google redirect in firefox

drwizzz · March 17, 2012

Merged post

Google looks fake in firefox and searches wind up on some redirected page. This doesn't appear to be happening in IE8. Malwarebytes didn't detect anything...Can someone help me?

Things have gotton progressively worse. I think I have that svchost.exe bug now too because my system has gotton much slower and that process is eating up memory according to the task manager.

I was able to run combofix under safe mode/administrator and I am attaching that log.

I would appreciate help from one of you guys pretty please...

Thank you in advance for helping me out...

ComboFix 12-03-18.01 - Administrator 03/18/2012 20:53:13.3.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.84 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\kb835221.exe

c:\windows\kb913800.exe

c:\windows\setupapi.log

c:\windows\windows-kb870669-x86-enu.exe

c:\windows\windowsinstaller-kb893803-v2-x86.exe

c:\windows\windowsmedia10-kb917734-x86-enu.exe

c:\windows\windowsxp-kb307154-x86-enu.exe

c:\windows\windowsxp-kb873339-x86-enu.exe

c:\windows\windowsxp-kb884018-x86-enu.exe

c:\windows\windowsxp-kb884575-x86-enu.exe

c:\windows\windowsxp-kb885250-x86-enu.exe

c:\windows\windowsxp-kb885835-x86-enu.exe

c:\windows\windowsxp-kb885836-x86-enu.exe

c:\windows\windowsxp-kb886185-x86-enu.exe

c:\windows\windowsxp-kb887472-x86-enu.exe

c:\windows\windowsxp-kb887742-x86-enu.exe

c:\windows\windowsxp-kb888113-x86-enu.exe

c:\windows\windowsxp-kb888239-x86-enu.exe

c:\windows\windowsxp-kb888302-x86-enu.exe

c:\windows\windowsxp-kb888321-x86-enu.exe

c:\windows\windowsxp-kb890046-x86-enu.exe

c:\windows\windowsxp-kb890859-x86-enu.exe

c:\windows\windowsxp-kb891781-x86-enu.exe

c:\windows\windowsxp-kb892130-enu-x86.exe

c:\windows\WindowsXP-KB893056-x86-ENU.exe

c:\windows\windowsxp-kb893066-v2-x86-enu.exe

c:\windows\windowsxp-kb893357-v2-x86-enu.exe

c:\windows\windowsxp-kb893756-x86-enu.exe

c:\windows\windowsxp-kb894391-x86-enu.exe

c:\windows\windowsxp-kb896358-x86-enu.exe

c:\windows\windowsxp-kb896422-x86-enu.exe

c:\windows\windowsxp-kb896423-x86-enu.exe

c:\windows\windowsxp-kb896424-x86-enu.exe

c:\windows\windowsxp-kb896428-x86-enu.exe

c:\windows\windowsxp-kb896688-x86-enu.exe

c:\windows\windowsxp-kb896727-x86-enu.exe

c:\windows\windowsxp-kb899587-x86-enu.exe

c:\windows\windowsxp-kb899588-x86-enu.exe

c:\windows\windowsxp-kb899589-x86-enu.exe

c:\windows\windowsxp-kb899591-x86-enu.exe

c:\windows\windowsxp-kb900466-x86-enu.exe

c:\windows\windowsxp-kb900485-v2-x86-enu.exe

c:\windows\windowsxp-kb900725-x86-enu.exe

c:\windows\windowsxp-kb901017-x86-enu.exe

c:\windows\windowsxp-kb901214-x86-enu.exe

c:\windows\windowsxp-kb902400-x86-enu.exe

c:\windows\windowsxp-kb903235-x86-enu.exe

c:\windows\windowsxp-kb905414-x86-enu.exe

c:\windows\windowsxp-kb905749-x86-enu.exe

c:\windows\windowsxp-kb905915-x86-enu.exe

c:\windows\windowsxp-kb908519-x86-enu.exe

c:\windows\windowsxp-kb908531-x86-enu.exe

c:\windows\windowsxp-kb909667-x86-enu.exe

c:\windows\windowsxp-kb910437-x86-enu.exe

c:\windows\windowsxp-kb910728-x86-enu.exe

c:\windows\windowsxp-kb911280-x86-enu.exe

c:\windows\windowsxp-kb911562-x86-enu.exe

c:\windows\windowsxp-kb911567-x86-enu.exe

c:\windows\windowsxp-kb911927-x86-enu.exe

c:\windows\windowsxp-kb912919-x86-enu.exe

c:\windows\windowsxp-kb912945-x86-enu.exe

c:\windows\windowsxp-kb914388-x86-enu.exe

c:\windows\windowsxp-kb914389-x86-enu.exe

c:\windows\windowsxp-kb916281-x86-enu.exe

c:\windows\windowsxp-kb917159-x86-enu.exe

c:\windows\windowsxp-kb917344-x86-enu.exe

c:\windows\windowsxp-kb917953-x86-enu.exe

c:\windows\windowsxp-kb918439-x86-enu.exe

.

((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))

.

2012-03-19 00:06 . 2012-03-19 00:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-03-19 00:05 . 2012-03-19 00:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-03-18 18:36 . 2012-03-18 18:41 -------- d-----w- C:\random

2012-03-18 15:06 . 2012-03-18 15:06 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 15:06 . 2012-03-18 15:06 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-15 16:56 . 2012-03-15 16:57 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2012-03-04 19:04 . 2012-03-04 19:04 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2012-03-04 19:03 . 2012-03-04 19:03 -------- d-----w- c:\program files\Common Files\xing shared

2012-03-04 19:02 . 2012-03-04 19:02 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2012-03-04 19:02 . 2012-03-04 19:02 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

2012-03-04 19:00 . 2012-03-04 19:03 -------- d-----w- c:\program files\real

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-08 14:12 . 2011-05-15 04:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2006-08-10 07:32 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 20:01 . 2012-01-11 20:01 72080 ----a-w- c:\documents and settings\Butch\g2mdlhlpx.exe

2012-01-11 19:06 . 2012-02-15 15:32 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-08-10 07:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-18 15:06 . 2012-02-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"HostManager"="c:\program files\Common Files\AOL\1174708395\ee\AOLSoftware.exe" [2006-09-26 50736]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-04 296056]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-3-26 1524776]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

2006-05-08 13:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"=

"c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2967:TCP"= 2967:TCP:Symantec

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/16/2010 11:49 AM 64512]

S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152]

S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]

S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/30/2007 4:27 PM 24652]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/5/2012 2:56 PM 106104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952]

S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 14:08]

.

2012-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]

.

2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job

- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job

- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]

.

2012-03-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]

.

2012-03-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sony.com/vaiopeople

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-18 21:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: FUJITSU_MHV2120BH_PL rev.00000029 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86EBA2C6

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,db,bd,c0,b4,e0,09,41,a2,18,ab,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,db,bd,c0,b4,e0,09,41,a2,18,ab,\

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1172)

c:\windows\system32\WININET.dll

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'lsass.exe'(1232)

c:\windows\system32\WININET.dll

.

