Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google "302 Moved" Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 sbflyfan

sbflyfan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 12 December 2011 - 08:23 PM

Hi, I'm getting a "302 Moved" page when I search Google. Also, my laptop freezes when resuming Windows after it's been hibernating.

Logs and files are included/attached.

Thank you for your help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by JoeM at 19:00:02 on 2011-12-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1330 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=15784&l=dis
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
uRun: [uTorrent] "c:\documents and settings\joem\desktop\utorrent.exe"
uRun: [feedreader.exe] "c:\program files\feedreader30\feedreader.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Akamai NetSession Interface] c:\documents and settings\joem\local settings\application data\akamai\netsession_win.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
StartupFolder: c:\docume~1\joem\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\joem\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.154.1.9 24.154.1.6
TCP: Interfaces\{C22A3DCA-52A0-42C7-809E-75C729767D79} : DhcpNameServer = 24.154.1.9 24.154.1.6
TCP: Interfaces\{F41FAEFE-4561-439A-A64E-B4F26DC45DC5} : NameServer = 64.65.208.6,64.65.196.6
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\joem\application data\mozilla\firefox\profiles\n33o3g90.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: c:\documents and settings\joem\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-2 64512]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-11-4 14336]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-11-4 131072]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-31 68928]
S2 26B;26B;c:\windows\system32\svchost.exe -k netsvcs [2005-11-4 14336]
S2 272;272;c:\windows\system32\svchost.exe -k netsvcs [2005-11-4 14336]
S2 276;276;c:\windows\system32\svchost.exe -k netsvcs [2005-11-4 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-2 162288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-2 162288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-11-4 245760]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2010-3-30 163328]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-12 22:48:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-12 22:48:28 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-10 21:19:40 26112 ----a-w- c:\windows\alg.exe
2011-12-10 15:19:47 -------- d-----w- c:\documents and settings\joem\application data\Malwarebytes
2011-12-10 15:19:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-10 15:19:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 15:19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 01:22:32 -------- d-----w- c:\documents and settings\joem\application data\Digiarty
2011-11-30 01:22:20 -------- d-----w- c:\program files\Digiarty
2011-11-30 00:51:08 -------- d-----w- c:\program files\Sony Setup
2011-11-27 01:31:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-27 01:31:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-20 22:19:04 -------- d-----w- c:\documents and settings\joem\local settings\application data\SecondLife
2011-11-20 22:17:48 -------- d-----w- c:\program files\SecondLifeViewer2
2011-11-19 22:49:01 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2011-11-19 22:47:46 69632 ----a-w- c:\windows\Alcmtr.exe
2011-11-19 22:47:12 -------- d-----w- C:\Audio.temp
2011-11-19 21:33:24 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
==================== Find3M ====================
.
2011-12-04 23:43:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2006-05-03 16:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9SA00 rev.MBZOC60D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xB9D18230]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A797AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A4CF480]
\Driver\00003966[0x8A494590] -> IRP_MJ_CREATE -> 0xB9D18230
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A22A2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:01:25.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 15 December 2011 - 01:05 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sbflyfan

sbflyfan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 15 December 2011 - 11:22 PM

Well, I ran ComboFix, and while it was running it installed Recovery Console, and did mention that it was fixing an infection.

However, I noticed it "deleted" a bunch of folders, like my Windows folder, etc.

Now when I log into Windows, it takes a very long time. I can see my desktop background, files, etc. But my Windows theme is set to Classic, and I cannot see the start menu, or access it using the Windows key. My drivers seem to be gone as well, because I cannot access the internet or hear sound.

I'm posting from a separate computer.

I tried logging into Safe Mode, but it tells me "System Restore" is unable to run on my computer.

What happened? I did exactly as your instructions told me to do.

Here is the log.

