIde - ok
17:16:23.0515 2556 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:16:23.0546 2556 Compbatt - ok
17:16:23.0625 2556 CompFilter (216f2c5cd4b5858d9a80a09a5479562b) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
17:16:23.0656 2556 CompFilter - ok
17:16:23.0734 2556 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:16:23.0765 2556 Cpqarray - ok
17:16:23.0843 2556 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:16:23.0890 2556 dac2w2k - ok
17:16:23.0984 2556 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:16:24.0015 2556 dac960nt - ok
17:16:24.0093 2556 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:16:24.0109 2556 Disk - ok
17:16:24.0218 2556 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:16:24.0281 2556 dmboot - ok
17:16:24.0343 2556 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:16:24.0390 2556 dmio - ok
17:16:24.0437 2556 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:16:24.0500 2556 dmload - ok
17:16:24.0609 2556 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:16:24.0609 2556 DMusic - ok
17:16:24.0687 2556 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:16:24.0734 2556 dpti2o - ok
17:16:24.0765 2556 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:16:24.0781 2556 drmkaud - ok
17:16:24.0843 2556 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
17:16:24.0859 2556 drvmcdb - ok
17:16:24.0937 2556 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
17:16:24.0937 2556 drvnddm - ok
17:16:24.0968 2556 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:16:25.0000 2556 E100B - ok
17:16:25.0062 2556 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:16:25.0093 2556 Fastfat - ok
17:16:25.0156 2556 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:16:25.0187 2556 Fdc - ok
17:16:25.0296 2556 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:16:25.0296 2556 Fips - ok
17:16:25.0343 2556 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:16:25.0375 2556 Flpydisk - ok
17:16:25.0421 2556 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:16:25.0468 2556 FltMgr - ok
17:16:25.0515 2556 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:16:25.0515 2556 Fs_Rec - ok
17:16:25.0562 2556 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:16:25.0609 2556 Ftdisk - ok
17:16:25.0671 2556 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
17:16:25.0671 2556 GearAspiWDM - ok
17:16:25.0718 2556 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:16:25.0718 2556 Gpc - ok
17:16:25.0812 2556 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:16:25.0843 2556 HidUsb - ok
17:16:25.0890 2556 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:16:25.0921 2556 hpn - ok
17:16:26.0015 2556 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:16:26.0015 2556 HSFHWICH - ok
17:16:26.0093 2556 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:16:26.0140 2556 HSF_DP - ok
17:16:26.0218 2556 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:16:26.0234 2556 HTTP - ok
17:16:26.0312 2556 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:16:26.0312 2556 i2omgmt - ok
17:16:26.0359 2556 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:16:26.0406 2556 i2omp - ok
17:16:26.0484 2556 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:16:26.0484 2556 i8042prt - ok
17:16:26.0578 2556 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:16:26.0609 2556 ialm - ok
17:16:26.0687 2556 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:16:26.0687 2556 Imapi - ok
17:16:26.0750 2556 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:16:26.0781 2556 ini910u - ok
17:16:26.0828 2556 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:16:26.0843 2556 IntelIde - ok
17:16:26.0890 2556 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:16:26.0890 2556 intelppm - ok
17:16:26.0937 2556 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:16:26.0937 2556 Ip6Fw - ok
17:16:27.0187 2556 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:16:27.0265 2556 IpFilterDriver - ok
17:16:27.0390 2556 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:16:27.0406 2556 IpInIp - ok
17:16:27.0453 2556 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:16:27.0453 2556 IpNat - ok
17:16:27.0500 2556 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:16:27.0500 2556 IPSec - ok
17:16:27.0546 2556 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:16:27.0578 2556 IRENUM - ok
17:16:27.0625 2556 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:16:27.0640 2556 isapnp - ok
17:16:27.0781 2556 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:16:27.0781 2556 ISWKL - ok
17:16:27.0875 2556 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
17:16:27.0875 2556 IWCA - ok
17:16:27.0937 2556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:16:27.0937 2556 Kbdclass - ok
17:16:28.0031 2556 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:16:28.0031 2556 kmixer - ok
17:16:28.0078 2556 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:16:28.0078 2556 KSecDD - ok
17:16:28.0125 2556 lbrtfdc - ok