Completion time: 2012-03-18 21:25:13

ComboFix-quarantined-files.txt 2012-03-19 01:25

ComboFix2.txt 2010-06-20 13:29

.

Pre-Run: 18,038,837,248 bytes free

Post-Run: 18,738,548,736 bytes free

.

- - End Of File - - E0344EF2923822964F6DC9FE2A21B4E3

dds.txt

attach.txt

LDTate · March 20, 2012

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
It doesn't take long to run, once it is finished move onto the next step

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

drwizzz · March 20, 2012

Thank you very much for responding...

I am attaching the logs for both of the programs, gooredfix and tdsskiller....

GooredFix by jpshortstuff (03.07.10.1)

Log created at 18:59 on 20/03/2012 (Butch)

Firefox version 11.0 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:13 05/02/2012]

C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [14:47 01/05/2010]

{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [14:13 04/01/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:26 09/09/2009]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [22:01 02/06/2010]

-=E.O.F=-

19:00:59.0218 4040 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

19:01:00.0171 4040 ============================================================

19:01:00.0171 4040 Current date / time: 2012/03/20 19:01:00.0171

19:01:00.0171 4040 SystemInfo:

19:01:00.0171 4040

19:01:00.0171 4040 OS Version: 5.1.2600 ServicePack: 3.0

19:01:00.0171 4040 Product type: Workstation

19:01:00.0171 4040 ComputerName: CCRSYR04MBC

19:01:00.0171 4040 UserName: Butch

19:01:00.0171 4040 Windows directory: C:\WINDOWS

19:01:00.0171 4040 System windows directory: C:\WINDOWS

19:01:00.0171 4040 Processor architecture: Intel x86

19:01:00.0171 4040 Number of processors: 2

19:01:00.0171 4040 Page size: 0x1000

19:01:00.0171 4040 Boot type: Safe boot with network

19:01:00.0171 4040 ============================================================

19:01:11.0765 4040 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:01:11.0796 4040 \Device\Harddisk0\DR0:

19:01:11.0812 4040 MBR used

19:01:11.0812 4040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE00D12, BlocksNum 0xD192AAF

19:01:12.0140 4040 Initialize success

19:01:12.0140 4040 ============================================================

19:01:59.0078 1792 ============================================================

19:01:59.0078 1792 Scan started

19:01:59.0078 1792 Mode: Manual; SigCheck; TDLFS;

19:01:59.0078 1792 ============================================================

19:02:21.0546 1792 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

19:03:24.0562 1792 61883 - ok

19:03:39.0359 1792 Abiosdsk - ok

19:03:41.0093 1792 abp480n5 - ok

19:03:43.0515 1792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:03:49.0671 1792 ACPI - ok

19:03:57.0078 1792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

19:03:57.0734 1792 ACPIEC - ok

19:04:03.0656 1792 adpu160m - ok

19:04:07.0562 1792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

19:04:08.0359 1792 aec - ok

19:04:10.0546 1792 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

19:04:10.0984 1792 AegisP ( UnsignedFile.Multi.Generic ) - warning

19:04:11.0031 1792 AegisP - detected UnsignedFile.Multi.Generic (1)

19:04:13.0703 1792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

19:04:15.0015 1792 AFD - ok

19:04:16.0859 1792 Aha154x - ok

19:04:20.0187 1792 aic78u2 - ok

19:04:30.0875 1792 aic78xx - ok

19:04:49.0687 1792 AliIde - ok

19:04:56.0765 1792 amsint - ok

19:05:04.0062 1792 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

19:05:11.0593 1792 ApfiltrService - ok

19:05:14.0828 1792 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

19:05:42.0093 1792 Arp1394 - ok

19:06:07.0906 1792 asc - ok

19:06:15.0468 1792 asc3350p - ok

19:06:20.0031 1792 asc3550 - ok

19:06:21.0843 1792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:06:56.0359 1792 AsyncMac - ok

19:07:12.0984 1792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

19:07:22.0421 1792 atapi - ok

19:07:23.0281 1792 Atdisk - ok

19:07:23.0453 1792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:07:23.0687 1792 Atmarpc - ok

19:07:25.0921 1792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

19:07:26.0109 1792 audstub - ok

19:07:26.0906 1792 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

19:07:27.0500 1792 Avc - ok

19:07:28.0250 1792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

19:07:28.0843 1792 Beep - ok

19:07:30.0109 1792 catchme - ok

19:07:34.0281 1792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

19:07:34.0781 1792 cbidf2k - ok

19:07:38.0421 1792 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:07:38.0734 1792 CCDECODE - ok

19:07:39.0562 1792 cd20xrnt - ok

19:07:40.0515 1792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

19:07:40.0796 1792 Cdaudio - ok

19:07:42.0765 1792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

19:07:43.0109 1792 Cdfs - ok

19:07:47.0859 1792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:07:48.0375 1792 Cdrom - ok

19:08:19.0296 1792 Changer - ok

19:08:26.0484 1792 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

19:08:53.0937 1792 CmBatt - ok

19:09:14.0843 1792 CmdIde - ok

19:09:45.0578 1792 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

19:10:11.0359 1792 Compbatt - ok

19:10:12.0625 1792 Cpqarray - ok

19:10:17.0421 1792 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

19:10:17.0921 1792 CVirtA - ok

19:10:25.0562 1792 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

19:10:25.0812 1792 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

19:10:25.0890 1792 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

19:10:26.0218 1792 dac2w2k - ok

19:10:26.0296 1792 dac960nt - ok

19:10:26.0515 1792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

19:10:43.0125 1792 Disk - ok

19:10:46.0515 1792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

19:11:01.0421 1792 dmboot - ok

19:11:01.0703 1792 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

19:11:03.0531 1792 DMICall - ok

19:11:04.0562 1792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

19:11:05.0046 1792 dmio - ok

19:11:05.0421 1792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

19:11:05.0921 1792 dmload - ok

19:11:06.0500 1792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

19:11:06.0921 1792 DMusic - ok

19:11:07.0406 1792 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys

19:11:07.0578 1792 DNE - ok

19:11:08.0453 1792 dpti2o - ok

19:11:08.0750 1792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

19:11:13.0140 1792 drmkaud - ok

19:11:13.0531 1792 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

19:11:24.0968 1792 eeCtrl - ok

19:11:25.0921 1792 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:11:26.0015 1792 EraserUtilRebootDrv - ok

19:11:27.0687 1792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

19:11:30.0000 1792 Fastfat - ok

19:11:30.0140 1792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

19:11:32.0140 1792 Fdc - ok

19:11:32.0203 1792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

19:11:34.0250 1792 Fips - ok

19:11:34.0421 1792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

19:11:36.0546 1792 Flpydisk - ok

19:11:36.0734 1792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

19:11:38.0968 1792 FltMgr - ok

19:11:39.0234 1792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:11:41.0312 1792 Fs_Rec - ok