ComboFix 11-12-15.02 - JoeM 12/15/2011 22:09:21.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1660 [GMT -5:00]
Running from: c:\documents and settings\JoeM\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\JoeM\LOCALS~1\Temp\26B.tmp
c:\docume~1\JoeM\LOCALS~1\Temp\272.tmp
c:\docume~1\JoeM\LOCALS~1\Temp\276.tmp
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Joe's Guest.JOE\WINDOWS
c:\documents and settings\JoeM\Application Data\vso_ts_preview.xml
c:\documents and settings\JoeM\Local Settings\temp\26B.tmp
c:\documents and settings\JoeM\Local Settings\temp\272.tmp
c:\documents and settings\JoeM\Local Settings\temp\276.tmp
c:\documents and settings\JoeM\WINDOWS
c:\windows\$NtUninstallKB8671$
c:\windows\$NtUninstallKB8671$\3362683333
c:\windows\$NtUninstallKB8671$\3698721366\@
c:\windows\$NtUninstallKB8671$\3698721366\L\akpnrerf
c:\windows\$NtUninstallKB8671$\3698721366\loader.tlb
c:\windows\$NtUninstallKB8671$\3698721366\U\@00000001
c:\windows\$NtUninstallKB8671$\3698721366\U\@000000c0
c:\windows\$NtUninstallKB8671$\3698721366\U\@000000cb
c:\windows\$NtUninstallKB8671$\3698721366\U\@000000cf
c:\windows\$NtUninstallKB8671$\3698721366\U\@80000000
c:\windows\$NtUninstallKB8671$\3698721366\U\@800000c0
c:\windows\$NtUninstallKB8671$\3698721366\U\@800000cb
c:\windows\$NtUninstallKB8671$\3698721366\U\@800000cf
c:\windows\alg.exe
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\
c:\windows\system32\_000125_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\drivers\Cdudf_xp.sys
c:\windows\system32\usp10(2).dll
c:\windows\TEMP\3.tmp
.
c:\windows\system32\drivers\cdudf_xp.sys . . . is infected!! . . . Failed to find a valid replacement.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241614.exe
.
Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241616.exe
.
Infected copy of c:\windows\system32\DVDRAMSV.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241617.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241611.exe
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP531\A0252784.exe
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241624.exe
.
Infected copy of c:\program files\mcafee.com\agent\mcdetect.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241619.exe
.
Infected copy of c:\windows\system32\NLSSRV32.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0242271.EXE
.
Infected copy of c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP536\A0257370.EXE
.
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0242269.exe
.
Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241614.exe
Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241616.exe
Infected copy of c:\windows\system32\DVDRAMSV.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241617.exe
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241611.exe
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241624.exe
Infected copy of c:\program files\mcafee.com\agent\mcdetect.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0241619.exe
Infected copy of c:\windows\system32\NLSSRV32.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0242271.EXE
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{BC554F74-5213-4B02-B93C-494AF5486CCD}\RP519\A0242269.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_cdudf_xp
-------\Service_cdudf_xp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 03:38 . 2003-07-28 16:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2011-12-14 08:01 . 2011-12-14 08:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-12-12 22:48 . 2011-12-12 22:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-12 22:48 . 2011-12-12 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-10 15:19 . 2011-12-10 15:19 -------- d-----w- c:\documents and settings\JoeM\Application Data\Malwarebytes
2011-12-10 15:19 . 2011-12-10 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-10 15:19 . 2011-12-10 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 15:19 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 01:22 . 2011-11-30 01:22 -------- d-----w- c:\documents and settings\JoeM\Application Data\Digiarty
2011-11-30 01:22 . 2011-11-30 01:22 -------- d-----w- c:\program files\Digiarty
2011-11-30 00:51 . 2011-11-30 00:51 -------- d-----w- c:\program files\Sony Setup
2011-11-27 01:31 . 2011-11-27 01:31 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-20 22:19 . 2011-11-20 22:20 -------- d-----w- c:\documents and settings\JoeM\Application Data\SecondLife
2011-11-20 22:19 . 2011-11-20 22:40 -------- d-----w- c:\documents and settings\JoeM\Local Settings\Application Data\SecondLife
2011-11-20 22:17 . 2011-11-20 22:21 -------- d-----w- c:\program files\SecondLifeViewer2
2011-11-19 22:49 . 2005-10-31 23:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2011-11-19 22:47 . 2005-05-03 23:43 69632 ----a-w- c:\windows\Alcmtr.exe
2011-11-19 22:47 . 2011-11-19 22:52 -------- d-----w- C:\Audio.temp
2011-11-19 21:33 . 2011-09-03 01:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-16 21:35 . 2011-11-16 21:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 23:43 . 2011-06-14 22:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2005-11-05 01:17 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 13:02 . 2011-01-31 17:01 89920 ----a-w- c:\windows\system32\NLSSRV32.EXE
2011-11-19 04:52 . 2005-11-05 03:40 114688 ----a-w- c:\windows\system32\DVDRAMSV.exe
2011-11-04 19:20 . 2005-11-05 01:17 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2005-11-05 01:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2005-11-05 01:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2005-11-05 01:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2005-11-05 01:16 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2005-11-05 01:16 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2005-11-05 01:16 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2005-11-05 01:16 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-11-05 02:39 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2005-11-05 01:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2005-11-05 01:16 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2005-11-05 01:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-11 05:17 . 2011-07-28 22:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
