Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help-Not sure where to post this


  • Please log in to reply
16 replies to this topic

#1 Cathryn2

Cathryn2

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 02:49 PM

My computer is a mess, Malwarebytes, Trend Micro House Calls & Microsoft security essentials cannot seem to find anything. The registry is also showing duplicates. I think the computer is Hijacked. I ran Hijack this, but i do not know how to use it, I do have the log.

Edited by hamluis, 19 March 2012 - 02:53 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,296 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:35 AM

Posted 19 March 2012 - 02:54 PM

Moving to Am I Infected forum, do not post HJT or other malware log data until requested.

Louis

#3 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 03:23 PM

Thank you

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 19 March 2012 - 03:32 PM

Hello, HJT is not something to use on your own. It's also a bit outdated. Lets try this and if needed we will run the newer tool.

What issues are you having ..Redirects,popups etc...?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 04:16 PM

Hello,

For one I have 2 HKEY_LOCAL MACHINE_MACHINE in the registry. Not touching the registry just noticed it.
When I run all the scans, they are done in 2 minutes, i know that is not right, they malware, and Microsoft security take hours.
And the Cpu is making a howling noise, as if there is something running.
I checked the Computer management, service control manger & Event viewer,to see what is running.
They are both filled with multiple errors, I have no clue what they mean.

I will begin the steps you gave me right now.

Thank you

#6 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 04:48 PM

Hello this is the first one, or should I wait and post all of them at once?
And I hope I am reading the bottom wrong, saying my KID is the Admin.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 19-03-2012 at 16:32:56
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=8.26.56.26 register=PRIMARY
add dns name="Local Area Connection" addr=156.154.70.22 index=2
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "{CC71DEDC-85C8-4BC6-B14C-FBADA9BFF390}"

set address name="{CC71DEDC-85C8-4BC6-B14C-FBADA9BFF390}" source=static addr=0.0.0.0 mask=0.0.0.0
set dns name="{CC71DEDC-85C8-4BC6-B14C-FBADA9BFF390}" source=static addr=none register=PRIMARY
set wins name="{CC71DEDC-85C8-4BC6-B14C-FBADA9BFF390}" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : katnDrew

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-0C-6E-A1-B9-56

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 8.26.56.26

156.154.70.22

Lease Obtained. . . . . . . . . . : Monday, March 19, 2012 8:06:50 AM

Lease Expires . . . . . . . . . . : Tuesday, March 20, 2012 8:06:50 AM



Ethernet adapter {CC71DEDC-85C8-4BC6-B14C-FBADA9BFF390}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Nortel IPSECSHM Adapter - Packet Scheduler Miniport

Physical Address. . . . . . . . . : 44-45-53-54-42-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com.gateway.2wire.net
Address: 92.242.144.50



Pinging google.com [209.85.148.100] with 32 bytes of data:



Reply from 209.85.148.100: bytes=32 time=132ms TTL=48

Reply from 209.85.148.100: bytes=32 time=148ms TTL=48



Ping statistics for 209.85.148.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 132ms, Maximum = 148ms, Average = 140ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com.gateway.2wire.net
Address: 92.242.144.50



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=192ms TTL=48

Reply from 98.139.183.24: bytes=32 time=88ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 192ms, Average = 140ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com.gateway.2wire.net
Address: 92.242.144.50



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 6e a1 b9 56 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
255.255.255.255 255.255.255.255 192.168.1.64 3 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/19/2012 01:00:01 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 10.0.2.4428, faulting module coreclr.dll, version 4.1.10111.0, fault address 0x0013d2a6.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/19/2012 01:00:00 PM) (Source: .NET Runtime) (User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/19/2012 00:56:08 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 10.0.2.4428, faulting module coreclr.dll, version 4.1.10111.0, fault address 0x0013d2a6.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/19/2012 00:56:07 PM) (Source: .NET Runtime) (User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/19/2012 00:54:30 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 10.0.2.4428, faulting module coreclr.dll, version 4.1.10111.0, fault address 0x0013d2a6.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/19/2012 00:54:30 PM) (Source: .NET Runtime) (User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/19/2012 00:10:19 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 10.0.2.4428, faulting module coreclr.dll, version 4.1.10111.0, fault address 0x0013d2a6.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/19/2012 00:10:16 PM) (Source: .NET Runtime) (User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/15/2012 03:10:14 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: HP Deskjet 1000 J110 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Deskjet 1000 J110 series' device to complete the uninstallation.

Error: (03/02/2012 00:02:09 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.8328.0, stamp 4c717ed1, faulting module mso.dll, version 11.0.8341.0, stamp 4e29b116, debug? 0, fault address 0x0018a564.


System errors:
=============
Error: (03/15/2012 03:16:40 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:39 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (03/15/2012 03:16:38 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (03/19/2012 01:00:01 PM) (Source: Application Error)(User: )
Description: plugin-container.exe10.0.2.4428coreclr.dll4.1.10111.00013d2a6

Error: (03/19/2012 01:00:00 PM) (Source: .NET Runtime)(User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/19/2012 00:56:08 PM) (Source: Application Error)(User: )
Description: plugin-container.exe10.0.2.4428coreclr.dll4.1.10111.00013d2a6

Error: (03/19/2012 00:56:07 PM) (Source: .NET Runtime)(User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/19/2012 00:54:30 PM) (Source: Application Error)(User: )
Description: plugin-container.exe10.0.2.4428coreclr.dll4.1.10111.00013d2a6

Error: (03/19/2012 00:54:30 PM) (Source: .NET Runtime)(User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/19/2012 00:10:19 PM) (Source: Application Error)(User: )
Description: plugin-container.exe10.0.2.4428coreclr.dll4.1.10111.00013d2a6

Error: (03/19/2012 00:10:16 PM) (Source: .NET Runtime)(User: )
Description: Application: plugin-container.exe
CoreCLR Version: 4.1.10111.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6 (79150000) with exit code 8013150a.