19:11:41.0531 1792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:11:42.0718 1792 Ftdisk - ok

19:11:42.0781 1792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

19:11:42.0796 1792 GEARAspiWDM - ok

19:11:42.0875 1792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:11:44.0812 1792 Gpc - ok

19:11:44.0984 1792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:11:47.0015 1792 HDAudBus - ok

19:11:47.0109 1792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:11:49.0062 1792 HidUsb - ok

19:11:49.0312 1792 hpn - ok

19:11:49.0390 1792 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

19:11:49.0578 1792 HSFHWAZL - ok

19:11:49.0640 1792 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

19:11:49.0843 1792 HSF_DPV - ok

19:11:50.0062 1792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

19:11:50.0484 1792 HTTP - ok

19:11:50.0750 1792 i2omgmt - ok

19:11:50.0812 1792 i2omp - ok

19:11:50.0953 1792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:11:52.0890 1792 i8042prt - ok

19:11:53.0000 1792 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

19:11:53.0281 1792 ialm - ok

19:11:53.0500 1792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

19:11:55.0468 1792 Imapi - ok

19:11:55.0515 1792 ini910u - ok

19:11:55.0765 1792 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:11:56.0359 1792 IntcAzAudAddService - ok

19:11:56.0453 1792 IntelIde - ok

19:11:56.0500 1792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

19:11:58.0421 1792 intelppm - ok

19:11:58.0468 1792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

19:12:00.0359 1792 Ip6Fw - ok

19:12:00.0437 1792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:12:02.0390 1792 IpFilterDriver - ok

19:12:02.0750 1792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:12:06.0015 1792 IpInIp - ok

19:12:06.0578 1792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:12:08.0578 1792 IpNat - ok

19:12:08.0734 1792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:12:11.0156 1792 IPSec - ok

19:12:12.0765 1792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

19:12:15.0125 1792 IRENUM - ok

19:12:15.0312 1792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:12:17.0250 1792 isapnp - ok

19:12:17.0296 1792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:12:19.0296 1792 Kbdclass - ok

19:12:19.0781 1792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

19:12:21.0796 1792 kmixer - ok

19:12:22.0078 1792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

19:12:22.0359 1792 KSecDD - ok

19:12:22.0531 1792 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

19:12:22.0640 1792 Lbd - ok

19:12:22.0718 1792 lbrtfdc - ok

19:12:22.0906 1792 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

19:12:23.0000 1792 mdmxsdk - ok

19:12:23.0093 1792 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

19:12:23.0140 1792 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

19:12:23.0140 1792 MHNDRV - detected UnsignedFile.Multi.Generic (1)

19:12:23.0218 1792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

19:12:25.0250 1792 mnmdd - ok

19:12:26.0250 1792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

19:12:29.0437 1792 Modem - ok

19:12:29.0578 1792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:12:31.0500 1792 Mouclass - ok

19:12:31.0546 1792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:12:32.0671 1792 mouhid - ok

19:12:33.0015 1792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

19:12:35.0906 1792 MountMgr - ok

19:12:36.0031 1792 mraid35x - ok

19:12:36.0140 1792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:12:38.0328 1792 MRxDAV - ok

19:12:38.0500 1792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:12:38.0640 1792 MRxSmb - ok

19:12:38.0718 1792 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

19:12:40.0671 1792 MSDV - ok

19:12:40.0859 1792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

19:12:42.0781 1792 Msfs - ok

19:12:42.0843 1792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:12:44.0734 1792 MSKSSRV - ok

19:12:44.0828 1792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:12:46.0750 1792 MSPCLOCK - ok

19:12:46.0984 1792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

19:12:48.0906 1792 MSPQM - ok

19:12:48.0968 1792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:12:50.0875 1792 mssmbios - ok

19:12:51.0031 1792 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

19:12:53.0109 1792 MSTEE - ok

19:12:53.0296 1792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

19:12:53.0421 1792 Mup - ok

19:12:53.0484 1792 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:12:55.0406 1792 NABTSFEC - ok

19:12:55.0578 1792 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120316.004\naveng.sys

19:12:55.0578 1792 NAVENG - ok

19:12:55.0687 1792 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120316.004\navex15.sys

19:12:55.0843 1792 NAVEX15 - ok

19:12:56.0000 1792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

19:12:57.0953 1792 NDIS - ok

19:12:58.0000 1792 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:12:59.0906 1792 NdisIP - ok

19:13:00.0062 1792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:13:00.0171 1792 NdisTapi - ok

19:13:00.0234 1792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:13:02.0140 1792 Ndisuio - ok

19:13:02.0187 1792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:13:04.0390 1792 NdisWan - ok

19:13:04.0562 1792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

19:13:04.0734 1792 NDProxy - ok

19:13:04.0875 1792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

19:13:07.0125 1792 NetBIOS - ok

19:13:07.0296 1792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

19:13:09.0343 1792 NetBT - ok

19:13:09.0671 1792 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

19:13:09.0968 1792 NETw3x32 - ok

19:13:10.0000 1792 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

19:13:11.0921 1792 NIC1394 - ok

19:13:12.0078 1792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

19:13:14.0031 1792 Npfs - ok

19:13:14.0109 1792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

19:13:16.0500 1792 Ntfs - ok

19:13:16.0687 1792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

19:13:17.0828 1792 Null - ok

19:13:17.0875 1792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:13:19.0062 1792 NwlnkFlt - ok

19:13:19.0125 1792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:13:20.0250 1792 NwlnkFwd - ok

19:13:20.0421 1792 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

19:13:22.0359 1792 ohci1394 - ok

19:13:22.0437 1792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

19:13:24.0328 1792 Parport - ok

19:13:24.0468 1792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

19:13:26.0484 1792 PartMgr - ok

19:13:26.0546 1792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

19:13:27.0687 1792 ParVdm - ok

19:13:27.0953 1792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

19:13:30.0421 1792 PCI - ok

19:13:30.0578 1792 PCIDump - ok

19:13:30.0656 1792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

19:13:31.0828 1792 PCIIde - ok

19:13:31.0859 1792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

19:13:33.0750 1792 Pcmcia - ok

19:13:33.0890 1792 PDCOMP - ok

19:13:33.0906 1792 PDFRAME - ok

19:13:33.0937 1792 PDRELI - ok

19:13:33.0953 1792 PDRFRAME - ok

19:13:34.0000 1792 perc2 - ok

19:13:34.0015 1792 perc2hib - ok

19:13:34.0140 1792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:13:36.0156 1792 PptpMiniport - ok

19:13:36.0187 1792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

19:13:38.0109 1792 PSched - ok

19:13:38.0281 1792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:13:39.0406 1792 Ptilink - ok

19:13:39.0468 1792 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:13:39.0468 1792 PxHelp20 - ok

19:13:39.0500 1792 ql1080 - ok

19:13:39.0531 1792 Ql10wnt - ok

19:13:39.0546 1792 ql12160 - ok

19:13:39.0562 1792 ql1240 - ok

19:13:39.0593 1792 ql1280 - ok

19:13:39.0656 1792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:13:40.0781 1792 RasAcd - ok