c:\windows\System32\svchost.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JoeM\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JoeM\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JoeM\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JoeM\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"uTorrent"="c:\documents and settings\JoeM\Desktop\utorrent.exe" [2009-12-31 289584]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2009-03-29 2058240]
"Akamai NetSession Interface"="c:\documents and settings\JoeM\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-07 3305248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-24 352256]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-15 761947]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 385024]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-10-21 868352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 06:46 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\26B]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\272]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\276]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\JoeM\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\JDownloader\\JDownloaderD3D.exe"=
"c:\\Program Files\\JDownloader\\JDUpdate.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\JoeM\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\JoeM\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\JoeM\\Application Data\\WindSolutions\\CopyTransControlCenter\\Applications\\CopyTransControlCenter.exe"=
"c:\\Documents and Settings\\JoeM\\Application Data\\WindSolutions\\CopyTransControlCenter\\Applications\\CopyTransManager.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcupdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee.com\\Shared\\mcinfo.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Yahoo!\\YUpdater\\yupdater.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe"=
"c:\\Program Files\\FeedReader30\\feedreader.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\eRightSoft\\SUPER\\SUPER.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SecondLife.exe"=
"c:\\Program Files\\SecondLifeViewer2\\slplugin.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS5\\Photoshop.exe"=
"c:\\Program Files\\Windows Media Player\\setup_wm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 10.0\\vegas100.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"=
"c:\\Program Files\\Common Files\\ArcSoft\\Connection Service\\Bin\\ArcCon.ac"=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Documents and Settings\\JoeM\\Application Data\\WindSolutions\\CopyTransControlCenter\\Applications\\CopyTrans_Suite_v2.320_EN.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/2/2011 8:39 PM 64512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/10/2010 3:43 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai --> c:\windows\System32\svchost.exe [?]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [1/31/2011 12:01 PM 68928]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/23/2010 9:01 PM 47360]
S2 26B;26B;c:\windows\system32\svchost.exe -k netsvcs --> c:\windows\system32\svchost.exe [?]
S2 272;272;c:\windows\system32\svchost.exe -k netsvcs --> c:\windows\system32\svchost.exe [?]
S2 276;276;c:\windows\system32\svchost.exe -k netsvcs --> c:\windows\system32\svchost.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2011 6:22 PM 162288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2011 6:22 PM 162288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [3/30/2010 5:13 PM 163328]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
26B
272
276
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 13:13]
.
2011-12-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-JOE-Joe's Guest.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 20:04]
.
2011-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15784&l=dis
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.154.1.9 24.154.1.6
TCP: Interfaces\{F41FAEFE-4561-439A-A64E-B4F26DC45DC5}: NameServer = 64.65.208.6,64.65.196.6
FF - ProfilePath - c:\documents and settings\JoeM\Application Data\Mozilla\Firefox\Profiles\n33o3g90.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-15 22:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\1443002076:596245929.exe 816 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9SA00 rev.MBZOC60D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A32D2C6
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\26B]
"servicedll"="\\.\globalroot\Device\HarddiskVolume1\DOCUME~1\JoeM\LOCALS~1\temp\26B.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\272]
"servicedll"="\\.\globalroot\Device\HarddiskVolume1\DOCUME~1\JoeM\LOCALS~1\temp\272.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\276]
"servicedll"="\\.\globalroot\Device\HarddiskVolume1\DOCUME~1\JoeM\LOCALS~1\temp\276.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'explorer.exe'(2032)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\temp\AppleMobileDeviceService.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Olympus\DeviceDetector\DevDtct2.exe
c:\windows\system32\RAMASST.exe
c:\documents and settings\JoeM\Application Data\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2011-12-15 23:01:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 04:01
ComboFix2.txt 2011-02-26 19:58
.
Pre-Run: 13,059,575,808 bytes free
Post-Run: 13,575,454,720 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 639B8069BB518DCF9A3795882DD47F47

