Jump to content

Malware Destructor + Google Redirect


annoooyed

Recommended Posts

Please post them, MrC

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4672

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23/09/2010 17:25:20
mbam-log-2010-09-23 (17-25-20).txt

Scan type: Quick scan
Objects scanned: 141608
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 9
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Destructor (Rogue.MalwareDestructor2011) -> No action taken.
HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Malware Destructor Inc (Rogue.MalwareDestructor) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3c210281-8bea-2f0d-e57b-23a6cad0b259} (Heuristics.Shuriken) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{33c3809e-0609-6688-8c84-bfeeffa401fa} (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{71429a9f-b541-7968-8e89-364fd54bd744} (Spyware.Passwords.XGen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mainapp708dl.exe (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4ea77498-ac8f-35a5-1384-3e44427c3231} (Trojan.ZbotR.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a8ab3e83-616f-5dd2-a3be-83708dc063e9} (Trojan.ZbotR.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a3b9615a-1a91-d79a-edcf-4b057fa27482} (Trojan.ZbotR.Gen) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\adver_id (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Destructor (Rogue.MalwareDestructor2011) -> No action taken.

Files Infected:
C:\Users\The General\AppData\Roaming\Adviy\usky.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\The General\AppData\Roaming\Azir\oshai.exe (Malware.Packer.Gen) -> No action taken.
C:\Users\The General\AppData\Roaming\Arennu\ugedo.exe (Spyware.Passwords.XGen) -> No action taken.
C:\Users\The General\AppData\Roaming\6ABCEFE7043299D0386DC981FAF42F06\mainapp708dl.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Patched) -> No action taken.
C:\Users\The General\AppData\Local\temp\41B5.tmp (Backdoor.Agent) -> No action taken.
C:\Users\The General\AppData\Local\temp\update1.exe (Trojan.Dropper) -> No action taken.
C:\Users\The General\AppData\Local\temp\update2.exe (Trojan.Dropper) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmp29a81f8e\setup446.exe (Spyware.Passwords) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmp530a9044\time.exe (Trojan.Zbot) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmp6f28dce7\setup.exe (Trojan.Hiloti) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmp74494077\setup.exe (Trojan.Hiloti) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmpace41f6c\Java.Net.5.71.12.8.exe (Backdoor.Agent) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmpca12b78f\Java.Net.1.78.9.26.exe (Trojan.Meredrop) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmpee63ac7c\time.exe (Trojan.Agent) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmpfebd4f5c\setup.exe (Trojan.Hiloti) -> No action taken.
C:\Users\The General\AppData\Local\temp\tmpb1ea5f4a\setup446.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Destructor\Malware Destructor.lnk (Rogue.MalwareDestructor2011) -> No action taken.
C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Destructor\Uninstall.lnk (Rogue.MalwareDestructor2011) -> No action taken.
C:\Users\The General\pizda_ntload.dll (Trojan.Agent) -> No action taken.
C:\Users\The General\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Destructor.lnk (Rogue.MalwareDestructor2011) -> No action taken.
C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Malware Destructor.lnk (Rogue.MalwareDestructor2011) -> No action taken.
C:\Users\The General\AppData\Roaming\download2\svcnost.exe (Trojan.Agent) -> No action taken.
C:\Users\The General\AppData\Local\temp\nxfsss.bak (Malware.Trace) -> No action taken.
C:\Users\The General\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\The General\AppData\Roaming\Ovpo\qayzg.exe (Trojan.ZbotR.Gen) -> No action taken.
C:\Users\The General\AppData\Roaming\Katake\inynu.exe (Trojan.ZbotR.Gen) -> No action taken.
C:\Users\The General\AppData\Roaming\Pubiv\yrvao.exe (Trojan.ZbotR.Gen) -> No action taken.
C:\Users\The General\AppData\Local\Windows\Malware Destructor.lnk (Rogue.Malware.Destructor) -> No action taken.