19:13:41.0000 1792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:13:42.0937 1792 Rasl2tp - ok

19:13:42.0984 1792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:13:44.0890 1792 RasPppoe - ok

19:13:45.0078 1792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

19:13:46.0250 1792 Raspti - ok

19:13:46.0375 1792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:13:48.0781 1792 Rdbss - ok

19:13:48.0984 1792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:13:50.0468 1792 RDPCDD - ok

19:13:51.0015 1792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:13:53.0515 1792 rdpdr - ok

19:13:53.0703 1792 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

19:13:53.0796 1792 RDPWD - ok

19:13:53.0875 1792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

19:13:56.0062 1792 redbook - ok

19:13:56.0343 1792 RimSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

19:13:56.0453 1792 RimSerPort - ok

19:13:56.0609 1792 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys

19:13:56.0906 1792 RimUsb - ok

19:13:57.0140 1792 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

19:13:57.0281 1792 RimVSerPort - ok

19:13:57.0343 1792 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

19:13:59.0109 1792 ROOTMODEM - ok

19:13:59.0578 1792 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

19:13:59.0718 1792 s24trans ( UnsignedFile.Multi.Generic ) - warning

19:13:59.0718 1792 s24trans - detected UnsignedFile.Multi.Generic (1)

19:14:00.0812 1792 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys

19:14:00.0828 1792 SAVRT - ok

19:14:00.0937 1792 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

19:14:01.0000 1792 SAVRTPEL - ok

19:14:01.0781 1792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:14:04.0062 1792 Secdrv - ok

19:14:04.0390 1792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

19:14:06.0968 1792 Serial - ok

19:14:07.0265 1792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

19:14:09.0328 1792 Sfloppy - ok

19:14:09.0421 1792 Simbad - ok

19:14:09.0500 1792 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:14:11.0375 1792 SLIP - ok

19:14:11.0531 1792 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS

19:14:11.0593 1792 SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning

19:14:11.0593 1792 SMNDIS5 - detected UnsignedFile.Multi.Generic (1)

19:14:11.0718 1792 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

19:14:11.0859 1792 SNC - ok

19:14:12.0015 1792 Sparrow - ok

19:14:12.0375 1792 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

19:14:12.0421 1792 SPBBCDrv - ok

19:14:12.0640 1792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

19:14:14.0703 1792 splitter - ok

19:14:14.0890 1792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

19:14:17.0656 1792 sr - ok

19:14:17.0796 1792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

19:14:17.0968 1792 Srv - ok

19:14:18.0484 1792 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:14:20.0359 1792 streamip - ok

19:14:20.0515 1792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

19:14:22.0468 1792 swenum - ok

19:14:22.0531 1792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

19:14:24.0406 1792 swmidi - ok

19:14:24.0562 1792 symc810 - ok

19:14:24.0578 1792 symc8xx - ok

19:14:24.0734 1792 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS

19:14:24.0750 1792 SymEvent - ok

19:14:24.0859 1792 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

19:14:24.0875 1792 symlcbrd - ok

19:14:24.0890 1792 sym_hi - ok

19:14:24.0921 1792 sym_u3 - ok

19:14:24.0968 1792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

19:14:25.0437 1792 sysaudio - ok

19:14:25.0687 1792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:14:25.0828 1792 Tcpip - ok

19:14:25.0906 1792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

19:14:26.0078 1792 TDPIPE - ok

19:14:26.0109 1792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

19:14:26.0265 1792 TDTCP - ok

19:14:26.0421 1792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

19:14:26.0578 1792 TermDD - ok

19:14:26.0812 1792 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys

19:14:26.0906 1792 ti21sony - ok

19:14:27.0093 1792 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

19:14:27.0171 1792 toshidpt ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0171 1792 toshidpt - detected UnsignedFile.Multi.Generic (1)

19:14:27.0187 1792 TosIde - ok

19:14:27.0250 1792 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys

19:14:27.0265 1792 tosporte ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0265 1792 tosporte - detected UnsignedFile.Multi.Generic (1)

19:14:27.0296 1792 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys

19:14:27.0343 1792 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0343 1792 Tosrfbd - detected UnsignedFile.Multi.Generic (1)

19:14:27.0375 1792 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

19:14:27.0406 1792 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0406 1792 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)

19:14:27.0437 1792 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

19:14:27.0515 1792 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0515 1792 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

19:14:27.0578 1792 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

19:14:27.0609 1792 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0609 1792 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

19:14:27.0828 1792 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

19:14:27.0875 1792 tosrfnds ( UnsignedFile.Multi.Generic ) - warning

19:14:27.0875 1792 tosrfnds - detected UnsignedFile.Multi.Generic (1)

19:14:27.0968 1792 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys

19:14:28.0000 1792 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning

19:14:28.0000 1792 TosRfSnd - detected UnsignedFile.Multi.Generic (1)

19:14:28.0031 1792 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys

19:14:28.0109 1792 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

19:14:28.0109 1792 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

19:14:28.0203 1792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

19:14:30.0093 1792 Udfs - ok

19:14:30.0203 1792 ultra - ok

19:14:30.0281 1792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

19:14:32.0156 1792 Update - ok

19:14:32.0265 1792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:14:34.0156 1792 usbccgp - ok

19:14:34.0281 1792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:14:36.0203 1792 usbehci - ok

19:14:36.0312 1792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:14:38.0234 1792 usbhub - ok

19:14:38.0421 1792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:14:40.0421 1792 usbprint - ok

19:14:40.0484 1792 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:14:42.0484 1792 usbstor - ok

19:14:42.0609 1792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

19:14:44.0562 1792 usbuhci - ok

19:14:44.0734 1792 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

19:14:46.0656 1792 usbvideo - ok

19:14:46.0781 1792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

19:14:48.0796 1792 VgaSave - ok

19:14:48.0921 1792 ViaIde - ok

19:14:49.0031 1792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

19:14:49.0406 1792 VolSnap - ok

19:14:49.0468 1792 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

19:14:49.0671 1792 vsdatant - ok

19:14:49.0968 1792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:14:50.0250 1792 Wanarp - ok

19:14:50.0359 1792 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

19:14:50.0390 1792 wanatw - ok

19:14:50.0453 1792 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

19:14:50.0484 1792 Wdf01000 - ok

19:14:50.0609 1792 WDICA - ok

19:14:50.0718 1792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

19:14:51.0109 1792 wdmaud - ok

19:14:51.0234 1792 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

19:14:51.0390 1792 winachsf - ok

19:14:51.0765 1792 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

19:14:51.0984 1792 WpdUsb - ok

19:14:52.0328 1792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:14:52.0796 1792 WS2IFSL - ok

19:14:52.0953 1792 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:14:53.0171 1792 WSTCODEC - ok

19:14:53.0265 1792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:14:53.0328 1792 WudfPf - ok