Edited by sbflyfan, 15 December 2011 - 11:31 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 16 December 2011 - 12:45 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sbflyfan

sbflyfan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2011 - 01:43 PM

Ok, here is the log.

**Please note: When I log into Windows, it takes a very long time. I can see my desktop background, files, etc. But my Windows theme is set to Classic, and I cannot see the taskbar, or access the Start menu using the Windows key. My drivers seem to be gone as well, because I cannot access the internet or hear sound.***

Will I be able to restore the functionality of my operating system?




13:36:00.0326 1588 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:36:00.0356 1588 ============================================================
13:36:00.0356 1588 Current date / time: 2011/12/16 13:36:00.0356
13:36:00.0356 1588 SystemInfo:
13:36:00.0356 1588
13:36:00.0356 1588 OS Version: 5.1.2600 ServicePack: 3.0
13:36:00.0356 1588 Product type: Workstation
13:36:00.0356 1588 ComputerName: JOE
13:36:00.0356 1588 UserName: JoeM
13:36:00.0356 1588 Windows directory: C:\WINDOWS
13:36:00.0356 1588 System windows directory: C:\WINDOWS
13:36:00.0356 1588 Processor architecture: Intel x86
13:36:00.0356 1588 Number of processors: 1
13:36:00.0356 1588 Page size: 0x1000
13:36:00.0356 1588 Boot type: Normal boot
13:36:00.0356 1588 ============================================================
13:36:02.0198 1588 Initialize success
13:36:18.0211 1808 ============================================================
13:36:18.0211 1808 Scan started
13:36:18.0211 1808 Mode: Manual;
13:36:18.0211 1808 ============================================================
13:36:18.0442 1808 Abiosdsk - ok
13:36:18.0472 1808 abp480n5 - ok
13:36:18.0522 1808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:36:18.0532 1808 ACPI - ok
13:36:18.0552 1808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:36:18.0552 1808 ACPIEC - ok
13:36:18.0562 1808 adpu160m - ok
13:36:18.0602 1808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:36:18.0602 1808 aec - ok
13:36:18.0652 1808 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:36:18.0652 1808 AegisP - ok
13:36:18.0712 1808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:36:18.0712 1808 AFD - ok
13:36:18.0822 1808 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:36:18.0842 1808 AgereSoftModem - ok
13:36:18.0952 1808 Aha154x - ok
13:36:18.0972 1808 aic78u2 - ok
13:36:18.0992 1808 aic78xx - ok
13:36:19.0022 1808 AliIde - ok
13:36:19.0042 1808 amsint - ok
13:36:19.0093 1808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:36:19.0103 1808 Arp1394 - ok
13:36:19.0143 1808 asc - ok
13:36:19.0153 1808 asc3350p - ok
13:36:19.0173 1808 asc3550 - ok
13:36:19.0213 1808 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
13:36:19.0213 1808 ASCTRM - ok
13:36:19.0263 1808 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
13:36:19.0273 1808 Aspi32 - ok
13:36:19.0313 1808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:36:19.0313 1808 AsyncMac - ok
13:36:19.0353 1808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:36:19.0353 1808 atapi - ok
13:36:19.0363 1808 Atdisk - ok
13:36:19.0403 1808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:36:19.0403 1808 Atmarpc - ok
13:36:19.0453 1808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:36:19.0453 1808 audstub - ok
13:36:19.0593 1808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:36:19.0593 1808 Beep - ok
13:36:19.0623 1808 catchme - ok
13:36:19.0663 1808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:36:19.0663 1808 cbidf2k - ok
13:36:19.0713 1808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:36:19.0723 1808 CCDECODE - ok
13:36:19.0743 1808 cd20xrnt - ok
13:36:19.0763 1808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:36:19.0763 1808 Cdaudio - ok
13:36:19.0784 1808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:36:19.0784 1808 Cdfs - ok
13:36:19.0834 1808 Cdr4_xp (c3e76b0c05ebf7261abfb08d9e75822e) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:36:19.0834 1808 Cdr4_xp - ok
13:36:19.0924 1808 Cdralw2k (17590dfe29e02842a6e3a463e443d1b9) C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:36:19.0924 1808 Cdralw2k - ok
13:36:19.0944 1808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:36:19.0944 1808 Cdrom - ok
13:36:19.0964 1808 Changer - ok
13:36:20.0004 1808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:36:20.0004 1808 CmBatt - ok
13:36:20.0024 1808 CmdIde - ok
13:36:20.0044 1808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:36:20.0044 1808 Compbatt - ok
13:36:20.0074 1808 Cpqarray - ok
13:36:20.0094 1808 dac2w2k - ok
13:36:20.0114 1808 dac960nt - ok
13:36:20.0134 1808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:36:20.0134 1808 Disk - ok
13:36:20.0174 1808 DLABOIOM (efae981c8ba3dad4103a76bcb5955b07) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:36:20.0174 1808 DLABOIOM - ok
13:36:20.0194 1808 DLACDBHM (8d45ac148fd8c1a25204aeca1397fa7e) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:36:20.0194 1808 DLACDBHM - ok
13:36:20.0254 1808 DLADResN (3e34a0991efdaf8cfa97441c3a51fc81) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:36:20.0254 1808 DLADResN - ok
13:36:20.0274 1808 DLAIFS_M (2aef49904bde7398d0f09b6a603738ef) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:36:20.0274 1808 DLAIFS_M - ok
13:36:20.0294 1808 DLAOPIOM (46fa268a829384256179f4ccb6eb308f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:36:20.0294 1808 DLAOPIOM - ok
13:36:20.0314 1808 DLAPoolM (26e89839af248625a4e7c4cf5873375d) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:36:20.0314 1808 DLAPoolM - ok
13:36:20.0334 1808 DLARTL_N (94accf8f7b87fbeaa27266927319e6ba) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:36:20.0334 1808 DLARTL_N - ok
13:36:20.0364 1808 DLAUDFAM (5e914bd7f68dde3fb4bffe005162c1e6) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:36:20.0364 1808 DLAUDFAM - ok
13:36:20.0464 1808 DLAUDF_M (8c3cfb22a7fb3be67e0c321fa10b8b50) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:36:20.0464 1808 DLAUDF_M - ok
13:36:20.0585 1808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:36:20.0595 1808 dmboot - ok