HJT

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:03:15, on 23/09/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Users\The General\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll

O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [salling Media Sync] "C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe"

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "K:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [{4EA77498-AC8F-35A5-1384-3E44427C3231}] "C:\Users\The General\AppData\Roaming\Ovpo\qayzg.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [{A8AB3E83-616F-5DD2-A3BE-83708DC063E9}] "C:\Users\The General\AppData\Roaming\Katake\inynu.exe"

O4 - HKCU\..\Run: [{3C210281-8BEA-2F0D-E57B-23A6CAD0B259}] "C:\Users\The General\AppData\Roaming\Adviy\usky.exe"

O4 - HKCU\..\Run: [{33C3809E-0609-6688-8C84-BFEEFFA401FA}] "C:\Users\The General\AppData\Roaming\Azir\oshai.exe"

O4 - HKCU\..\Run: [{71429A9F-B541-7968-8E89-364FD54BD744}] "C:\Users\The General\AppData\Roaming\Arennu\ugedo.exe"

O4 - HKCU\..\Run: [{A3B9615A-1A91-D79A-EDCF-4B057FA27482}] "C:\Users\The General\AppData\Roaming\Pubiv\yrvao.exe"

O4 - HKCU\..\Run: [mainapp708dl.exe] C:\Users\The General\AppData\Roaming\6ABCEFE7043299D0386DC981FAF42F06\mainapp708dl.exe

O4 - HKUS\S-1-5-18\..\Run: [jdhrwbmy] C:\Windows\system32\config\systemprofile\AppData\Local\rnpttflex\nprmpxxtssd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [jdhrwbmy] C:\Windows\system32\config\systemprofile\AppData\Local\rnpttflex\nprmpxxtssd.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = K:\Local Disk2\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - User Startup: Malware Destructor.lnk = C:\Users\The General\AppData\Roaming\6ABCEFE7043299D0386DC981FAF42F06\mainapp708dl.exe

O4 - Global Startup: WeGame.lnk = C:\Program Files\WeGame\wegame.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4672

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

23/09/2010 17:25:20

mbam-log-2010-09-23 (17-25-20).txt

Scan type: Quick scan

Objects scanned: 141608

Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 9

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 29

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Malware Destructor (Rogue.MalwareDestructor2011) -> No action taken.

HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\Software\Malware Destructor Inc (Rogue.MalwareDestructor) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{3c210281-8bea-2f0d-e57b-23a6cad0b259} (Heuristics.Shuriken) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{33c3809e-0609-6688-8c84-bfeeffa401fa} (Malware.Packer.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{71429a9f-b541-7968-8e89-364fd54bd744} (Spyware.Passwords.XGen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mainapp708dl.exe (Malware.Packer.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4ea77498-ac8f-35a5-1384-3e44427c3231} (Trojan.ZbotR.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a8ab3e83-616f-5dd2-a3be-83708dc063e9} (Trojan.ZbotR.Gen) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a3b9615a-1a91-d79a-edcf-4b057fa27482} (Trojan.ZbotR.Gen) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\adver_id (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Destructor (Rogue.MalwareDestructor2011) -> No action taken.

Files Infected:

C:\Users\The General\AppData\Roaming\Adviy\usky.exe (Heuristics.Shuriken) -> No action taken.

C:\Users\The General\AppData\Roaming\Azir\oshai.exe (Malware.Packer.Gen) -> No action taken.

C:\Users\The General\AppData\Roaming\Arennu\ugedo.exe (Spyware.Passwords.XGen) -> No action taken.

C:\Users\The General\AppData\Roaming\6ABCEFE7043299D0386DC981FAF42F06\mainapp708dl.exe (Malware.Packer.Gen) -> No action taken.

C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Patched) -> No action taken.

C:\Users\The General\AppData\Local\temp\41B5.tmp (Backdoor.Agent) -> No action taken.

C:\Users\The General\AppData\Local\temp\update1.exe (Trojan.Dropper) -> No action taken.

C:\Users\The General\AppData\Local\temp\update2.exe (Trojan.Dropper) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmp29a81f8e\setup446.exe (Spyware.Passwords) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmp530a9044\time.exe (Trojan.Zbot) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmp6f28dce7\setup.exe (Trojan.Hiloti) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmp74494077\setup.exe (Trojan.Hiloti) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmpace41f6c\Java.Net.5.71.12.8.exe (Backdoor.Agent) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmpca12b78f\Java.Net.1.78.9.26.exe (Trojan.Meredrop) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmpee63ac7c\time.exe (Trojan.Agent) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmpfebd4f5c\setup.exe (Trojan.Hiloti) -> No action taken.

C:\Users\The General\AppData\Local\temp\tmpb1ea5f4a\setup446.exe (Heuristics.Shuriken) -> No action taken.

C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Destructor\Malware Destructor.lnk (Rogue.MalwareDestructor2011) -> No action taken.

C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Destructor\Uninstall.lnk (Rogue.MalwareDestructor2011) -> No action taken.

C:\Users\The General\pizda_ntload.dll (Trojan.Agent) -> No action taken.

C:\Users\The General\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malware Destructor.lnk (Rogue.MalwareDestructor2011) -> No action taken.