19:14:53.0406 1792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:14:53.0500 1792 WudfRd - ok

19:14:53.0859 1792 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

19:14:53.0968 1792 yukonwxp - ok

19:14:54.0125 1792 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0

19:14:54.0171 1792 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

19:14:54.0171 1792 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

19:14:54.0234 1792 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

19:14:54.0234 1792 \Device\Harddisk0\DR0 - detected TDSS File System (1)

19:14:54.0281 1792 Boot (0x1200) (fe688d84fdd0b4f6ac37c2251246f469) \Device\Harddisk0\DR0\Partition0

19:14:54.0281 1792 \Device\Harddisk0\DR0\Partition0 - ok

19:14:54.0281 1792 ============================================================

19:14:54.0281 1792 Scan finished

19:14:54.0281 1792 ============================================================

19:14:54.0500 3644 Detected object count: 16

19:14:54.0500 3644 Actual detected object count: 16

19:16:21.0375 3644 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0375 3644 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0375 3644 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0375 3644 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0390 3644 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0390 3644 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0406 3644 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0406 3644 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0421 3644 SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0421 3644 SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0437 3644 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0437 3644 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0437 3644 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0437 3644 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0453 3644 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0453 3644 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0453 3644 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0453 3644 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0468 3644 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0468 3644 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0484 3644 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0484 3644 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0484 3644 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0484 3644 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0500 3644 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0500 3644 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:21.0500 3644 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

19:16:21.0500 3644 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

19:16:23.0218 3644 \Device\Harddisk0\DR0\# - copied to quarantine

19:16:23.0218 3644 \Device\Harddisk0\DR0 - copied to quarantine

19:16:23.0250 3644 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

19:16:23.0265 3644 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

19:16:23.0265 3644 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

19:16:23.0265 3644 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

19:16:23.0281 3644 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

19:16:23.0296 3644 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

19:16:23.0359 3644 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

19:16:23.0359 3644 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

19:16:23.0390 3644 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

19:16:23.0406 3644 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

19:16:23.0406 3644 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

19:16:23.0406 3644 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

19:16:23.0421 3644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

19:16:23.0421 3644 \Device\Harddisk0\DR0 - ok

19:16:23.0546 3644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

19:16:23.0546 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:16:23.0546 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

19:18:00.0921 3212 Deinitialize success

LDTate · March 20, 2012

If you haven't rebooted since that run please do so now and run a new TDSSKIller scan and post the results

drwizzz · March 21, 2012

here is the scan:

22:48:40.0640 5320 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

22:48:41.0046 5320 ============================================================

22:48:41.0062 5320 Current date / time: 2012/03/20 22:48:41.0046

22:48:41.0062 5320 SystemInfo:

22:48:41.0062 5320

22:48:41.0062 5320 OS Version: 5.1.2600 ServicePack: 3.0

22:48:41.0062 5320 Product type: Workstation

22:48:41.0062 5320 ComputerName: CCRSYR04MBC

22:48:41.0093 5320 UserName: Butch

22:48:41.0109 5320 Windows directory: C:\WINDOWS

22:48:41.0109 5320 System windows directory: C:\WINDOWS

22:48:41.0109 5320 Processor architecture: Intel x86

22:48:41.0109 5320 Number of processors: 2

22:48:41.0109 5320 Page size: 0x1000

22:48:41.0109 5320 Boot type: Normal boot

22:48:41.0109 5320 ============================================================

22:48:57.0984 5320 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:48:58.0234 5320 \Device\Harddisk0\DR0:

22:48:58.0234 5320 MBR used

22:48:58.0234 5320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE00D12, BlocksNum 0xD192AAF

22:48:59.0625 5320 Initialize success

22:48:59.0625 5320 ============================================================

22:49:21.0468 5736 ============================================================

22:49:21.0468 5736 Scan started

22:49:21.0468 5736 Mode: Manual; SigCheck; TDLFS;

22:49:21.0468 5736 ============================================================

22:49:32.0031 5736 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

22:49:59.0906 5736 61883 - ok

22:50:00.0687 5736 Abiosdsk - ok

22:50:00.0906 5736 abp480n5 - ok

22:50:10.0281 5736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:50:10.0671 5736 ACPI - ok

22:50:13.0156 5736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

22:50:13.0562 5736 ACPIEC - ok

22:50:14.0515 5736 adpu160m - ok

22:50:14.0656 5736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:50:14.0953 5736 aec - ok

22:50:15.0031 5736 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

22:50:15.0328 5736 AegisP ( UnsignedFile.Multi.Generic ) - warning

22:50:15.0328 5736 AegisP - detected UnsignedFile.Multi.Generic (1)

22:50:17.0109 5736 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

22:50:17.0453 5736 AFD - ok

22:50:17.0796 5736 Aha154x - ok

22:50:17.0875 5736 aic78u2 - ok

22:50:17.0890 5736 aic78xx - ok

22:50:18.0031 5736 AliIde - ok

22:50:18.0156 5736 amsint - ok

22:50:18.0328 5736 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

22:50:18.0625 5736 ApfiltrService - ok

22:50:19.0062 5736 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:50:19.0296 5736 Arp1394 - ok

22:50:19.0625 5736 asc - ok

22:50:19.0906 5736 asc3350p - ok

22:50:20.0218 5736 asc3550 - ok

22:50:20.0500 5736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:50:20.0796 5736 AsyncMac - ok

22:50:21.0031 5736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:50:21.0234 5736 atapi - ok

22:50:21.0359 5736 Atdisk - ok

22:50:21.0750 5736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:50:21.0968 5736 Atmarpc - ok

22:50:22.0468 5736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:50:22.0656 5736 audstub - ok

22:50:23.0000 5736 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

22:50:23.0234 5736 Avc - ok

22:50:23.0546 5736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:50:23.0796 5736 Beep - ok

22:50:23.0968 5736 catchme - ok

22:50:24.0250 5736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:50:24.0500 5736 cbidf2k - ok

22:50:24.0828 5736 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:50:25.0015 5736 CCDECODE - ok

22:50:25.0062 5736 cd20xrnt - ok

22:50:25.0140 5736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:50:25.0390 5736 Cdaudio - ok

22:50:25.0687 5736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:50:25.0968 5736 Cdfs - ok

22:50:26.0468 5736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:50:26.0843 5736 Cdrom - ok

22:50:28.0125 5736 Changer - ok

22:50:28.0531 5736 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

22:50:28.0750 5736 CmBatt - ok

22:50:29.0281 5736 CmdIde - ok

22:50:29.0515 5736 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

22:50:29.0750 5736 Compbatt - ok

22:50:29.0828 5736 Cpqarray - ok

22:50:29.0906 5736 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

22:50:30.0078 5736 CVirtA - ok

22:50:30.0328 5736 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

22:50:30.0437 5736 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

22:50:30.0437 5736 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

22:50:30.0687 5736 dac2w2k - ok

22:50:30.0781 5736 dac960nt - ok

22:50:30.0937 5736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:50:31.0171 5736 Disk - ok