Error: (03/15/2012 03:10:14 PM) (Source: MsiInstaller)(User: Owner)Owner
Description: Product: HP Deskjet 1000 J110 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Deskjet 1000 J110 series' device to complete the uninstallation.(NULL)(NULL)(NULL)

Error: (03/02/2012 00:02:09 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.8328.04c717ed1mso.dll11.0.8341.04e29b11600018a564


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Photoshop Album Starter Edition (Version: 1.0)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Apple Application Support (Version: 2.1.6)
AutoServiceFee
Bing Bar (Version: 6.3.2291.0)
Bing Bar Platform (Version: 6.3.2291.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Compaq Connections
Compaq Organize
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
Easy Internet Sign-up (Version: FE UI-2.1.0.847)
Enhanced Multimedia Keyboard Solution
Galileo Desktop (Version: 5.20)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.003.001.001)
HpSdpAppCoreApp (Version: 2.00.0000)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
Internet Explorer (Enable DEP)
InterVideo WinDVD Player (Version: 4.0-B11.389)
iTunes (Version: 10.5.2.11)
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8117.416)
LiveReg (Symantec Corporation) (Version: 2.2.5.1678)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003 (Version: 11.0.50)
Microsoft Money 2003 System Pack (Version: 11.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 12.0.4518.1068)
Microsoft Outlook Hotmail Connector 32-bit (Version: 14.0.4763.1000)
Microsoft Plus! Digital Media Edition (Version: 1.00.00.2301)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Works 7.0 (Version: 07.02.0620)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MUSICMATCH® Jukebox
Nortel Networks Contivity VPN Client
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
Picasa 3 (Version: 3.8)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1 (Version: 2.2.1)
Quicken 2002 New User Edition
Quicken 2003 New User Edition (Version: 12.00.0000)
QuickTime (Version: 7.71.80.42)
RealOne Player
RecordNow! (Version: 6.0.0)
S3Display
S3Gamma2
S3Info2
S3Overlay
Segoe UI (Version: 14.0.4327.805)
Sonic Update Manager (Version: 2.80)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
Viewpoint Media Player (Remove Only)
WebFldrs XP (Version: 9.50.6513)
Weblink
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 1015.52 MB
Available physical RAM: 556.95 MB
Total Pagefile: 2971.39 MB
Available Pagefile: 2584.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.14 MB

========================= Partitions: =====================================

2 Drive c: (PRESARIO) (Fixed) (Total:69.82 GB) (Free:42.15 GB) NTFS
3 Drive d: (PRESARIO_RP) (Fixed) (Total:4.69 GB) (Free:0.9 GB) FAT32

========================= Users: ========================================

User accounts for \\KATNDREW

Administrator andrew ASPNET
Guest HelpAssistant Owner
SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****

#7 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 04:58 PM

TDSSKiller and no reboot was required.

