Jump to content

Bing and Google redirecting


Recommended Posts

Hi there

I've got a laptop with XPSP3 that had a fake AV infection which MBAM seemed to clear up Ok.

I have run MBAM, SpyBot and Panda Cloud AV, all updated and all now find nothing.

The remaining problem is if I search with Bing or Google and then click on one of the resulting links, IE gets redirected to another website.

I've got logs for Hijack this, OTL and Gmer. Shall I attach them or copy and paste them into a message ? The Gmer is 740k

Thanks for your help.

MevWeb

Link to post
Share on other sites

Hello mevweb! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Please folow these instructions:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post all logs if you can.

Link to post
Share on other sites

Log files attached

DDS (Ver_10-03-17.01) - NTFSx86

Run by Leanne Lees at 11:16:14.29 on 30/06/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.103 [GMT 1:00]

AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\AOL\1218294203\ee\AOLSoftware.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Leanne Lees\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm486PCGB&fl=0&ptb=oJXYCahE6yzz2_a8hEt9DA&ind=2009051414&url=http://www.uk.ask.com/web&q={searchTerms}&l=zu&o=sb

uStart Page = hxxp://www.mevweb.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [VTTimer] VTTimer.exe

mRun: [VTTrayp] VTtrayp.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [HostManager] c:\program files\common files\aol\1218294203\ee\AOLSoftware.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

mPolicies-system: EnableLUA = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8DD728F1-7A97-4606-968A-F3F27D05ED33} - hxxp://81.136.141.140/Digia2.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6026/mcfscan.cab

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928]

R1 SASDIFSV;SASDIFSV;c:\docume~1\leanne~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\docume~1\leanne~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-8 54752]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-4-30 136448]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920]

R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2006-10-19 5504]

R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [2006-12-14 129535]

=============== Created Last 30 ================

2010-06-30 09:45:09 0 ----a-w- c:\documents and settings\leanne lees\defogger_reenable

2010-06-30 08:52:03 0 d-----w- c:\program files\Sophos

2010-06-29 15:24:54 0 d-----w- c:\docume~1\leanne~1\applic~1\SUPERAntiSpyware.com

2010-06-29 15:24:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-28 15:54:43 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-06-28 15:54:43 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-06-28 15:54:43 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-06-28 15:54:43 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-06-28 15:54:43 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-06-28 15:54:41 0 d-----w- c:\program files\Trojan Remover

2010-06-28 10:51:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-06-28 08:41:06 0 d-----w- c:\windows\McAfee.com

2010-06-25 14:17:18 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-06-25 14:17:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-06-25 13:43:49 354186 -c--a-w- C:\cc_20100625_144344.reg

2010-06-25 08:21:27 5707 ----a-w- c:\documents and settings\leanne lees\all

2010-06-24 15:01:07 0 d-----w- c:\docume~1\leanne~1\applic~1\Panda Security

2010-06-24 15:00:23 264 ----a-w- c:\windows\system32\PSUNCpl.dat

2010-06-24 14:59:28 0 d-----w- c:\program files\Panda Security

2010-06-24 14:59:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security

2010-06-24 13:10:18 0 d-----w- c:\docume~1\leanne~1\applic~1\Malwarebytes

2010-06-24 13:09:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-24 13:09:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-24 13:09:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-06-24 13:09:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-22 23:18:50 0 dc----w- C:\spoolerlogs

2010-06-12 08:19:50 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-01 16:00:14 0 d-sh--w- C:\found.003

==================== Find3M ====================

2010-06-10 16:42:22 45 ----a-w- c:\documents and settings\leanne lees\jagex_runescape_preferences.dat

2010-06-10 16:42:09 75 ----a-w- c:\documents and settings\leanne lees\jagex_runescape_preferences2.dat

2010-05-27 17:39:30 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2010-05-12 09:58:11 110920 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2010-05-07 22:49:53 0 ----a-w- c:\documents and settings\leanne lees\jagex__preferences3.dat

2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2010-05-04 07:36:53 129928 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll

2010-04-13 20:14:51 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-03 05:39:36 2377576 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

============= FINISH: 11:18:34.14 ===============

attach.zip

Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please, uninstall the following applications:

  1. Adobe Reader 9.1.1

You can read, how to this here:

Step 3

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 4

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s):

  1. JavaRa log
  2. MalwareBytes' Anti-Malware log
  3. a new fresh DDS log only

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

10:25:08:390 1964 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

10:25:08:390 1964 ================================================================================

10:25:08:390 1964 SystemInfo:

10:25:08:390 1964 OS Version: 5.1.2600 ServicePack: 3.0

10:25:08:390 1964 Product type: Workstation

10:25:08:390 1964 ComputerName: LEANNE

10:25:08:390 1964 UserName: Leanne Lees

10:25:08:390 1964 Windows directory: C:\WINDOWS

10:25:08:390 1964 System windows directory: C:\WINDOWS

10:25:08:390 1964 Processor architecture: Intel x86

10:25:08:390 1964 Number of processors: 1

10:25:08:390 1964 Page size: 0x1000

10:25:08:390 1964 Boot type: Normal boot

10:25:08:390 1964 ================================================================================

10:25:09:281 1964 Initialize success

10:25:09:281 1964

10:25:09:281 1964 Scanning Services ...