22:50:31.0750 5736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

22:50:32.0125 5736 dmboot - ok

22:50:32.0437 5736 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

22:50:32.0671 5736 DMICall - ok

22:50:33.0703 5736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

22:50:34.0078 5736 dmio - ok

22:50:35.0109 5736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:50:35.0312 5736 dmload - ok

22:50:35.0671 5736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:50:35.0921 5736 DMusic - ok

22:50:36.0312 5736 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys

22:50:36.0421 5736 DNE - ok

22:50:36.0640 5736 dpti2o - ok

22:50:37.0187 5736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:50:37.0359 5736 drmkaud - ok

22:50:37.0703 5736 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

22:50:38.0687 5736 eeCtrl - ok

22:50:38.0984 5736 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

22:50:39.0093 5736 EraserUtilRebootDrv - ok

22:50:39.0390 5736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:50:39.0796 5736 Fastfat - ok

22:50:40.0234 5736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

22:50:40.0484 5736 Fdc - ok

22:50:40.0671 5736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

22:50:41.0046 5736 Fips - ok

22:50:41.0359 5736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

22:50:41.0671 5736 Flpydisk - ok

22:50:41.0968 5736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:50:42.0281 5736 FltMgr - ok

22:50:42.0406 5736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:50:42.0640 5736 Fs_Rec - ok

22:50:42.0750 5736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:50:43.0000 5736 Ftdisk - ok

22:50:43.0218 5736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

22:50:43.0250 5736 GEARAspiWDM - ok

22:50:43.0343 5736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:50:43.0656 5736 Gpc - ok

22:50:43.0859 5736 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:50:44.0031 5736 HDAudBus - ok

22:50:44.0156 5736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:50:44.0328 5736 HidUsb - ok

22:50:44.0421 5736 hpn - ok

22:50:44.0484 5736 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

22:50:44.0687 5736 HSFHWAZL - ok

22:50:44.0781 5736 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

22:50:45.0031 5736 HSF_DPV - ok

22:50:45.0500 5736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:50:45.0625 5736 HTTP - ok

22:50:45.0812 5736 i2omgmt - ok

22:50:45.0875 5736 i2omp - ok

22:50:45.0937 5736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:50:46.0218 5736 i8042prt - ok

22:50:46.0546 5736 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

22:50:46.0890 5736 ialm - ok

22:50:47.0046 5736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:50:47.0281 5736 Imapi - ok

22:50:47.0406 5736 ini910u - ok

22:50:47.0859 5736 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys

22:50:49.0203 5736 IntcAzAudAddService - ok

22:50:49.0468 5736 IntelIde - ok

22:50:49.0578 5736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:50:49.0734 5736 intelppm - ok

22:50:49.0796 5736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:50:49.0984 5736 Ip6Fw - ok

22:50:50.0234 5736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:50:50.0390 5736 IpFilterDriver - ok

22:50:50.0453 5736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:50:50.0625 5736 IpInIp - ok

22:50:50.0859 5736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:50:51.0031 5736 IpNat - ok

22:50:51.0187 5736 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:50:51.0468 5736 IPSec - ok

22:50:51.0703 5736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:50:51.0859 5736 IRENUM - ok

22:50:51.0984 5736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:50:52.0203 5736 isapnp - ok

22:50:52.0390 5736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:50:52.0562 5736 Kbdclass - ok

22:50:52.0718 5736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:50:52.0906 5736 kmixer - ok

22:50:53.0046 5736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:50:53.0218 5736 KSecDD - ok

22:50:53.0359 5736 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

22:50:53.0734 5736 Lavasoft Kernexplorer - ok

22:50:53.0843 5736 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

22:50:53.0906 5736 Lbd - ok

22:50:53.0953 5736 lbrtfdc - ok

22:50:54.0015 5736 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

22:50:54.0062 5736 mdmxsdk - ok

22:50:54.0140 5736 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

22:50:54.0156 5736 MHNDRV ( UnsignedFile.Multi.Generic ) - warning

22:50:54.0156 5736 MHNDRV - detected UnsignedFile.Multi.Generic (1)

22:50:54.0390 5736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:50:54.0562 5736 mnmdd - ok

22:50:54.0687 5736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

22:50:54.0859 5736 Modem - ok

22:50:54.0968 5736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:50:55.0140 5736 Mouclass - ok

22:50:55.0281 5736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:50:55.0468 5736 mouhid - ok

22:50:55.0671 5736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:50:55.0859 5736 MountMgr - ok

22:50:55.0921 5736 mraid35x - ok

22:50:56.0093 5736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:50:56.0296 5736 MRxDAV - ok

22:50:56.0484 5736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:50:56.0968 5736 MRxSmb - ok

22:50:57.0203 5736 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

22:50:57.0421 5736 MSDV - ok

22:50:57.0531 5736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:50:57.0687 5736 Msfs - ok

22:50:57.0875 5736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:50:58.0031 5736 MSKSSRV - ok

22:50:58.0109 5736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:50:58.0265 5736 MSPCLOCK - ok

22:50:58.0484 5736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:50:58.0656 5736 MSPQM - ok

22:50:58.0828 5736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:50:59.0000 5736 mssmbios - ok

22:50:59.0125 5736 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:50:59.0312 5736 MSTEE - ok

22:50:59.0406 5736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

22:50:59.0531 5736 Mup - ok

22:50:59.0750 5736 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:50:59.0968 5736 NABTSFEC - ok

22:51:00.0093 5736 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120316.004\naveng.sys

22:51:00.0187 5736 NAVENG - ok

22:51:00.0343 5736 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120316.004\navex15.sys

22:51:00.0750 5736 NAVEX15 - ok

22:51:01.0015 5736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:51:01.0375 5736 NDIS - ok

22:51:01.0625 5736 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:51:01.0796 5736 NdisIP - ok

22:51:01.0875 5736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:51:01.0937 5736 NdisTapi - ok

22:51:02.0093 5736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:51:02.0265 5736 Ndisuio - ok

22:51:02.0312 5736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:51:02.0640 5736 NdisWan - ok

22:51:03.0343 5736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

22:51:03.0531 5736 NDProxy - ok

22:51:03.0859 5736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:51:04.0046 5736 NetBIOS - ok

22:51:04.0078 5736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:51:04.0406 5736 NetBT - ok

22:51:04.0687 5736 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

22:51:05.0000 5736 NETw3x32 - ok

22:51:05.0140 5736 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:51:05.0359 5736 NIC1394 - ok

22:51:05.0406 5736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:51:05.0562 5736 Npfs - ok

22:51:05.0750 5736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:51:06.0015 5736 Ntfs - ok

22:51:06.0078 5736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:51:06.0265 5736 Null - ok

22:51:06.0406 5736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:51:06.0609 5736 NwlnkFlt - ok

22:51:06.0687 5736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:51:06.0859 5736 NwlnkFwd - ok