13:36:20.0665 1808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:36:20.0665 1808 dmio - ok
13:36:20.0695 1808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:36:20.0695 1808 dmload - ok
13:36:20.0735 1808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:36:20.0735 1808 DMusic - ok
13:36:20.0765 1808 dpti2o - ok
13:36:20.0815 1808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:36:20.0815 1808 drmkaud - ok
13:36:20.0885 1808 DRVMCDB (ab6c5c26fff9b3c456aeaf7e0093c2fe) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:36:20.0885 1808 DRVMCDB - ok
13:36:20.0975 1808 DRVNDDM (4a307ade1638d9358b6eb90076481cc6) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:36:20.0985 1808 DRVNDDM - ok
13:36:21.0035 1808 dvd_2K (89914a1a19beb6145ff574eafd52764f) C:\WINDOWS\system32\drivers\dvd_2K.sys
13:36:21.0035 1808 dvd_2K - ok
13:36:21.0075 1808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:36:21.0075 1808 Fastfat - ok
13:36:21.0125 1808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:36:21.0125 1808 Fdc - ok
13:36:21.0196 1808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:36:21.0196 1808 Fips - ok
13:36:21.0236 1808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:36:21.0246 1808 Flpydisk - ok
13:36:21.0296 1808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:36:21.0306 1808 FltMgr - ok
13:36:21.0326 1808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:36:21.0326 1808 Fs_Rec - ok
13:36:21.0346 1808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:36:21.0346 1808 Ftdisk - ok
13:36:21.0406 1808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:36:21.0406 1808 GEARAspiWDM - ok
13:36:21.0436 1808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:36:21.0436 1808 Gpc - ok
13:36:21.0546 1808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:36:21.0546 1808 HDAudBus - ok
13:36:21.0596 1808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:36:21.0596 1808 HidUsb - ok
13:36:21.0646 1808 hpn - ok
13:36:21.0706 1808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:36:21.0716 1808 HTTP - ok
13:36:21.0756 1808 i2omgmt - ok
13:36:21.0786 1808 i2omp - ok
13:36:21.0816 1808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:36:21.0816 1808 i8042prt - ok
13:36:22.0077 1808 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:36:22.0177 1808 ialm - ok
13:36:22.0367 1808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:36:22.0367 1808 Imapi - ok
13:36:22.0397 1808 ini910u - ok
13:36:22.0598 1808 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:36:22.0628 1808 IntcAzAudAddService - ok
13:36:22.0798 1808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:36:22.0798 1808 IntelIde - ok
13:36:22.0848 1808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:36:22.0848 1808 intelppm - ok
13:36:22.0978 1808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:36:22.0978 1808 Ip6Fw - ok
13:36:23.0018 1808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:36:23.0018 1808 IpFilterDriver - ok
13:36:23.0058 1808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:36:23.0058 1808 IpInIp - ok
13:36:23.0098 1808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:36:23.0108 1808 IpNat - ok
13:36:23.0138 1808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:36:23.0138 1808 IPSec - ok
13:36:23.0259 1808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:36:23.0259 1808 IRENUM - ok
13:36:23.0279 1808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:36:23.0279 1808 isapnp - ok
13:36:23.0339 1808 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
13:36:23.0339 1808 Iviaspi - ok
13:36:23.0409 1808 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
13:36:23.0409 1808 IWCA - ok
13:36:23.0469 1808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:36:23.0469 1808 Kbdclass - ok
13:36:23.0529 1808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:36:23.0539 1808 kmixer - ok
13:36:23.0569 1808 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
13:36:23.0569 1808 KR10N - ok
13:36:23.0609 1808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:36:23.0609 1808 KSecDD - ok
13:36:23.0719 1808 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:36:23.0719 1808 Lavasoft Kernexplorer - ok
13:36:23.0849 1808 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:36:23.0849 1808 Lbd - ok
13:36:23.0869 1808 lbrtfdc - ok
13:36:23.0929 1808 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\WINDOWS\system32\drivers\lvusbsta.sys
13:36:23.0929 1808 LVUSBSta - ok
13:36:23.0980 1808 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
13:36:23.0980 1808 meiudf - ok
13:36:24.0070 1808 mmc_2K (b3edb63f33a8eadf2636a86b5c744967) C:\WINDOWS\system32\drivers\mmc_2K.sys
13:36:24.0070 1808 mmc_2K - ok
13:36:24.0120 1808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:36:24.0120 1808 mnmdd - ok
13:36:24.0170 1808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:36:24.0170 1808 Modem - ok
13:36:24.0200 1808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:36:24.0200 1808 Mouclass - ok
13:36:24.0220 1808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:36:24.0220 1808 mouhid - ok
13:36:24.0270 1808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:36:24.0270 1808 MountMgr - ok
13:36:24.0290 1808 mraid35x - ok
13:36:24.0340 1808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:36:24.0340 1808 MRxDAV - ok
13:36:24.0500 1808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:36:24.0510 1808 MRxSmb - ok
13:36:24.0600 1808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:36:24.0600 1808 Msfs - ok
13:36:24.0651 1808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:36:24.0651 1808 MSKSSRV - ok
13:36:24.0671 1808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:36:24.0681 1808 MSPCLOCK - ok
13:36:24.0701 1808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:36:24.0701 1808 MSPQM - ok
13:36:24.0761 1808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:36:24.0761 1808 mssmbios - ok
13:36:24.0801 1808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:36:24.0801 1808 MSTEE - ok
13:36:24.0921 1808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:36:24.0921 1808 Mup - ok
13:36:24.0961 1808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:36:24.0961 1808 NABTSFEC - ok