16:49:27.0484 61028 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:49:27.0937 61028 ============================================================
16:49:27.0937 61028 Current date / time: 2012/03/19 16:49:27.0937
16:49:27.0937 61028 SystemInfo:
16:49:27.0937 61028
16:49:27.0937 61028 OS Version: 5.1.2600 ServicePack: 3.0
16:49:27.0937 61028 Product type: Workstation
16:49:27.0937 61028 ComputerName: KATNDREW
16:49:27.0937 61028 UserName: Owner
16:49:27.0937 61028 Windows directory: C:\WINDOWS
16:49:27.0937 61028 System windows directory: C:\WINDOWS
16:49:27.0937 61028 Processor architecture: Intel x86
16:49:27.0937 61028 Number of processors: 1
16:49:27.0937 61028 Page size: 0x1000
16:49:27.0937 61028 Boot type: Normal boot
16:49:27.0937 61028 ============================================================
16:49:30.0312 61028 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
16:49:30.0312 61028 \Device\Harddisk0\DR0:
16:49:30.0312 61028 MBR used
16:49:30.0312 61028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x966C81
16:49:30.0312 61028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x966CC0, BlocksNum 0x8BA3940
16:49:30.0359 61028 Initialize success
16:49:30.0359 61028 ============================================================
16:49:53.0718 60564 ============================================================
16:49:53.0718 60564 Scan started
16:49:53.0718 60564 Mode: Manual; TDLFS;
16:49:53.0718 60564 ============================================================
16:49:54.0125 60564 Abiosdsk - ok
16:49:54.0187 60564 abp480n5 - ok
16:49:54.0265 60564 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:49:54.0281 60564 ACPI - ok
16:49:54.0437 60564 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:49:54.0437 60564 ACPIEC - ok
16:49:54.0578 60564 adpu160m - ok
16:49:54.0671 60564 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:49:54.0671 60564 aec - ok
16:49:54.0843 60564 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
16:49:54.0843 60564 Afc - ok
16:49:55.0015 60564 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:49:55.0015 60564 AFD - ok
16:49:55.0203 60564 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:49:55.0203 60564 agp440 - ok
16:49:55.0343 60564 Aha154x - ok
16:49:55.0406 60564 aic78u2 - ok
16:49:55.0437 60564 aic78xx - ok
16:49:55.0625 60564 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:49:55.0718 60564 ALCXWDM - ok
16:49:55.0875 60564 AliIde - ok
16:49:55.0968 60564 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
16:49:55.0968 60564 AmdK7 - ok
16:49:56.0125 60564 amsint - ok
16:49:56.0187 60564 aopeyek - ok
16:49:56.0234 60564 asc - ok
16:49:56.0281 60564 asc3350p - ok
16:49:56.0312 60564 asc3550 - ok
16:49:56.0437 60564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:49:56.0437 60564 AsyncMac - ok
16:49:56.0609 60564 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:49:56.0609 60564 atapi - ok
16:49:56.0765 60564 Atdisk - ok
16:49:56.0859 60564 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:49:56.0859 60564 Atmarpc - ok
16:49:57.0031 60564 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:49:57.0031 60564 audstub - ok
16:49:57.0203 60564 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:49:57.0203 60564 Beep - ok
16:49:57.0359 60564 catchme - ok
16:49:57.0531 60564 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:49:57.0546 60564 cbidf2k - ok
16:49:57.0718 60564 cd20xrnt - ok
16:49:57.0781 60564 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:49:57.0781 60564 Cdaudio - ok
16:49:57.0937 60564 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:49:57.0937 60564 Cdfs - ok
16:49:58.0125 60564 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:49:58.0125 60564 Cdrom - ok
16:49:58.0281 60564 Changer - ok
16:49:58.0375 60564 CmdIde - ok
16:49:58.0453 60564 Cpqarray - ok
16:49:58.0484 60564 dac2w2k - ok
16:49:58.0531 60564 dac960nt - ok
16:49:58.0640 60564 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:49:58.0656 60564 Disk - ok
16:49:58.0859 60564 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:49:58.0890 60564 dmboot - ok
16:49:59.0062 60564 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:49:59.0062 60564 dmio - ok
16:49:59.0218 60564 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:49:59.0218 60564 dmload - ok
16:49:59.0406 60564 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:49:59.0406 60564 DMusic - ok
16:49:59.0578 60564 dpti2o - ok
16:49:59.0656 60564 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:49:59.0671 60564 drmkaud - ok
16:49:59.0828 60564 Eacfilt (45d7201c3625b7158d1d80d26b2e410c) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
16:49:59.0828 60564 Eacfilt - ok
16:50:00.0046 60564 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:50:00.0046 60564 Fastfat - ok
16:50:00.0218 60564 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
16:50:00.0218 60564 fasttx2k - ok
16:50:00.0406 60564 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:50:00.0421 60564 Fdc - ok
16:50:00.0593 60564 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:50:00.0593 60564 Fips - ok
16:50:00.0781 60564 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:50:00.0781 60564 Flpydisk - ok
16:50:00.0968 60564 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:50:00.0968 60564 FltMgr - ok
16:50:01.0140 60564 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:50:01.0140 60564 Fs_Rec - ok
16:50:01.0281 60564 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:50:01.0296 60564 Ftdisk - ok
16:50:01.0468 60564 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:50:01.0468 60564 GEARAspiWDM - ok
16:50:01.0640 60564 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:50:01.0640 60564 Gpc - ok
16:50:01.0859 60564 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:50:01.0859 60564 HidUsb - ok
16:50:01.0984 60564 hpn - ok
16:50:02.0093 60564 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:50:02.0125 60564 HTTP - ok
16:50:02.0265 60564 i2omgmt - ok
16:50:02.0312 60564 i2omp - ok
16:50:02.0390 60564 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:50:02.0390 60564 i8042prt - ok
16:50:02.0625 60564 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:50:02.0671 60564 ialm - ok
16:50:02.0875 60564 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:50:02.0875 60564 Imapi - ok
16:50:03.0015 60564 ini910u - ok
16:50:03.0125 60564 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:50:03.0125 60564 IntelIde - ok
16:50:03.0296 60564 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:50:03.0296 60564 intelppm - ok