22:51:07.0046 5736 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:51:07.0234 5736 ohci1394 - ok

22:51:07.0328 5736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

22:51:07.0500 5736 Parport - ok

22:51:07.0828 5736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:51:08.0015 5736 PartMgr - ok

22:51:08.0187 5736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:51:08.0375 5736 ParVdm - ok

22:51:08.0468 5736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

22:51:08.0671 5736 PCI - ok

22:51:08.0718 5736 PCIDump - ok

22:51:08.0796 5736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:51:08.0984 5736 PCIIde - ok

22:51:09.0140 5736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

22:51:09.0343 5736 Pcmcia - ok

22:51:09.0484 5736 PDCOMP - ok

22:51:09.0500 5736 PDFRAME - ok

22:51:09.0546 5736 PDRELI - ok

22:51:09.0593 5736 PDRFRAME - ok

22:51:09.0718 5736 perc2 - ok

22:51:09.0734 5736 perc2hib - ok

22:51:09.0875 5736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:51:10.0093 5736 PptpMiniport - ok

22:51:10.0125 5736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:51:10.0312 5736 PSched - ok

22:51:10.0765 5736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:51:10.0953 5736 Ptilink - ok

22:51:11.0062 5736 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

22:51:11.0140 5736 PxHelp20 - ok

22:51:11.0328 5736 ql1080 - ok

22:51:11.0375 5736 Ql10wnt - ok

22:51:11.0390 5736 ql12160 - ok

22:51:11.0421 5736 ql1240 - ok

22:51:11.0437 5736 ql1280 - ok

22:51:11.0484 5736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:51:11.0671 5736 RasAcd - ok

22:51:11.0796 5736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:51:11.0984 5736 Rasl2tp - ok

22:51:12.0031 5736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:51:12.0375 5736 RasPppoe - ok

22:51:12.0500 5736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:51:12.0703 5736 Raspti - ok

22:51:12.0859 5736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:51:13.0046 5736 Rdbss - ok

22:51:13.0156 5736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:51:13.0328 5736 RDPCDD - ok

22:51:13.0484 5736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:51:13.0734 5736 rdpdr - ok

22:51:13.0859 5736 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

22:51:14.0046 5736 RDPWD - ok

22:51:14.0234 5736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:51:14.0500 5736 redbook - ok

22:51:14.0703 5736 RimSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

22:51:14.0812 5736 RimSerPort - ok

22:51:15.0000 5736 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys

22:51:15.0296 5736 RimUsb - ok

22:51:15.0406 5736 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

22:51:15.0421 5736 RimVSerPort - ok

22:51:15.0531 5736 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

22:51:15.0718 5736 ROOTMODEM - ok

22:51:15.0812 5736 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

22:51:15.0843 5736 s24trans ( UnsignedFile.Multi.Generic ) - warning

22:51:15.0843 5736 s24trans - detected UnsignedFile.Multi.Generic (1)

22:51:15.0984 5736 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys

22:51:16.0062 5736 SAVRT - ok

22:51:16.0062 5736 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

22:51:16.0109 5736 SAVRTPEL - ok

22:51:16.0359 5736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:51:16.0546 5736 Secdrv - ok

22:51:16.0687 5736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

22:51:16.0906 5736 Serial - ok

22:51:17.0078 5736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

22:51:17.0328 5736 Sfloppy - ok

22:51:17.0406 5736 Simbad - ok

22:51:17.0468 5736 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:51:17.0625 5736 SLIP - ok

22:51:17.0781 5736 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS

22:51:17.0906 5736 SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning

22:51:17.0906 5736 SMNDIS5 - detected UnsignedFile.Multi.Generic (1)

22:51:18.0093 5736 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

22:51:18.0203 5736 SNC - ok

22:51:18.0250 5736 Sparrow - ok

22:51:18.0437 5736 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

22:51:18.0578 5736 SPBBCDrv - ok

22:51:18.0765 5736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:51:18.0921 5736 splitter - ok

22:51:19.0015 5736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

22:51:19.0296 5736 sr - ok

22:51:19.0531 5736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

22:51:19.0671 5736 Srv - ok

22:51:19.0812 5736 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:51:20.0125 5736 streamip - ok

22:51:20.0281 5736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:51:20.0453 5736 swenum - ok

22:51:20.0671 5736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:51:20.0843 5736 swmidi - ok

22:51:20.0953 5736 symc810 - ok

22:51:21.0000 5736 symc8xx - ok

22:51:21.0234 5736 SymEvent (3c6790d26d03fe5163e2bec490e51a7e) C:\Program Files\Symantec\SYMEVENT.SYS

22:51:21.0265 5736 SymEvent - ok

22:51:21.0531 5736 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

22:51:21.0578 5736 symlcbrd - ok

22:51:21.0640 5736 sym_hi - ok

22:51:21.0687 5736 sym_u3 - ok

22:51:21.0765 5736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:51:21.0984 5736 sysaudio - ok

22:51:22.0156 5736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:51:22.0953 5736 Tcpip - ok

22:51:23.0078 5736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:51:23.0265 5736 TDPIPE - ok

22:51:23.0328 5736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:51:23.0500 5736 TDTCP - ok

22:51:23.0625 5736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:51:23.0796 5736 TermDD - ok

22:51:23.0875 5736 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys

22:51:23.0953 5736 ti21sony - ok

22:51:24.0046 5736 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

22:51:24.0078 5736 toshidpt ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0078 5736 toshidpt - detected UnsignedFile.Multi.Generic (1)

22:51:24.0156 5736 TosIde - ok

22:51:24.0203 5736 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys

22:51:24.0250 5736 tosporte ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0250 5736 tosporte - detected UnsignedFile.Multi.Generic (1)

22:51:24.0312 5736 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys

22:51:24.0375 5736 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0375 5736 Tosrfbd - detected UnsignedFile.Multi.Generic (1)

22:51:24.0453 5736 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

22:51:24.0484 5736 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0484 5736 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)

22:51:24.0562 5736 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

22:51:24.0609 5736 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0609 5736 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

22:51:24.0734 5736 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

22:51:24.0781 5736 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0781 5736 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

22:51:24.0843 5736 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

22:51:24.0875 5736 tosrfnds ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0875 5736 tosrfnds - detected UnsignedFile.Multi.Generic (1)

22:51:24.0937 5736 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys

22:51:24.0968 5736 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning

22:51:24.0968 5736 TosRfSnd - detected UnsignedFile.Multi.Generic (1)

22:51:25.0000 5736 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys

22:51:25.0046 5736 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

22:51:25.0046 5736 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

22:51:25.0203 5736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:51:25.0421 5736 Udfs - ok

22:51:25.0625 5736 ultra - ok

22:51:25.0671 5736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:51:25.0890 5736 Update - ok

22:51:25.0968 5736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:51:26.0156 5736 usbccgp - ok

22:51:26.0312 5736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:51:26.0484 5736 usbehci - ok

22:51:26.0625 5736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:51:26.0890 5736 usbhub - ok