17:16:28.0187 2556 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
17:16:28.0218 2556 LVPr2Mon - ok
17:16:28.0328 2556 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\WINDOWS\system32\DRIVERS\lvrs.sys
17:16:28.0328 2556 LVRS - ok
17:16:28.0390 2556 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
17:16:28.0390 2556 LVUSBSta - ok
17:16:28.0640 2556 LVUVC (3703406af0726badd24c5e552493e5b1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
17:16:28.0781 2556 LVUVC - ok
17:16:28.0953 2556 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:16:28.0953 2556 mdmxsdk - ok
17:16:28.0984 2556 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:29.0000 2556 mnmdd - ok
17:16:29.0062 2556 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:16:29.0062 2556 Modem - ok
17:16:29.0093 2556 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:16:29.0093 2556 Mouclass - ok
17:16:29.0171 2556 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:16:29.0187 2556 mouhid - ok
17:16:29.0281 2556 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:16:29.0328 2556 MountMgr - ok
17:16:29.0375 2556 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:16:29.0406 2556 mraid35x - ok
17:16:29.0437 2556 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:16:29.0453 2556 MRxDAV - ok
17:16:29.0578 2556 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:16:29.0593 2556 MRxSmb - ok
17:16:29.0640 2556 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:16:29.0640 2556 Msfs - ok
17:16:29.0687 2556 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:16:29.0703 2556 MSKSSRV - ok
17:16:29.0750 2556 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:16:29.0765 2556 MSPCLOCK - ok
17:16:29.0796 2556 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:16:29.0828 2556 MSPQM - ok
17:16:29.0875 2556 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:16:29.0875 2556 mssmbios - ok
17:16:29.0937 2556 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:16:29.0984 2556 MSTEE - ok
17:16:30.0046 2556 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:16:30.0046 2556 Mup - ok
17:16:30.0171 2556 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:16:30.0171 2556 NABTSFEC - ok
17:16:30.0234 2556 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:16:30.0296 2556 NDIS - ok
17:16:30.0359 2556 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:16:30.0390 2556 NdisIP - ok
17:16:30.0437 2556 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:16:30.0437 2556 NdisTapi - ok
17:16:30.0484 2556 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:16:30.0484 2556 Ndisuio - ok
17:16:30.0531 2556 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:16:30.0531 2556 NdisWan - ok
17:16:30.0578 2556 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:16:30.0593 2556 NDProxy - ok
17:16:30.0609 2556 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:16:30.0625 2556 NetBIOS - ok
17:16:30.0671 2556 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:16:30.0671 2556 NetBT - ok
17:16:30.0750 2556 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:16:30.0750 2556 NIC1394 - ok
17:16:30.0812 2556 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:16:30.0812 2556 Npfs - ok
17:16:30.0875 2556 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:16:30.0937 2556 Ntfs - ok
17:16:31.0046 2556 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:16:31.0062 2556 Null - ok
17:16:31.0203 2556 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:16:31.0281 2556 nv - ok
17:16:31.0359 2556 NWADI (c83766c4a147159254ff16f1a6c9dc6e) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
17:16:31.0359 2556 NWADI - ok
17:16:31.0406 2556 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:16:31.0437 2556 NwlnkFlt - ok
17:16:31.0546 2556 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:16:31.0593 2556 NwlnkFwd - ok
17:16:31.0656 2556 NWUSBModem_000 (a880714fa83f46e3a564f50b2a4f2bd8) C:\WINDOWS\system32\DRIVERS\nwusbmdm_000.sys
17:16:31.0671 2556 NWUSBModem_000 - ok
17:16:31.0734 2556 NWUSBPort2_000 (a880714fa83f46e3a564f50b2a4f2bd8) C:\WINDOWS\system32\DRIVERS\nwusbser2_000.sys
17:16:31.0734 2556 NWUSBPort2_000 - ok
17:16:31.0781 2556 NWUSBPort_000 (a880714fa83f46e3a564f50b2a4f2bd8) C:\WINDOWS\system32\DRIVERS\nwusbser_000.sys
17:16:31.0796 2556 NWUSBPort_000 - ok
17:16:31.0859 2556 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:16:31.0859 2556 ohci1394 - ok
17:16:31.0921 2556 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
17:16:31.0921 2556 omci - ok
17:16:31.0968 2556 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:16:31.0984 2556 Parport - ok
17:16:32.0015 2556 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:16:32.0046 2556 PartMgr - ok
17:16:32.0093 2556 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:16:32.0109 2556 ParVdm - ok
17:16:32.0328 2556 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
17:16:32.0359 2556 PCASp50 - ok
17:16:32.0390 2556 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:16:32.0406 2556 PCI - ok
17:16:32.0421 2556 PCIDump - ok
17:16:32.0484 2556 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:16:32.0515 2556 PCIIde - ok