16:50:03.0468 60564 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:50:03.0468 60564 ip6fw - ok
16:50:03.0671 60564 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:50:03.0671 60564 IpFilterDriver - ok
16:50:03.0828 60564 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:50:03.0828 60564 IpInIp - ok
16:50:04.0000 60564 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:50:04.0015 60564 IpNat - ok
16:50:04.0203 60564 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:50:04.0203 60564 IPSec - ok
16:50:04.0390 60564 IPSECEXT (0e4daf6e7ff60665528521353dfaaa9c) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
16:50:04.0390 60564 IPSECEXT - ok
16:50:04.0421 60564 IPSECSHM (0e4daf6e7ff60665528521353dfaaa9c) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
16:50:04.0421 60564 IPSECSHM - ok
16:50:04.0593 60564 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:50:04.0593 60564 IRENUM - ok
16:50:04.0750 60564 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:50:04.0750 60564 isapnp - ok
16:50:04.0937 60564 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:50:04.0937 60564 Kbdclass - ok
16:50:05.0109 60564 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:50:05.0109 60564 kbdhid - ok
16:50:05.0281 60564 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:50:05.0281 60564 kmixer - ok
16:50:05.0453 60564 krait03 (37c7c9044067e28327392d0b02cda526) C:\WINDOWS\system32\Drivers\krait.sys
16:50:05.0453 60564 krait03 - ok
16:50:05.0640 60564 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:50:05.0640 60564 KSecDD - ok
16:50:05.0796 60564 lbrtfdc - ok
16:50:05.0984 60564 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
16:50:06.0015 60564 ltmodem5 - ok
16:50:06.0203 60564 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:50:06.0218 60564 mnmdd - ok
16:50:06.0375 60564 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:50:06.0390 60564 Modem - ok
16:50:06.0562 60564 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:50:06.0562 60564 Mouclass - ok
16:50:06.0734 60564 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:50:06.0734 60564 mouhid - ok
16:50:06.0890 60564 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:50:06.0890 60564 MountMgr - ok
16:50:07.0062 60564 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:50:07.0078 60564 MpFilter - ok
16:50:07.0187 60564 MpKslf030de96 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC4A4A44-44EB-4B51-A1F5-92E4AFD8AF16}\MpKslf030de96.sys
16:50:07.0187 60564 MpKslf030de96 - ok
16:50:07.0328 60564 mraid35x - ok
16:50:07.0421 60564 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:50:07.0421 60564 MRxDAV - ok
16:50:07.0625 60564 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:50:07.0656 60564 MRxSmb - ok
16:50:07.0906 60564 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:50:07.0906 60564 Msfs - ok
16:50:08.0078 60564 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:50:08.0078 60564 MSKSSRV - ok
16:50:08.0250 60564 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:50:08.0250 60564 MSPCLOCK - ok
16:50:08.0406 60564 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:50:08.0406 60564 MSPQM - ok
16:50:08.0578 60564 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:50:08.0593 60564 mssmbios - ok
16:50:08.0750 60564 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:50:08.0750 60564 Mup - ok
16:50:08.0937 60564 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys
16:50:08.0937 60564 MxlW2k - ok
16:50:09.0125 60564 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:50:09.0125 60564 NDIS - ok
16:50:09.0296 60564 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:50:09.0296 60564 NdisTapi - ok
16:50:09.0468 60564 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:50:09.0468 60564 Ndisuio - ok
16:50:09.0656 60564 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:50:09.0671 60564 NdisWan - ok
16:50:09.0828 60564 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:50:09.0843 60564 NDProxy - ok
16:50:10.0015 60564 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:50:10.0015 60564 NetBIOS - ok
16:50:10.0203 60564 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:50:10.0203 60564 NetBT - ok
16:50:10.0421 60564 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:50:10.0421 60564 Npfs - ok
16:50:10.0703 60564 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:50:10.0734 60564 Ntfs - ok
16:50:10.0921 60564 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:50:10.0921 60564 Null - ok
16:50:11.0156 60564 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:50:11.0218 60564 nv - ok
16:50:11.0390 60564 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
16:50:11.0390 60564 nv_agp - ok
16:50:11.0562 60564 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:50:11.0562 60564 NwlnkFlt - ok
16:50:11.0718 60564 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:50:11.0718 60564 NwlnkFwd - ok
16:50:11.0937 60564 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:50:11.0937 60564 Parport - ok
16:50:12.0125 60564 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:50:12.0125 60564 PartMgr - ok
16:50:12.0296 60564 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:50:12.0296 60564 ParVdm - ok
16:50:12.0468 60564 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:50:12.0468 60564 PCI - ok
16:50:12.0625 60564 PCIDump - ok
16:50:12.0734 60564 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
16:50:12.0734 60564 PCIIde - ok
16:50:12.0890 60564 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:50:12.0906 60564 Pcmcia - ok
16:50:13.0046 60564 PDCOMP - ok
16:50:13.0109 60564 PDFRAME - ok
16:50:13.0156 60564 PDRELI - ok
16:50:13.0203 60564 PDRFRAME - ok
16:50:13.0250 60564 perc2 - ok
16:50:13.0281 60564 perc2hib - ok
16:50:13.0421 60564 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:50:13.0437 60564 PptpMiniport - ok
16:50:13.0609 60564 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:50:13.0625 60564 Processor - ok
16:50:13.0812 60564 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
16:50:13.0812 60564 Ps2 - ok
16:50:14.0000 60564 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:50:14.0000 60564 PSched - ok
16:50:14.0171 60564 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:50:14.0187 60564 Ptilink - ok
16:50:14.0359 60564 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:50:14.0359 60564 PxHelp20 - ok
16:50:14.0500 60564 ql1080 - ok
16:50:14.0562 60564 Ql10wnt - ok
16:50:14.0625 60564 ql12160 - ok