13:36:25.0031 1808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:36:25.0031 1808 NDIS - ok
13:36:25.0121 1808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:36:25.0131 1808 NdisIP - ok
13:36:25.0171 1808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:36:25.0171 1808 NdisTapi - ok
13:36:25.0201 1808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:36:25.0201 1808 Ndisuio - ok
13:36:25.0221 1808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:36:25.0221 1808 NdisWan - ok
13:36:25.0271 1808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:36:25.0281 1808 NDProxy - ok
13:36:25.0301 1808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:36:25.0311 1808 NetBIOS - ok
13:36:25.0342 1808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:36:25.0352 1808 NetBT - ok
13:36:25.0422 1808 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
13:36:25.0432 1808 Netdevio - ok
13:36:25.0472 1808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:36:25.0472 1808 NIC1394 - ok
13:36:25.0502 1808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:36:25.0502 1808 Npfs - ok
13:36:25.0562 1808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:36:25.0572 1808 Ntfs - ok
13:36:25.0662 1808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:36:25.0662 1808 Null - ok
13:36:25.0702 1808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:36:25.0702 1808 NwlnkFlt - ok
13:36:25.0732 1808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:36:25.0732 1808 NwlnkFwd - ok
13:36:25.0772 1808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:36:25.0772 1808 ohci1394 - ok
13:36:25.0812 1808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:36:25.0812 1808 Parport - ok
13:36:25.0832 1808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:36:25.0842 1808 PartMgr - ok
13:36:25.0882 1808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:36:25.0882 1808 ParVdm - ok
13:36:25.0952 1808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:36:25.0962 1808 PCI - ok
13:36:25.0982 1808 PCIDump - ok
13:36:25.0992 1808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:36:26.0002 1808 PCIIde - ok
13:36:26.0022 1808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:36:26.0022 1808 Pcmcia - ok
13:36:26.0093 1808 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:36:26.0093 1808 pcouffin - ok
13:36:26.0113 1808 PDCOMP - ok
13:36:26.0133 1808 PDFRAME - ok
13:36:26.0153 1808 PDRELI - ok
13:36:26.0163 1808 PDRFRAME - ok
13:36:26.0183 1808 perc2 - ok
13:36:26.0203 1808 perc2hib - ok
13:36:26.0263 1808 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
13:36:26.0263 1808 Pfc - ok
13:36:26.0323 1808 PID_0920 (973619e4097b9572c0e8faa6c5354a1a) C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
13:36:26.0323 1808 PID_0920 - ok
13:36:26.0433 1808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:36:26.0433 1808 PptpMiniport - ok
13:36:26.0453 1808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:36:26.0453 1808 PSched - ok
13:36:26.0483 1808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:36:26.0483 1808 Ptilink - ok
13:36:26.0543 1808 pwd_2k (ed3cea80b2cd7506f3509457661cbdcd) C:\WINDOWS\system32\drivers\pwd_2k.sys
13:36:26.0543 1808 pwd_2k - ok
13:36:26.0603 1808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:36:26.0603 1808 PxHelp20 - ok
13:36:26.0723 1808 ql1080 - ok
13:36:26.0734 1808 Ql10wnt - ok
13:36:26.0754 1808 ql12160 - ok
13:36:26.0774 1808 ql1240 - ok
13:36:26.0794 1808 ql1280 - ok
13:36:26.0834 1808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:36:26.0834 1808 RasAcd - ok
13:36:26.0874 1808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:36:26.0874 1808 Rasl2tp - ok
13:36:26.0904 1808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:36:26.0904 1808 RasPppoe - ok
13:36:26.0924 1808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:36:26.0924 1808 Raspti - ok
13:36:26.0964 1808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:36:26.0964 1808 Rdbss - ok
13:36:26.0994 1808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:36:26.0994 1808 RDPCDD - ok
13:36:27.0064 1808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:36:27.0064 1808 RDPWD - ok
13:36:27.0174 1808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:36:27.0174 1808 redbook - ok
13:36:27.0254 1808 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
13:36:27.0254 1808 s24trans - ok
13:36:27.0324 1808 SCDEmu (9feb2026a460916d1a1198b460632630) C:\WINDOWS\system32\drivers\SCDEmu.sys
13:36:27.0324 1808 SCDEmu - ok
13:36:27.0455 1808 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:36:27.0465 1808 sdbus - ok
13:36:27.0505 1808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:36:27.0505 1808 Secdrv - ok
13:36:27.0545 1808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:36:27.0545 1808 Serial - ok
13:36:27.0615 1808 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:36:27.0615 1808 sffdisk - ok
13:36:27.0635 1808 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:36:27.0635 1808 sffp_sd - ok
13:36:27.0765 1808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:36:27.0775 1808 Sfloppy - ok
13:36:27.0795 1808 Simbad - ok
13:36:27.0825 1808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:36:27.0825 1808 SLIP - ok
13:36:27.0855 1808 Sparrow - ok
13:36:27.0895 1808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:36:27.0895 1808 splitter - ok
13:36:28.0025 1808 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
13:36:28.0025 1808 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:36:28.0025 1808 sptd ( LockedFile.Multi.Generic ) - warning
13:36:28.0025 1808 sptd - detected LockedFile.Multi.Generic (1)
13:36:28.0095 1808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:36:28.0105 1808 sr - ok
13:36:28.0156 1808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:36:28.0166 1808 Srv - ok
13:36:28.0206 1808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:36:28.0206 1808 streamip - ok
13:36:28.0236 1808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:36:28.0236 1808 swenum - ok
13:36:28.0276 1808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:36:28.0276 1808 swmidi - ok
13:36:28.0306 1808 symc810 - ok
13:36:28.0326 1808 symc8xx - ok
13:36:28.0336 1808 sym_hi - ok
13:36:28.0356 1808 sym_u3 - ok