17:16:32.0546 2556 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:16:32.0546 2556 Pcmcia - ok
17:16:32.0578 2556 PDCOMP - ok
17:16:32.0609 2556 PDFRAME - ok
17:16:32.0625 2556 PDRELI - ok
17:16:32.0656 2556 PDRFRAME - ok
17:16:32.0718 2556 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:16:32.0750 2556 perc2 - ok
17:16:32.0796 2556 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:16:32.0828 2556 perc2hib - ok
17:16:33.0031 2556 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
17:16:33.0125 2556 PID_PEPI - ok
17:16:33.0312 2556 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:16:33.0312 2556 PptpMiniport - ok
17:16:33.0359 2556 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:16:33.0359 2556 PSched - ok
17:16:33.0437 2556 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:16:33.0437 2556 Ptilink - ok
17:16:33.0500 2556 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:16:33.0546 2556 PxHelp20 - ok
17:16:33.0609 2556 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:16:33.0609 2556 ql1080 - ok
17:16:33.0640 2556 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:16:33.0656 2556 Ql10wnt - ok
17:16:33.0671 2556 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:16:33.0687 2556 ql12160 - ok
17:16:33.0718 2556 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:16:33.0750 2556 ql1240 - ok
17:16:33.0781 2556 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:16:33.0781 2556 ql1280 - ok
17:16:33.0843 2556 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:16:33.0843 2556 RasAcd - ok
17:16:33.0890 2556 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:16:33.0890 2556 Rasl2tp - ok
17:16:34.0031 2556 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:16:34.0031 2556 RasPppoe - ok
17:16:34.0078 2556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:16:34.0078 2556 Raspti - ok
17:16:34.0125 2556 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:16:34.0140 2556 Rdbss - ok
17:16:34.0171 2556 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:16:34.0171 2556 RDPCDD - ok
17:16:34.0218 2556 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:16:34.0234 2556 rdpdr - ok
17:16:34.0328 2556 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:16:34.0343 2556 RDPWD - ok
17:16:34.0375 2556 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:16:34.0375 2556 redbook - ok
17:16:34.0468 2556 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:16:34.0468 2556 s24trans - ok
17:16:34.0609 2556 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:16:34.0609 2556 SASDIFSV - ok
17:16:34.0656 2556 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:16:34.0656 2556 SASKUTIL - ok
17:16:34.0703 2556 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:16:34.0718 2556 sdbus - ok
17:16:34.0765 2556 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
17:16:34.0843 2556 SDDMI2 - ok
17:16:34.0984 2556 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:16:35.0015 2556 Secdrv - ok
17:16:35.0109 2556 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:16:35.0140 2556 serenum - ok
17:16:35.0171 2556 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:16:35.0187 2556 Serial - ok
17:16:35.0234 2556 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
17:16:35.0265 2556 sffdisk - ok
17:16:35.0296 2556 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
17:16:35.0359 2556 sffp_sd - ok
17:16:35.0390 2556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:16:35.0390 2556 Sfloppy - ok
17:16:35.0437 2556 Simbad - ok
17:16:35.0484 2556 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:16:35.0515 2556 sisagp - ok
17:16:35.0593 2556 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:16:35.0593 2556 SLIP - ok
17:16:35.0656 2556 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:16:35.0718 2556 Sparrow - ok
17:16:35.0875 2556 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:16:35.0875 2556 splitter - ok
17:16:35.0953 2556 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:16:35.0968 2556 sr - ok
17:16:36.0046 2556 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:16:36.0062 2556 Srv - ok
17:16:36.0125 2556 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
17:16:36.0125 2556 sscdbhk5 - ok
17:16:36.0187 2556 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:16:36.0187 2556 ssmdrv - ok
17:16:36.0218 2556 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
17:16:36.0218 2556 ssrtln - ok
17:16:36.0281 2556 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
17:16:36.0281 2556 STAC97 - ok
17:16:36.0625 2556 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:16:36.0656 2556 streamip - ok
17:16:36.0734 2556 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:16:36.0734 2556 swenum - ok
17:16:36.0781 2556 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:16:36.0796 2556 swmidi - ok
17:16:36.0859 2556 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:16:36.0906 2556 symc810 - ok
17:16:36.0953 2556 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:16:37.0000 2556 symc8xx - ok