16:50:14.0671 60564 ql1240 - ok
16:50:14.0703 60564 ql1280 - ok
16:50:14.0781 60564 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:50:14.0796 60564 RasAcd - ok
16:50:14.0968 60564 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:50:14.0968 60564 Rasl2tp - ok
16:50:15.0156 60564 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:50:15.0156 60564 RasPppoe - ok
16:50:15.0328 60564 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:50:15.0328 60564 Raspti - ok
16:50:15.0515 60564 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:50:15.0515 60564 Rdbss - ok
16:50:15.0687 60564 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:50:15.0703 60564 RDPCDD - ok
16:50:15.0890 60564 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:50:15.0890 60564 RDPWD - ok
16:50:16.0078 60564 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:50:16.0078 60564 redbook - ok
16:50:16.0296 60564 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:50:16.0312 60564 RTL8023xp - ok
16:50:16.0453 60564 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
16:50:16.0453 60564 rtl8139 - ok
16:50:16.0625 60564 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
16:50:16.0625 60564 S3Psddr - ok
16:50:16.0875 60564 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:50:16.0890 60564 Secdrv - ok
16:50:17.0078 60564 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:50:17.0078 60564 Serenum - ok
16:50:17.0250 60564 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:50:17.0250 60564 Serial - ok
16:50:17.0484 60564 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:50:17.0484 60564 Sfloppy - ok
16:50:17.0656 60564 Simbad - ok
16:50:17.0750 60564 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
16:50:17.0781 60564 SiS315 - ok
16:50:17.0937 60564 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
16:50:17.0953 60564 SISAGP - ok
16:50:18.0093 60564 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
16:50:18.0109 60564 SiSkp - ok
16:50:18.0265 60564 Sparrow - ok
16:50:18.0359 60564 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:50:18.0359 60564 splitter - ok
16:50:18.0531 60564 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:50:18.0531 60564 sr - ok
16:50:18.0750 60564 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:50:18.0812 60564 Srv - ok
16:50:19.0000 60564 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:50:19.0015 60564 swenum - ok
16:50:19.0171 60564 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:50:19.0171 60564 swmidi - ok
16:50:19.0359 60564 symc810 - ok
16:50:19.0406 60564 symc8xx - ok
16:50:19.0453 60564 sym_hi - ok
16:50:19.0500 60564 sym_u3 - ok
16:50:19.0562 60564 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:50:19.0578 60564 sysaudio - ok
16:50:19.0765 60564 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:50:19.0796 60564 Tcpip - ok
16:50:19.0968 60564 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:50:19.0968 60564 TDPIPE - ok
16:50:20.0125 60564 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:50:20.0125 60564 TDTCP - ok
16:50:20.0296 60564 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:50:20.0296 60564 TermDD - ok
16:50:20.0468 60564 TosIde - ok
16:50:20.0593 60564 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:50:20.0593 60564 Udfs - ok
16:50:20.0750 60564 ultra - ok
16:50:20.0859 60564 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:50:20.0875 60564 Update - ok
16:50:21.0046 60564 USBAAPL - ok
16:50:21.0140 60564 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:50:21.0156 60564 usbccgp - ok
16:50:21.0328 60564 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:50:21.0343 60564 usbehci - ok
16:50:21.0515 60564 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:50:21.0515 60564 usbhub - ok
16:50:21.0687 60564 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:50:21.0687 60564 usbohci - ok
16:50:21.0843 60564 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:50:21.0843 60564 usbprint - ok
16:50:22.0015 60564 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:50:22.0015 60564 usbscan - ok
16:50:22.0187 60564 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:50:22.0187 60564 USBSTOR - ok
16:50:22.0375 60564 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:50:22.0375 60564 usbuhci - ok
16:50:22.0546 60564 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:50:22.0546 60564 VgaSave - ok
16:50:22.0703 60564 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
16:50:22.0703 60564 viaagp1 - ok
16:50:22.0859 60564 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
16:50:22.0859 60564 ViaIde - ok
16:50:23.0031 60564 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:50:23.0031 60564 VolSnap - ok
16:50:23.0250 60564 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:50:23.0265 60564 Wanarp - ok
16:50:23.0390 60564 WDICA - ok
16:50:23.0484 60564 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:50:23.0484 60564 wdmaud - ok
16:50:23.0796 60564 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:50:23.0812 60564 WS2IFSL - ok
16:50:23.0984 60564 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:50:23.0984 60564 WudfPf - ok
16:50:24.0140 60564 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:50:24.0156 60564 WudfRd - ok
16:50:24.0343 60564 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
16:50:24.0359 60564 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
16:50:24.0515 60564 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
16:50:24.0515 60564 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
16:50:24.0546 60564 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
16:50:25.0343 60564 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:50:25.0343 60564 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:50:25.0359 60564 Boot (0x1200) (3cd4fd2c64bd05fac04877c893e192a2) \Device\Harddisk0\DR0\Partition0
16:50:25.0359 60564 \Device\Harddisk0\DR0\Partition0 - ok
16:50:25.0406 60564 Boot (0x1200) (86cad54f735d08e2f8594e95a8c40646) \Device\Harddisk0\DR0\Partition1
16:50:25.0406 60564 \Device\Harddisk0\DR0\Partition1 - ok
16:50:25.0406 60564 ============================================================
16:50:25.0406 60564 Scan finished
16:50:25.0406 60564 ============================================================
16:50:25.0437 61072 Detected object count: 1
16:50:25.0437 61072 Actual detected object count: 1
16:50:54.0859 61072 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:50:54.0859 61072 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 19 March 2012 - 06:03 PM