22:51:27.0093 5736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:51:27.0265 5736 usbprint - ok

22:51:27.0531 5736 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:51:27.0687 5736 usbstor - ok

22:51:27.0843 5736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:51:28.0015 5736 usbuhci - ok

22:51:28.0109 5736 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

22:51:28.0328 5736 usbvideo - ok

22:51:28.0406 5736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:51:28.0609 5736 VgaSave - ok

22:51:28.0765 5736 ViaIde - ok

22:51:28.0859 5736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

22:51:29.0046 5736 VolSnap - ok

22:51:29.0203 5736 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

22:51:29.0437 5736 vsdatant - ok

22:51:29.0656 5736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:51:29.0859 5736 Wanarp - ok

22:51:29.0953 5736 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

22:51:30.0046 5736 wanatw - ok

22:51:30.0343 5736 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

22:51:30.0437 5736 Wdf01000 - ok

22:51:30.0453 5736 WDICA - ok

22:51:30.0515 5736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:51:30.0734 5736 wdmaud - ok

22:51:31.0078 5736 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

22:51:31.0250 5736 winachsf - ok

22:51:31.0421 5736 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

22:51:31.0703 5736 WpdUsb - ok

22:51:31.0875 5736 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

22:51:32.0062 5736 WS2IFSL - ok

22:51:32.0281 5736 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:51:32.0453 5736 WSTCODEC - ok

22:51:32.0609 5736 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:51:32.0703 5736 WudfPf - ok

22:51:32.0921 5736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:51:33.0421 5736 WudfRd - ok

22:51:33.0500 5736 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

22:51:33.0656 5736 yukonwxp - ok

22:51:33.0703 5736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:51:34.0375 5736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

22:51:34.0375 5736 \Device\Harddisk0\DR0 - detected TDSS File System (1)

22:51:34.0421 5736 Boot (0x1200) (fe688d84fdd0b4f6ac37c2251246f469) \Device\Harddisk0\DR0\Partition0

22:51:34.0453 5736 \Device\Harddisk0\DR0\Partition0 - ok

22:51:34.0453 5736 ============================================================

22:51:34.0453 5736 Scan finished

22:51:34.0453 5736 ============================================================

22:51:34.0562 5728 Detected object count: 15

22:51:34.0562 5728 Actual detected object count: 15

22:53:03.0796 5728 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0796 5728 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0812 5728 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0812 5728 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0812 5728 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0812 5728 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0812 5728 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0812 5728 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0812 5728 SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0812 5728 SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0812 5728 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0812 5728 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0812 5728 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0812 5728 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0828 5728 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0828 5728 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0828 5728 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0828 5728 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0828 5728 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0828 5728 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0843 5728 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0843 5728 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0843 5728 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0843 5728 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0859 5728 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0859 5728 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0859 5728 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:03.0859 5728 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:03.0859 5728 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

22:53:03.0859 5728 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

22:53:18.0859 5072 Deinitialize success

LDTate · March 21, 2012

Please run a new Combofix scan

let me know how it's running after that.

drwizzz · March 21, 2012

Following the ComboFix scan everything appears to be back to "normal."

The "svchost.exe" process in windows task manager is no longer is eating up memory.

The computer is not running slow with the hard drive constantly running anymore.

Firefox and IE go to the real google and the actual search entries.

Can you tell me what virus I had and what things I need to do to prevent reoccurance?

Thank you again...

Here is the combofix.txt:

ComboFix 12-03-18.01 - Butch 03/21/2012 8:17.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.331 [GMT -4:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Butch\g2mdlhlpx.exe

c:\documents and settings\Butch\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe

c:\documents and settings\Butch\My Documents\~WRL0005.tmp

c:\documents and settings\Butch\My Documents\~WRL2239.tmp

c:\documents and settings\Butch\Recent\applicationsmil951.smil.zip

.

((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))

.

2012-03-20 23:16 . 2012-03-20 23:16 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-19 00:06 . 2012-03-19 00:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-03-19 00:05 . 2012-03-19 00:05 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2012-03-18 18:36 . 2012-03-18 18:41 -------- d-----w- C:\random

2012-03-18 15:06 . 2012-03-18 15:06 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 15:06 . 2012-03-18 15:06 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-15 16:58 . 2012-03-16 04:11 -------- d-----w- c:\documents and settings\Butch\Application Data\Audacity

2012-03-15 16:56 . 2012-03-15 16:57 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2012-03-04 19:04 . 2012-03-04 19:04 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll

2012-03-04 19:03 . 2012-03-04 19:03 -------- d-----w- c:\program files\Common Files\xing shared

2012-03-04 19:02 . 2012-03-04 19:02 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll

2012-03-04 19:02 . 2012-03-04 19:02 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll

2012-03-04 19:00 . 2012-03-04 19:03 -------- d-----w- c:\program files\real

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-20 22:18 . 2006-08-10 07:32 26112 ----a-w- c:\windows\system32\userinit.exe

2012-03-08 14:12 . 2011-05-15 04:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2006-08-10 07:32 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-15 15:32 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-08-10 07:45 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-18 15:06 . 2012-02-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"HostManager"="c:\program files\Common Files\AOL\1174708395\ee\AOLSoftware.exe" [2006-09-26 50736]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-04 296056]

.

c:\documents and settings\Butch\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-3-26 1524776]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

2006-05-08 13:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"=

"c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2967:TCP"= 2967:TCP:Symantec

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/16/2010 11:49 AM 64512]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/5/2012 2:56 PM 106104]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 14:08]

.

2012-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]

.

2012-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job

- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]

.

2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job

- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]

.

2012-03-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]

.

2012-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-FreeScreenSharing - c:\documents and settings\Butch\Local Settings\Application Data\FreeScreenSharing\FreeScreenSharing.exe

SafeBoot-Wdf01000.sys

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-21 08:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1320)

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'explorer.exe'(5136)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Lavasoft\Ad-Aware\AAWService.exe

c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

c:\program files\safeconnect\Uninstall.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Viewpoint\Common\ViewpointService.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\eHome\ehmsas.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2012-03-21 09:00:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-21 12:59

ComboFix2.txt 2012-03-19 01:25

ComboFix3.txt 2010-06-20 13:29

.

Pre-Run: 17,953,173,504 bytes free

Post-Run: 18,472,157,184 bytes free

.

- - End Of File - - 4D0471D1EC039DEDB12788608EDC5077

LDTate · March 21, 2012

19:16:23.0546 3644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

You had a RootKit infection.

You can delete TDSSKiller and be sure to do this:

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

Click START run
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

Click START Search
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.
Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
•Free browser plug-in for Internet Explorer and Firefox
•Real-time safety ratings
•Ideal for Facebook, Twitter and LinkedIn
JAVA Click this link and click on the Free JAVA Download
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

Dynamically Blocks Malware Sites & Servers
Malware Execution Prevention

Save yourself the hassle and get protected.

LDTate · March 25, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

google redirect in firefox

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information