17:16:37.0046 2556 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:16:37.0093 2556 sym_hi - ok
17:16:37.0140 2556 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:16:37.0171 2556 sym_u3 - ok
17:16:37.0265 2556 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:16:37.0265 2556 sysaudio - ok
17:16:37.0375 2556 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:16:37.0390 2556 Tcpip - ok
17:16:37.0437 2556 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:16:37.0468 2556 TDPIPE - ok
17:16:37.0531 2556 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:16:37.0546 2556 TDTCP - ok
17:16:37.0609 2556 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:16:37.0609 2556 TermDD - ok
17:16:37.0687 2556 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
17:16:37.0703 2556 tfsnboio - ok
17:16:37.0734 2556 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
17:16:37.0734 2556 tfsncofs - ok
17:16:37.0765 2556 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
17:16:37.0765 2556 tfsndrct - ok
17:16:37.0796 2556 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
17:16:37.0812 2556 tfsndres - ok
17:16:37.0843 2556 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
17:16:37.0843 2556 tfsnifs - ok
17:16:37.0890 2556 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
17:16:37.0890 2556 tfsnopio - ok
17:16:37.0937 2556 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
17:16:37.0937 2556 tfsnpool - ok
17:16:37.0984 2556 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
17:16:37.0984 2556 tfsnudf - ok
17:16:38.0015 2556 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
17:16:38.0031 2556 tfsnudfa - ok
17:16:38.0109 2556 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:16:38.0156 2556 TosIde - ok
17:16:38.0281 2556 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:16:38.0343 2556 Udfs - ok
17:16:38.0437 2556 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:16:38.0484 2556 ultra - ok
17:16:38.0578 2556 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:16:38.0593 2556 Update - ok
17:16:38.0687 2556 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:16:38.0718 2556 usbaudio - ok
17:16:38.0781 2556 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:16:38.0828 2556 usbccgp - ok
17:16:38.0875 2556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:16:38.0875 2556 usbehci - ok
17:16:38.0921 2556 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:16:38.0921 2556 usbhub - ok
17:16:38.0984 2556 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:16:39.0015 2556 usbprint - ok
17:16:39.0062 2556 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:16:39.0078 2556 usbscan - ok
17:16:39.0140 2556 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:16:39.0218 2556 USBSTOR - ok
17:16:39.0265 2556 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:16:39.0265 2556 usbuhci - ok
17:16:39.0328 2556 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:16:39.0359 2556 usbvideo - ok
17:16:39.0406 2556 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:16:39.0406 2556 VgaSave - ok
17:16:39.0484 2556 vhidmini (448baeea6b3a8284742befea4f49c04f) C:\WINDOWS\system32\DRIVERS\walvhid.sys
17:16:39.0484 2556 vhidmini - ok
17:16:39.0562 2556 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:16:39.0609 2556 viaagp - ok
17:16:39.0656 2556 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:16:39.0671 2556 ViaIde - ok
17:16:39.0734 2556 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:16:39.0765 2556 VolSnap - ok
17:16:39.0890 2556 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
17:16:40.0000 2556 Vsdatant - ok
17:16:40.0281 2556 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
17:16:40.0390 2556 w29n51 - ok
17:16:40.0515 2556 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:16:40.0531 2556 Wanarp - ok
17:16:40.0593 2556 wanatw - ok
17:16:40.0609 2556 WDICA - ok
17:16:40.0656 2556 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:16:40.0656 2556 wdmaud - ok
17:16:40.0734 2556 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:16:40.0765 2556 winachsf - ok
17:16:40.0921 2556 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:16:40.0937 2556 WSTCODEC - ok
17:16:41.0031 2556 MBR (0x1B8) (26a7678d74601d9e9e1d0fdca657d315) \Device\Harddisk0\DR0
17:16:41.0046 2556 \Device\Harddisk0\DR0 - ok
17:16:41.0062 2556 Boot (0x1200) (95f4435555b3dd4b87f74c3274029725) \Device\Harddisk0\DR0\Partition0
17:16:41.0062 2556 \Device\Harddisk0\DR0\Partition0 - ok
17:16:41.0078 2556 ============================================================
17:16:41.0078 2556 Scan finished
17:16:41.0078 2556 ============================================================
17:16:41.0093 3904 Detected object count: 1
17:16:41.0093 3904 Actual detected object count: 1
17:17:01.0250 3904 Backup copy found, using it..
17:17:01.0343 3904 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
17:17:01.0609 3904 C:\WINDOWS\system32\c_05284.nls - will be deleted on reboot
17:17:03.0843 3904 Cdrom ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
17:17:44.0421 2284 Deinitialize success