Ok, yes,he is King LOL. can you open his account and run these?

We have some things to do.
Need tio see the ESET first unless it was clean.

Rerun TDSS like this....
basically ,no paramter change.

Right click on desktop icon.
[*]Run TDSSKiller.exe.
[*] Click Start scan.
[*]When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
[*]Let reboot if needed and tell me if the tool needed a reboot.
[*]Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.[/list]


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 07:04 PM

Hello,
The Eset just finished and omg, I am Owner,” Computer administrator" The kid is Andrew "limited account" Guest is off, and no way can I get to Administrator without booted to safe mode, even then, no way can I bypass that one. Any Ideas?

Here is the report, now I will move onto to you next instructions.

C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP294\A0101137.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP313\A0106154.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP314\A0106245.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP342\A0115637.exe Win32/PrcView application cleaned by deleting - quarantined

#10 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 07:29 PM

I had trouble with the redo of TDSS. I never saw a (Cure or Delete)did I miss something in the steps?

MBAM is updated & still running. Then I boot to safe mode and try to remove the kids A.., as Administrator?

#11 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 07:31 PM

MBAM IS CLEAN

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Owner :: KATNDREW [limited]

3/19/2012 7:17:18 PM
mbam-log-2012-03-19 (19-17-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 350553
Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 19 March 2012 - 08:16 PM

Uninstall any TDSS from the desktop.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.


I would ask in XP how to do iy as I am a bot rusty.
But this will explain it.. Managing User Accounts
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 19 March 2012 - 09:36 PM

Ok I just want to be clear on this. System restore off, ran the FixTDSS tool, it says Backdoor.TIDSERV.

Does not seem to have removed it,it only said found and finished. Do you still want me to system restore?

It is late,I will check back here tomorrow. leave the computer off for the night,.

You are amazing, Thank you so much!

Edited by kathy710, 19 March 2012 - 09:42 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:35 AM

Posted 19 March 2012 - 10:17 PM

Yes. re enable system restore.

We will try this again now that Fix was run.
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Is it running better yet?

Good night:)

Edited by boopme, 19 March 2012 - 10:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Cathryn2

Cathryn2
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Hawkeytown, Illinois
  • Local time:07:35 AM

Posted 20 March 2012 - 10:11 AM

Posted Image

I am not getting any option for (The utility automatically selects an action (Cure or Delete) for malicious objects.)
Please see the screen shot.

I tried to included a Screen Sot of the TDSSKiller, using Photo Bucket link. I hope this works.