13:36:28.0416 1808 SynTP (919ae4fc78bf666083105b6e2b6f4a1a) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:36:28.0426 1808 SynTP - ok
13:36:28.0456 1808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:36:28.0456 1808 sysaudio - ok
13:36:28.0566 1808 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
13:36:28.0566 1808 tbiosdrv - ok
13:36:28.0626 1808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:36:28.0636 1808 Tcpip - ok
13:36:28.0746 1808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:36:28.0746 1808 TDPIPE - ok
13:36:28.0786 1808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:36:28.0786 1808 TDTCP - ok
13:36:28.0827 1808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:36:28.0827 1808 TermDD - ok
13:36:28.0877 1808 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
13:36:28.0877 1808 tifm21 - ok
13:36:28.0917 1808 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
13:36:28.0917 1808 toshidpt - ok
13:36:28.0937 1808 TosIde - ok
13:36:28.0977 1808 tosporte (0f89321a4bc43cd2641153b262c9338c) C:\WINDOWS\system32\DRIVERS\tosporte.sys
13:36:28.0987 1808 tosporte - ok
13:36:29.0007 1808 Tosrfbd (9584b102a0a0528090916c7e88b39f21) C:\WINDOWS\system32\Drivers\tosrfbd.sys
13:36:29.0007 1808 Tosrfbd - ok
13:36:29.0027 1808 Tosrfbnp (ce63e991e7f638a16c6aaecf59648c71) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
13:36:29.0027 1808 Tosrfbnp - ok
13:36:29.0047 1808 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
13:36:29.0047 1808 Tosrfcom - ok
13:36:29.0067 1808 tosrfec (cc42fdbe9760ca1639e23158ab995f98) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
13:36:29.0077 1808 tosrfec - ok
13:36:29.0177 1808 Tosrfhid (ad5766254a25de9f4d6d311153e4d447) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
13:36:29.0177 1808 Tosrfhid - ok
13:36:29.0197 1808 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
13:36:29.0197 1808 tosrfnds - ok
13:36:29.0227 1808 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
13:36:29.0227 1808 TosRfSnd - ok
13:36:29.0237 1808 Tosrfusb (d537b63c0c70629ace62192cd2ae6429) C:\WINDOWS\system32\Drivers\tosrfusb.sys
13:36:29.0237 1808 Tosrfusb - ok
13:36:29.0277 1808 TVALD (c51bfed6c2d9d6512e346f25d92ad8d9) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
13:36:29.0277 1808 TVALD - ok
13:36:29.0307 1808 Tvs (12c836c7fe526d7b3239af82e4083be2) C:\WINDOWS\system32\DRIVERS\Tvs.sys
13:36:29.0307 1808 Tvs - ok
13:36:29.0367 1808 UdfReadr_xp (a698c64feb06884e2bb836068b949900) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
13:36:29.0367 1808 UdfReadr_xp - ok
13:36:29.0437 1808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:36:29.0447 1808 Udfs - ok
13:36:29.0457 1808 ultra - ok
13:36:29.0528 1808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:36:29.0528 1808 Update - ok
13:36:29.0628 1808 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:36:29.0628 1808 USBAAPL - ok
13:36:29.0678 1808 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:36:29.0688 1808 usbaudio - ok
13:36:29.0718 1808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:36:29.0738 1808 usbccgp - ok
13:36:29.0778 1808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:36:29.0778 1808 usbehci - ok
13:36:29.0798 1808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:36:29.0808 1808 usbhub - ok
13:36:29.0848 1808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:36:29.0848 1808 USBSTOR - ok
13:36:29.0868 1808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:36:29.0868 1808 usbuhci - ok
13:36:29.0908 1808 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:36:29.0908 1808 usbvideo - ok
13:36:29.0988 1808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:36:29.0998 1808 VgaSave - ok
13:36:30.0008 1808 ViaIde - ok
13:36:30.0068 1808 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
13:36:30.0068 1808 VNUSB - ok
13:36:30.0168 1808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:36:30.0168 1808 VolSnap - ok
13:36:30.0339 1808 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
13:36:30.0449 1808 w29n51 - ok
13:36:30.0599 1808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:30.0599 1808 Wanarp - ok
13:36:30.0669 1808 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:36:30.0669 1808 wanatw - ok
13:36:30.0689 1808 WDICA - ok
13:36:30.0729 1808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:36:30.0729 1808 wdmaud - ok
13:36:30.0809 1808 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:36:30.0819 1808 WSTCODEC - ok
13:36:30.0910 1808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:36:30.0910 1808 WudfPf - ok
13:36:30.0950 1808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:36:30.0950 1808 WudfRd - ok
13:36:31.0010 1808 yukonwxp (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:36:31.0020 1808 yukonwxp - ok
13:36:31.0040 1808 MBR (0x1B8) (97b4ed14b2045edaea29463a79412b77) \Device\Harddisk0\DR0
13:36:31.0040 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:36:31.0040 1808 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:36:31.0050 1808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
13:36:32.0121 1808 \Device\Harddisk1\DR3 - ok
13:36:32.0121 1808 Boot (0x1200) (80bd3e80a02b4c4f49d3f14805876460) \Device\Harddisk0\DR0\Partition0
13:36:32.0121 1808 \Device\Harddisk0\DR0\Partition0 - ok
13:36:32.0131 1808 Boot (0x1200) (3456969cf2141b80526a4fa9e265274d) \Device\Harddisk1\DR3\Partition0
13:36:32.0131 1808 \Device\Harddisk1\DR3\Partition0 - ok
13:36:32.0131 1808 ============================================================
13:36:32.0131 1808 Scan finished
13:36:32.0131 1808 ============================================================
13:36:32.0151 1548 Detected object count: 2
13:36:32.0151 1548 Actual detected object count: 2
13:36:58.0039 1548 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:36:58.0039 1548 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:36:58.0049 1548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:36:58.0049 1548 \Device\Harddisk0\DR0 - ok
13:36:58.0049 1548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
13:37:11.0508 1620 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 16 December 2011 - 02:19 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[b]"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sbflyfan