Avira also continues to catch more viruses, my quarantine is ever growing; 71 files now - holy cow! :-/

Anyways thanks and let me know what you think I should try next!

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 09 December 2011 - 05:04 PM

Hello, you needed a reboot after TDSS ...
We srill have a rootjit and maybe more.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


Run Avira in Safe Mode also,as some of these are running at start up and should start in safe and then can be removed.
Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 09 December 2011 - 10:39 PM

I'm pretty sure the TDSSKiller asked if I wanted to reboot when it was finished and I said yes, before running the ESET scanner. So that should have been done correctly.

I still had the final ESET Scanner screen open when I came back to my laptop just now and noticed that there are quarantine files. Should I delete them? Or just leave them be for now?

Also, with all the files in the Avira quarantine, can those be deleted? Or is there more to it in deciding whether I can delete them or not?

So far, the computer just seems to be running mildly slower, but not awful. Also, I tried to use my printer yesterday, but even though the computer recognized that it was connected and showed it ready and online, when I tried to print it said the computer could not communicate with the printer. Those are the only adverse things I can report at the moment that are apparent in behavior.

I'll follow your next set of instructions and report back as soon as i can, thank you!

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 09 December 2011 - 10:58 PM

Hello, As I do not know what they are I say leave in the quarantine. As they are quarantined they can no longer harm the PC.
Did you run MBAM and SAS?
Some slowness is common after removal,see if that clears in a day.

Edited by boopme, 09 December 2011 - 10:59 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 10 December 2011 - 03:54 AM

Right on.