09:10:38.0109 28632 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
09:10:38.0609 28632 ============================================================
09:10:38.0609 28632 Current date / time: 2012/03/20 09:10:38.0609
09:10:38.0609 28632 SystemInfo:
09:10:38.0609 28632
09:10:38.0609 28632 OS Version: 5.1.2600 ServicePack: 3.0
09:10:38.0609 28632 Product type: Workstation
09:10:38.0609 28632 ComputerName: KATNDREW
09:10:38.0609 28632 UserName: Owner
09:10:38.0609 28632 Windows directory: C:\WINDOWS
09:10:38.0609 28632 System windows directory: C:\WINDOWS
09:10:38.0609 28632 Processor architecture: Intel x86
09:10:38.0609 28632 Number of processors: 1
09:10:38.0609 28632 Page size: 0x1000
09:10:38.0609 28632 Boot type: Normal boot
09:10:38.0609 28632 ============================================================
09:10:41.0046 28632 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
09:10:41.0046 28632 \Device\Harddisk0\DR0:
09:10:41.0046 28632 MBR used
09:10:41.0046 28632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x966C81
09:10:41.0046 28632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x966CC0, BlocksNum 0x8BA3940
09:10:41.0125 28632 Initialize success
09:10:41.0125 28632 ============================================================
09:11:21.0484 28932 ============================================================
09:11:21.0484 28932 Scan started
09:11:21.0484 28932 Mode: Manual;
09:11:21.0484 28932 ============================================================
09:11:21.0859 28932 Abiosdsk - ok
09:11:21.0921 28932 abp480n5 - ok
09:11:22.0031 28932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:11:22.0031 28932 ACPI - ok
09:11:22.0203 28932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:11:22.0203 28932 ACPIEC - ok
09:11:22.0359 28932 adpu160m - ok
09:11:22.0468 28932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:11:22.0468 28932 aec - ok
09:11:22.0656 28932 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
09:11:22.0656 28932 Afc - ok
09:11:22.0828 28932 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:11:22.0843 28932 AFD - ok
09:11:23.0015 28932 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:11:23.0031 28932 agp440 - ok
09:11:23.0203 28932 Aha154x - ok
09:11:23.0265 28932 aic78u2 - ok
09:11:23.0359 28932 aic78xx - ok
09:11:23.0562 28932 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:11:23.0656 28932 ALCXWDM - ok
09:11:23.0843 28932 AliIde - ok
09:11:23.0937 28932 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
09:11:23.0937 28932 AmdK7 - ok
09:11:24.0093 28932 amsint - ok
09:11:24.0156 28932 aopeyek - ok
09:11:24.0218 28932 asc - ok
09:11:24.0296 28932 asc3350p - ok
09:11:24.0343 28932 asc3550 - ok
09:11:24.0500 28932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:11:24.0500 28932 AsyncMac - ok
09:11:24.0671 28932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:11:24.0671 28932 atapi - ok
09:11:24.0812 28932 Atdisk - ok
09:11:24.0906 28932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:11:24.0921 28932 Atmarpc - ok
09:11:25.0109 28932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:11:25.0109 28932 audstub - ok
09:11:25.0343 28932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:11:25.0343 28932 Beep - ok
09:11:25.0500 28932 catchme - ok
09:11:25.0687 28932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:11:25.0687 28932 cbidf2k - ok
09:11:25.0828 28932 cd20xrnt - ok
09:11:25.0890 28932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:11:25.0906 28932 Cdaudio - ok
09:11:26.0062 28932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:11:26.0062 28932 Cdfs - ok
09:11:26.0234 28932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:11:26.0234 28932 Cdrom - ok
09:11:26.0390 28932 Changer - ok
09:11:26.0500 28932 CmdIde - ok
09:11:26.0578 28932 Cpqarray - ok
09:11:26.0656 28932 dac2w2k - ok
09:11:26.0687 28932 dac960nt - ok
09:11:26.0796 28932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:11:26.0796 28932 Disk - ok
09:11:27.0015 28932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:11:27.0046 28932 dmboot - ok
09:11:27.0203 28932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:11:27.0234 28932 dmio - ok
09:11:27.0390 28932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:11:27.0390 28932 dmload - ok
09:11:27.0562 28932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:11:27.0578 28932 DMusic - ok
09:11:27.0734 28932 dpti2o - ok
09:11:27.0843 28932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:11:27.0843 28932 drmkaud - ok
09:11:28.0015 28932 Eacfilt (45d7201c3625b7158d1d80d26b2e410c) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
09:11:28.0093 28932 Eacfilt - ok
09:11:28.0312 28932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:11:28.0312 28932 Fastfat - ok
09:11:28.0500 28932 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
09:11:28.0500 28932 fasttx2k - ok
09:11:28.0687 28932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:11:28.0687 28932 Fdc - ok
09:11:28.0859 28932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:11:28.0875 28932 Fips - ok
09:11:29.0015 28932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:11:29.0015 28932 Flpydisk - ok
09:11:29.0218 28932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:11:29.0218 28932 FltMgr - ok
09:11:29.0406 28932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:11:29.0406 28932 Fs_Rec - ok
09:11:29.0593 28932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:11:29.0609 28932 Ftdisk - ok
09:11:29.0781 28932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:11:29.0796 28932 GEARAspiWDM - ok
09:11:29.0968 28932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:11:29.0968 28932 Gpc - ok
09:11:30.0203 28932 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:11:30.0203 28932 HidUsb - ok
09:11:30.0390 28932 hpn - ok
09:11:30.0500 28932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:11:30.0500 28932 HTTP - ok
09:11:30.0656 28932 i2omgmt - ok
09:11:30.0734 28932 i2omp - ok
09:11:30.0812 28932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:11:30.0828 28932 i8042prt - ok
09:11:31.0031 28932 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:11:31.0046 28932 ialm - ok
09:11:31.0250 28932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:11:31.0250 28932 Imapi - ok
09:11:31.0406 28932 ini910u - ok
09:11:31.0515 28932 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:11:31.0515 28932 IntelIde - ok
09:11:31.0687 28932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:11:31.0687 28932 intelppm - ok
09:11:31.0859 28932 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:11:31.0859 28932 ip6fw - ok
09:11:32.0015 28932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:11:32.0015 28932 IpFilterDriver - ok
09:11:32.0171 28932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:11:32.0171 28932 IpInIp - ok
09:11:32.0375 28932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:11:32.0375 28932 IpNat - ok
09:11:32.0578 28932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:11:32.0578 28932 IPSec - ok
09:11:32.0765 28932 IPSECEXT (0e4daf6e7ff60665528521353dfaaa9c) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
09:11:32.0953 28932 IPSECEXT - ok
09:11:32.0968 28932 IPSECSHM (0e4daf6e7ff60665528521353dfaaa9c) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
09:11:33.0000 28932 IPSECSHM - ok
09:11:33.0156 28932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:11:33.0156 28932 IRENUM - ok
09:11:33.0375 28932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:11:33.0375 28932 isapnp - ok
09:11:33.0578 28932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:11:33.0578 28932 Kbdclass - ok
09:11:33.0765 28932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:11:33.0781 28932 kbdhid - ok
09:11:33.0953 28932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:11:33.0953 28932 kmixer - ok
09:11:34.0140 28932 krait03 (37c7c9044067e28327392d0b02cda526) C:\WINDOWS\system32\Drivers\krait.sys
09:11:34.0218 28932 krait03 - ok
09:11:34.0390 28932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:11:34.0390 28932 KSecDD - ok
09:11:34.0562 28932 lbrtfdc - ok
09:11:34.0734 28932 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
09:11:34.0734 28932 ltmodem5 - ok
09:11:34.0921 28932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:11:34.0921 28932 mnmdd - ok
09:11:35.0093 28932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:11:35.0093 28932 Modem - ok
09:11:35.0265 28932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:11:35.0265 28932 Mouclass - ok
09:11:35.0421 28932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:11:35.0421 28932 mouhid - ok
09:11:35.0609 28932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:11:35.0609 28932 MountMgr - ok
09:11:35.0796 28932 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:11:35.0796 28932 MpFilter - ok
09:11:35.0921 28932 MpKslf6b6a28a (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF555899-36D5-499A-8A5D-F1ABD3A6A3B5}\MpKslf6b6a28a.sys
09:11:35.0921 28932 MpKslf6b6a28a - ok
09:11:36.0078 28932 mraid35x - ok
09:11:36.0171 28932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:11:36.0187 28932 MRxDAV - ok
09:11:36.0421 28932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:11:36.0437 28932 MRxSmb - ok
09:11:36.0656 28932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:11:36.0671 28932 Msfs - ok
09:11:36.0859 28932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:11:36.0859 28932 MSKSSRV - ok
09:11:37.0031 28932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:11:37.0046 28932 MSPCLOCK - ok