sbflyfan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2011 - 02:34 PM

Hi, as I have noted in my most recent two posts, my operating system seems to be running weird now.

I was able to save the txt file as you instructed, however Windows will not allow me to drag icons around right now.

Is there another way to run the script?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 16 December 2011 - 02:46 PM

Hello

OK try and run this for now then

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sbflyfan

sbflyfan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2011 - 02:59 PM

Thanks. Here you go!

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 14:57:25
-----------------------------
14:57:25.044 OS Version: Windows 5.1.2600 Service Pack 3
14:57:25.044 Number of processors: 1 586 0xD08
14:57:25.044 ComputerName: JOE UserName:
14:57:26.215 Initialize success
14:57:37.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:57:37.472 Disk 0 Vendor: HTS541010G9SA00 MBZOC60D Size: 95396MB BusType: 3
14:57:39.494 Disk 0 MBR read successfully
14:57:39.494 Disk 0 MBR scan
14:57:39.494 Disk 0 Windows XP default MBR code
14:57:39.494 Disk 0 scanning sectors +195366465
14:57:39.555 Disk 0 scanning C:\WINDOWS\system32\drivers
14:57:48.397 Service scanning
14:57:49.339 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
14:57:49.899 Modules scanning
14:57:51.161 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
14:57:56.028 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
14:57:56.038 Disk 0 trace - called modules:
14:57:56.058 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spuc.sys >>UNKNOWN [0x8a879938]<<
14:57:56.419 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a797ab8]
14:57:56.419 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a799030]
14:57:56.429 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7f5c58]
14:57:56.429 Scan finished successfully
14:58:03.339 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
14:58:03.349 The log file has been saved successfully to "F:\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 16 December 2011 - 03:04 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sbflyfan

sbflyfan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2011 - 03:22 PM

Hi, no infection was found. Here's the new log.

Still cannot get a taskbar, drivers, etc. to work... VERY limited operating system functions.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-16 15:21:03
-----------------------------
15:21:03.965 OS Version: Windows 5.1.2600 Service Pack 3
15:21:03.965 Number of processors: 1 586 0xD08
15:21:03.965 ComputerName: JOE UserName:
15:21:05.367 Initialize success
15:21:10.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:21:10.144 Disk 0 Vendor: HTS541010G9SA00 MBZOC60D Size: 95396MB BusType: 3
15:21:12.157 Disk 0 MBR read successfully
15:21:12.157 Disk 0 MBR scan
15:21:12.157 Disk 0 Windows XP default MBR code
15:21:12.167 Disk 0 scanning sectors +195366465
15:21:12.217 Disk 0 scanning C:\WINDOWS\system32\drivers
15:21:20.229 Service scanning
15:21:21.190 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:21:21.741 Modules scanning
15:21:22.913 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
15:21:27.009 Disk 0 trace - called modules:
15:21:27.029 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spbj.sys >>UNKNOWN [0x8a878938]<<
15:21:27.029 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a896ab8]
15:21:27.389 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a81b9e8]
15:21:27.399 5 ACPI.sys[f74a3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7ec940]
15:21:27.399 Scan finished successfully
15:21:32.917 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
15:21:33.378 The log file has been saved successfully to "F:\aswMBR-2.txt"

Edited by sbflyfan, 16 December 2011 - 03:26 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 16 December 2011 - 03:51 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sbflyfan

sbflyfan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2011 - 04:25 PM

Hi, the troubled computer is a Toshiba Satellite A105-S2716

The boot menu choices are HDD, FDD, CD-ROM, and LAN.

I looked for these icons like the very bottom of this page says, and have them as options, but no USB HDD option.

http://www.laptop-repair.info/select_boot_drive.html

Doesn't seem to want to give me the option of booting from the USB drive. I did follow your instructions and made the image, etc. and have the USB drive plugged into the troubled computer. Still not sure how to get it to boot from it.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 16 December 2011 - 08:53 PM

Hello

try to burn it to a cd using Unetbootin


then save the file to the c drive so you can find it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 19 December 2011 - 01:10 AM

Hello

It has been a few days so I am checking on you to make sure you are still with me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users