I ran SAS and MBAM as requested, here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/09/2011 at 07:53 PM

Application Version : 5.0.1136

Core Rules Database Version : 8038
Trace Rules Database Version: 5850

Scan type : Complete Scan
Total Scan Time : 01:53:48

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 291
Memory threats detected : 0
Registry items scanned : 39268
Registry threats detected : 0
File items scanned : 165426
File threats detected : 73

Adware.Tracking Cookie
C:\Documents and Settings\bLiNx\Cookies\ZR2CRNR0.txt [ /eset.122.2o7.net ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\89EP5AX4.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0H7NOZH0.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1238UB4K.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\407MPSDF.txt [ Cookie:system@intfind.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\T632SHT6.txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\111KZOYQ.txt [ Cookie:system@trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HC27IHD3.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SMTORI52.txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\S5PCQ6UC.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7DS3Y1SW.txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\5ZAUXNAB.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NQNUK6IC.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\30BDRG0Q.txt [ Cookie:system@advertise.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\IABLOZH0.txt [ Cookie:system@filter.plusfind.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\24YV13DB.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\46NODGHB.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\COLC1BZO.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NUH7U9SD.txt [ Cookie:system@trafficno.com/ ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.eset.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.harborfreight.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
.atrack.allposters.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\BLINX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6P2BMZ1S.DEFAULT\COOKIES.SQLITE ]

Trace.Known Threat Sources
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\05RO6CG5\indexsg[1].htm [ cache:registrydefender.com ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\97KQRIKB\l.s.bg1z[1].gif [ cache:registrydefender.com ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\QVCPAQRN\l.s.bg2z[1].gif [ cache:registrydefender.com ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Local Settings\Temporary Internet Files\Content.IE5\05RO6CG5\Setup_Registry_Defender[1].exe [ cache:registrydefender.com ]

And MBM Log is:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/9/2011 8:40:47 PM
mbam-log-2011-12-09 (20-40-47).txt

Scan type: Quick scan
Objects scanned: 185097
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also ran Avira as suggested in safe mode, but nothing was detected on that scan. FYI My computer is able to communicate with the scanner/printer again!

Check out the logs and let me know what you think! Thanks!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 10 December 2011 - 10:14 PM

Looks much better,, rerun MINI from post 4. I only need you to check this box now
•List Winsock Entries
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 10 December 2011 - 11:33 PM

Way cool, glad to hear it. :-) Here's the log from Mini Toolbox:

MiniToolBox by Farbar
Ran by bLiNx (administrator) on 10-12-2011 at 18:27:56
Microsoft Windows XP Home Edition Service Pack 3 (X86)

***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()

**** End of log ****

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 11 December 2011 - 12:09 AM

Looks good,, I would go to Control Panel >> Add/Remove and uninstall the 9 Toolbars there.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 11 December 2011 - 05:14 PM

Thanks so much for all of your help! Things seem to be on the up and up now. I definitely appreciate it and hopefully I won't have to come back soon, lol

Have a good one! :thumbsup:

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:55 AM

Posted 11 December 2011 - 05:38 PM

You're welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Blue Gecko

Blue Gecko
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 11 December 2011 - 10:11 PM

Hey again,

I guess I spoke to soon. I noticed something new today in my browser history... It's listing some websites that are apparently loading invisibly in the background? My page doesn't necessary redirect, but the history is there to say it was visited at some point.

http://sp.ask.com/toolbar/config/widgets/radiotime/player.html?btnid=asktb-webframe-radio-player&count=&master=true&cbid=F3&dtid=YYYYYYYYUS&guid=&locale=en_US&lstation=&displaybehavior=&displaytext=&volume=

and

http://storage.conduit.com/38/264/CT2645238/BrowserFiles/e09b00f8-b54c-4e17-959c-bcff66e84f4a.html

Hmmm... any thoughts?

Hey again,

I guess I spoke to soon. I noticed something new today in my browser history... It's listing some websites that are apparently loading invisibly in the background? My page doesn't necessary redirect, but the history is there to say it was visited at some point.

http://sp.ask.com/toolbar/config/widgets/radiotime/player.html?btnid=asktb-webframe-radio-player&count=&master=true&cbid=F3&dtid=YYYYYYYYUS&guid=&locale=en_US&lstation=&displaybehavior=&displaytext=&volume=

and

http://storage.conduit.com/38/264/CT2645238/BrowserFiles/e09b00f8-b54c-4e17-959c-bcff66e84f4a.html

Hmmm... any thoughts?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users