09:11:37.0187 28932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:11:37.0187 28932 MSPQM - ok
09:11:37.0375 28932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:11:37.0375 28932 mssmbios - ok
09:11:37.0546 28932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:11:37.0546 28932 Mup - ok
09:11:37.0703 28932 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys
09:11:37.0781 28932 MxlW2k - ok
09:11:37.0968 28932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:11:37.0984 28932 NDIS - ok
09:11:38.0156 28932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:11:38.0156 28932 NdisTapi - ok
09:11:38.0359 28932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:11:38.0359 28932 Ndisuio - ok
09:11:38.0531 28932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:11:38.0546 28932 NdisWan - ok
09:11:38.0734 28932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:11:38.0734 28932 NDProxy - ok
09:11:38.0890 28932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:11:38.0906 28932 NetBIOS - ok
09:11:39.0093 28932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:11:39.0109 28932 NetBT - ok
09:11:39.0359 28932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:11:39.0359 28932 Npfs - ok
09:11:39.0546 28932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:11:39.0593 28932 Ntfs - ok
09:11:39.0781 28932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:11:39.0796 28932 Null - ok
09:11:40.0015 28932 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:11:40.0078 28932 nv - ok
09:11:40.0328 28932 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
09:11:40.0328 28932 nv_agp - ok
09:11:40.0484 28932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:11:40.0484 28932 NwlnkFlt - ok
09:11:40.0640 28932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:11:40.0640 28932 NwlnkFwd - ok
09:11:40.0859 28932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:11:40.0875 28932 Parport - ok
09:11:41.0046 28932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:11:41.0046 28932 PartMgr - ok
09:11:41.0234 28932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:11:41.0234 28932 ParVdm - ok
09:11:41.0421 28932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:11:41.0421 28932 PCI - ok
09:11:41.0562 28932 PCIDump - ok
09:11:41.0656 28932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
09:11:41.0656 28932 PCIIde - ok
09:11:41.0812 28932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:11:41.0812 28932 Pcmcia - ok
09:11:41.0937 28932 PDCOMP - ok
09:11:42.0000 28932 PDFRAME - ok
09:11:42.0062 28932 PDRELI - ok
09:11:42.0109 28932 PDRFRAME - ok
09:11:42.0171 28932 perc2 - ok
09:11:42.0218 28932 perc2hib - ok
09:11:42.0468 28932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:11:42.0468 28932 PptpMiniport - ok
09:11:42.0656 28932 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:11:42.0656 28932 Processor - ok
09:11:42.0828 28932 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
09:11:42.0843 28932 Ps2 - ok
09:11:43.0031 28932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:11:43.0046 28932 PSched - ok
09:11:43.0250 28932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:11:43.0265 28932 Ptilink - ok
09:11:43.0421 28932 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
09:11:43.0421 28932 PxHelp20 - ok
09:11:43.0562 28932 ql1080 - ok
09:11:43.0625 28932 Ql10wnt - ok
09:11:43.0687 28932 ql12160 - ok
09:11:43.0734 28932 ql1240 - ok
09:11:43.0781 28932 ql1280 - ok
09:11:43.0859 28932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:11:43.0859 28932 RasAcd - ok
09:11:44.0046 28932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:11:44.0046 28932 Rasl2tp - ok
09:11:44.0250 28932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:11:44.0250 28932 RasPppoe - ok
09:11:44.0437 28932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:11:44.0437 28932 Raspti - ok
09:11:44.0625 28932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:11:44.0640 28932 Rdbss - ok
09:11:44.0812 28932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:11:44.0812 28932 RDPCDD - ok
09:11:45.0078 28932 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:11:45.0093 28932 RDPWD - ok
09:11:45.0265 28932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:11:45.0265 28932 redbook - ok
09:11:45.0515 28932 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
09:11:45.0515 28932 RTL8023xp - ok
09:11:45.0687 28932 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
09:11:45.0687 28932 rtl8139 - ok
09:11:45.0843 28932 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
09:11:45.0859 28932 S3Psddr - ok
09:11:46.0093 28932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:11:46.0093 28932 Secdrv - ok
09:11:46.0328 28932 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:11:46.0328 28932 Serenum - ok
09:11:46.0500 28932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:11:46.0500 28932 Serial - ok
09:11:46.0750 28932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:11:46.0750 28932 Sfloppy - ok
09:11:46.0921 28932 Simbad - ok
09:11:47.0015 28932 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
09:11:47.0031 28932 SiS315 - ok
09:11:47.0203 28932 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
09:11:47.0203 28932 SISAGP - ok
09:11:47.0375 28932 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
09:11:47.0375 28932 SiSkp - ok
09:11:47.0546 28932 Sparrow - ok
09:11:47.0656 28932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:11:47.0656 28932 splitter - ok
09:11:47.0843 28932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:11:47.0843 28932 sr - ok
09:11:48.0062 28932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:11:48.0078 28932 Srv - ok
09:11:48.0281 28932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:11:48.0281 28932 swenum - ok
09:11:48.0453 28932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:11:48.0453 28932 swmidi - ok
09:11:48.0625 28932 symc810 - ok
09:11:48.0687 28932 symc8xx - ok
09:11:48.0750 28932 sym_hi - ok
09:11:48.0796 28932 sym_u3 - ok
09:11:48.0875 28932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:11:48.0890 28932 sysaudio - ok
09:11:49.0109 28932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:11:49.0125 28932 Tcpip - ok
09:11:49.0312 28932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:11:49.0312 28932 TDPIPE - ok
09:11:49.0468 28932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:11:49.0468 28932 TDTCP - ok
09:11:49.0656 28932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:11:49.0656 28932 TermDD - ok
09:11:49.0859 28932 TosIde - ok
09:11:49.0984 28932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:11:50.0000 28932 Udfs - ok
09:11:50.0140 28932 ultra - ok
09:11:50.0265 28932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:11:50.0281 28932 Update - ok
09:11:50.0453 28932 USBAAPL - ok
09:11:50.0546 28932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:11:50.0546 28932 usbccgp - ok
09:11:50.0734 28932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:11:50.0734 28932 usbehci - ok
09:11:50.0906 28932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:11:50.0906 28932 usbhub - ok
09:11:51.0093 28932 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:11:51.0093 28932 usbohci - ok
09:11:51.0281 28932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:11:51.0281 28932 usbprint - ok
09:11:51.0468 28932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:11:51.0515 28932 usbscan - ok
09:11:51.0671 28932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:11:51.0671 28932 USBSTOR - ok
09:11:51.0843 28932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:11:51.0859 28932 usbuhci - ok
09:11:52.0046 28932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:11:52.0046 28932 VgaSave - ok
09:11:52.0218 28932 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
09:11:52.0218 28932 viaagp1 - ok
09:11:52.0390 28932 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
09:11:52.0390 28932 ViaIde - ok
09:11:52.0562 28932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:11:52.0562 28932 VolSnap - ok
09:11:52.0796 28932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:11:52.0812 28932 Wanarp - ok
09:11:52.0968 28932 WDICA - ok
09:11:53.0062 28932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:11:53.0078 28932 wdmaud - ok
09:11:53.0406 28932 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:11:53.0406 28932 WS2IFSL - ok
09:11:53.0593 28932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:11:53.0609 28932 WudfPf - ok
09:11:53.0765 28932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:11:53.0781 28932 WudfRd - ok
09:11:53.0984 28932 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
09:11:54.0000 28932 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
09:11:54.0156 28932 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
09:11:54.0171 28932 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
09:11:54.0203 28932 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
09:11:54.0234 28932 \Device\Harddisk0\DR0 - ok
09:11:54.0250 28932 Boot (0x1200) (6b729b26f2ba17bcbf5755daebf15d14) \Device\Harddisk0\DR0\Partition0
09:11:54.0250 28932 \Device\Harddisk0\DR0\Partition0 - ok
09:11:54.0281 28932 Boot (0x1200) (86cad54f735d08e2f8594e95a8c40646) \Device\Harddisk0\DR0\Partition1
09:11:54.0296 28932 \Device\Harddisk0\DR0\Partition1 - ok
09:11:54.0296 28932 ============================================================
09:11:54.0296 28932 Scan finished
09:11:54.0296 28932 ============================================================
09:11:54.0343 28916 Detected object count: 0
09:11:54.0343 28916 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users