10:25:09:906 1964 Raw services enum returned 346 services

10:25:09:937 1964

10:25:09:937 1964 Scanning Drivers ...

10:25:11:281 1964 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:25:11:343 1964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:25:11:375 1964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

10:25:11:406 1964 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:25:11:468 1964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:25:11:546 1964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

10:25:11:593 1964 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:25:11:609 1964 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:25:11:640 1964 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:25:11:671 1964 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:25:11:968 1964 ALCXWDM (fcb505a7fa9dd4b8b98064792fd038a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

10:25:12:218 1964 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:25:12:250 1964 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:25:12:281 1964 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:25:12:328 1964 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

10:25:12:328 1964 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:25:12:359 1964 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:25:12:375 1964 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:25:12:375 1964 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:25:12:406 1964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:25:12:421 1964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:25:12:437 1964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:25:12:468 1964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:25:12:531 1964 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

10:25:12:734 1964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:25:12:812 1964 BTDriver (06f2b1e01f02b5ad3476027ac2aea707) C:\WINDOWS\system32\DRIVERS\btport.sys

10:25:12:921 1964 BTKRNL (b15043e173926a3d3a9c53e4ac8be3ac) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

10:25:12:953 1964 BTWDNDIS (28b76f93deb4625dc30d04cb72849bcc) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

10:25:12:984 1964 BTWUSB (68cc5839bb8afeb12866ca48f59ffd1b) C:\WINDOWS\system32\Drivers\btwusb.sys

10:25:13:000 1964 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:25:13:015 1964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:25:13:015 1964 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:25:13:062 1964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:25:13:140 1964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:25:13:171 1964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:25:13:203 1964 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

10:25:13:203 1964 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:25:13:218 1964 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

10:25:13:250 1964 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:25:13:281 1964 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:25:13:296 1964 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:25:13:343 1964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:25:13:437 1964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:25:13:484 1964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:25:13:500 1964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:25:13:531 1964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:25:13:562 1964 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:25:13:578 1964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:25:13:656 1964 EKBfltr (74f17da54cec320e3eab105b73234534) C:\WINDOWS\system32\DRIVERS\EKBfltr.sys

10:25:13:687 1964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:25:13:843 1964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:25:13:921 1964 FETND5BV (7d53d569892b46738e87f39c9aa8488a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

10:25:14:031 1964 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

10:25:14:421 1964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:25:14:546 1964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:25:14:625 1964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:25:14:687 1964 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

10:25:14:718 1964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:25:14:734 1964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:25:14:796 1964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:25:14:875 1964 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:25:14:921 1964 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:25:14:984 1964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:25:15:031 1964 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:25:15:078 1964 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:25:15:125 1964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:25:15:375 1964 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

10:25:15:468 1964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:25:15:484 1964 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:25:15:515 1964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:25:15:562 1964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:25:15:609 1964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:25:15:640 1964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:25:15:656 1964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:25:15:703 1964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:25:15:734 1964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:25:15:781 1964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:25:15:828 1964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:25:16:046 1964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:25:16:078 1964 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys

10:25:16:140 1964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:25:16:218 1964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:25:16:296 1964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:25:16:328 1964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:25:16:343 1964 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

10:25:16:359 1964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:25:16:421 1964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:25:16:437 1964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:25:16:468 1964 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:25:16:484 1964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:25:16:562 1964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:25:16:593 1964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:25:16:640 1964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:25:16:843 1964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:25:16:875 1964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:25:16:953 1964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:25:17:000 1964 Mtlmnt5 (c53775780148884ac87c455489a0c070) C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys

10:25:17:078 1964 Mtlstrm (54886a652bf5685192141df304e923fd) C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys

10:25:17:156 1964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

10:25:17:218 1964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:25:17:281 1964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:25:17:343 1964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:25:17:359 1964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:25:17:375 1964 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

10:25:17:375 1964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:25:17:437 1964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:25:17:453 1964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:25:17:531 1964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:25:17:593 1964 NtMtlFax (576b34ceae5b7e5d9fd2775e93b3db53) C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys

10:25:17:750 1964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:25:17:781 1964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:25:17:812 1964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:25:17:843 1964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

10:25:17:843 1964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:25:17:859 1964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:25:17:875 1964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:25:17:890 1964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:25:17:921 1964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

10:25:18:000 1964 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:25:18:000 1964 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:25:18:015 1964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:25:18:031 1964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:25:18:093 1964 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys

10:25:18:125 1964 PSINFile (b573f1ee01046612576907bb08ad8e6f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys

10:25:18:171 1964 PSINKNC (51b0bab73ec899399e5d6034105d6f21) C:\WINDOWS\system32\DRIVERS\psinknc.sys

10:25:18:187 1964 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys

10:25:18:218 1964 PSINProt (47345c84b45003d4b5975cda5f026787) C:\WINDOWS\system32\DRIVERS\PSINProt.sys

10:25:18:281 1964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:25:18:296 1964 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:25:18:312 1964 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:25:18:328 1964 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:25:18:343 1964 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:25:18:359 1964 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:25:18:375 1964 RasAcd (bb05c58cad86816b01826a460fb3bc26) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:25:18:375 1964 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: bb05c58cad86816b01826a460fb3bc26, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c

10:25:18:375 1964 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 10:25:20:078 1964 Backup copy found, using it..

10:25:20:125 1964 will be cured on next reboot

10:25:20:390 1964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:25:20:437 1964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:25:20:468 1964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:25:20:531 1964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:25:20:562 1964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:25:20:625 1964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:25:20:671 1964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:25:20:734 1964 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys

10:25:20:781 1964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:25:20:859 1964 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys

10:25:21:125 1964 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\LEANNE~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS

10:25:21:171 1964 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\LEANNE~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS

10:25:21:234 1964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:25:21:281 1964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

10:25:21:546 1964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

10:25:21:609 1964 Slnt7554 (d9673011648a71ed1e1f77b831bc85e6) C:\WINDOWS\system32\DRIVERS\slnt7554.sys

10:25:21:656 1964 SlNtHal (f9b8e30e82ee95cf3e1d3e495599b99c) C:\WINDOWS\system32\DRIVERS\Slnthal.sys

10:25:21:671 1964 SlWdmSup (db56bb2c55723815cf549d7fc50cfceb) C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys

10:25:21:718 1964 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:25:21:781 1964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:25:21:890 1964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:25:21:953 1964 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

10:25:22:031 1964 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

10:25:22:250 1964 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

10:25:22:296 1964 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

10:25:22:312 1964 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys

10:25:22:359 1964 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys

10:25:22:375 1964 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

10:25:22:421 1964 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys

10:25:22:484 1964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:25:22:546 1964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:25:22:609 1964 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:25:22:625 1964 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:25:22:656 1964 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:25:22:671 1964 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:25:22:718 1964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:25:22:796 1964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:25:22:875 1964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:25:22:906 1964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:25:23:093 1964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:25:23:140 1964 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:25:23:203 1964 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

10:25:23:234 1964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:25:23:265 1964 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:25:23:312 1964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:25:23:343 1964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:25:23:390 1964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:25:23:421 1964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:25:23:468 1964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:25:23:531 1964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:25:23:546 1964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:25:23:609 1964 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:25:23:640 1964 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

10:25:23:703 1964 viagfx (5dbffb9a41da40c8d77c5cdeb98a55b8) C:\WINDOWS\system32\DRIVERS\vtmini.sys

10:25:23:937 1964 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys

10:25:23:984 1964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:25:24:031 1964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:25:24:093 1964 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

10:25:24:171 1964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:25:24:234 1964 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

10:25:24:250 1964 Reboot required for cure complete..

10:25:25:062 1964 Cure on reboot scheduled successfully

10:25:25:062 1964

10:25:25:062 1964 Completed

10:25:25:062 1964

10:25:25:062 1964 Results:

10:25:25:062 1964 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

10:25:25:062 1964 File objects infected / cured / cured on reboot: 1 / 0 / 1

10:25:25:062 1964

10:25:25:078 1964 KLMD(ARK) unloaded successfully

Looks like it found something.

I've just noticed windows updates has started worked again, is it good news ?

Thanks again

MevWeb

Link to post
Share on other sites

Looks to be Ok now.

One of the instructions was to run Defogger and click disable, do I run again and enable ?

Would this be a correct summary of my problem ?

Symptom - when searching using Google or Bing, and then clicking on a search result, the user does not see the required webpage but is redirected to another website.

Cure - You used a number of software tools and their log files to pin down the problem, which turned out to be the TDSS rootkit. This was then removed with the Kaspersky tool KDSSKiller. The TDSS rootkit is very stealthy and is not picked up by most anti-virus and anti-malware software.

Thanks

MevWeb

Link to post
Share on other sites

Yes, it's a nasty rootkit. I hate it! This is the actual threat at the moment.

Last steps:

Step 1

To enable CD Emulation programs using DeFogger please perform these steps:

  1. Please download DeFogger to your desktop.
  2. Once downloaded, double-click on the DeFogger icon to start the tool.
  3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
  5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Step 2

Please manually delete Defogger, TDSSKiller, JavaRa, ResetTeaTimer, DDS, GMER and OTL.

Step 3

Please download and install the latest version of Adobe Reader from:

www.adobe.com

About Java:

www.java.com/en

Step 4

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.