C:\Users\The General\AppData\Roaming\Microsoft\Windows\Start Menu\Malware Destructor.lnk (Rogue.MalwareDestructor2011) -> No action taken.

C:\Users\The General\AppData\Roaming\download2\svcnost.exe (Trojan.Agent) -> No action taken.

C:\Users\The General\AppData\Local\temp\nxfsss.bak (Malware.Trace) -> No action taken.

C:\Users\The General\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> No action taken.

C:\Users\The General\AppData\Roaming\Ovpo\qayzg.exe (Trojan.ZbotR.Gen) -> No action taken.

C:\Users\The General\AppData\Roaming\Katake\inynu.exe (Trojan.ZbotR.Gen) -> No action taken.

C:\Users\The General\AppData\Roaming\Pubiv\yrvao.exe (Trojan.ZbotR.Gen) -> No action taken.

C:\Users\The General\AppData\Local\Windows\Malware Destructor.lnk (Rogue.Malware.Destructor) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:03:15, on 23/09/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe

C:\Program Files\Freecorder\FLVSrvc.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Users\The General\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll

O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll

O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll

O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [salling Media Sync] "C:\Program Files\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe"

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "K:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [{4EA77498-AC8F-35A5-1384-3E44427C3231}] "C:\Users\The General\AppData\Roaming\Ovpo\qayzg.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [{A8AB3E83-616F-5DD2-A3BE-83708DC063E9}] "C:\Users\The General\AppData\Roaming\Katake\inynu.exe"

O4 - HKCU\..\Run: [{3C210281-8BEA-2F0D-E57B-23A6CAD0B259}] "C:\Users\The General\AppData\Roaming\Adviy\usky.exe"

O4 - HKCU\..\Run: [{33C3809E-0609-6688-8C84-BFEEFFA401FA}] "C:\Users\The General\AppData\Roaming\Azir\oshai.exe"

O4 - HKCU\..\Run: [{71429A9F-B541-7968-8E89-364FD54BD744}] "C:\Users\The General\AppData\Roaming\Arennu\ugedo.exe"

O4 - HKCU\..\Run: [{A3B9615A-1A91-D79A-EDCF-4B057FA27482}] "C:\Users\The General\AppData\Roaming\Pubiv\yrvao.exe"

O4 - HKCU\..\Run: [mainapp708dl.exe] C:\Users\The General\AppData\Roaming\6ABCEFE7043299D0386DC981FAF42F06\mainapp708dl.exe

O4 - HKUS\S-1-5-18\..\Run: [jdhrwbmy] C:\Windows\system32\config\systemprofile\AppData\Local\rnpttflex\nprmpxxtssd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [jdhrwbmy] C:\Windows\system32\config\systemprofile\AppData\Local\rnpttflex\nprmpxxtssd.exe (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = K:\Local Disk2\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - User Startup: Malware Destructor.lnk = C:\Users\The General\AppData\Roaming\6ABCEFE7043299D0386DC981FAF42F06\mainapp708dl.exe

O4 - Global Startup: WeGame.lnk = C:\Program Files\WeGame\wegame.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2

ComboFix Guide <---please read!

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE <---------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please let me know.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

5.Give it atleast 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

OK, I have to backup here for a moment, I failed to see something in your MBAM log:

C:\Users\The General\AppData\Local\temp\41B5.tmp (Backdoor.Agent)

C:\Users\The General\AppData\Local\temp\tmpace41f6c\Java.Net.5.71.12.8.exe (Backdoor.Agent)

Because of the Backdoor.Agent malware I have to give you this warning:

One or more of the identified infections is a backdoor trojan

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

-------------------------------

If you choose to continue...please do this:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    partmgr.sys
    wininit.exe


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

SystemLook 04.09.10 by jpshortstuff

Log created at 18:26 on 24/09/2010 by The General

Administrator - Elevation successful

========== filefind ==========

Searching for "partmgr.sys"

C:\Windows\System32\drivers\partmgr.sys --a---- 56376 bytes [02:24 21/01/2008] [02:24 21/01/2008] 37EE9885E83542DC90EE56A0652C896E

C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.0.6001.18000_none_e19c138bba6f9093\partmgr.sys --a---- 56376 bytes [02:24 21/01/2008] [02:24 21/01/2008] 37EE9885E83542DC90EE56A0652C896E

Searching for "wininit.exe"

C:\Windows\System32\wininit.exe --a---- 96768 bytes [02:23 21/01/2008] [02:23 21/01/2008] 4EEE8AE3EA3E06C74A6388AE11F1EA75

C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe --a---- 96768 bytes [02:23 21/01/2008] [02:23 21/01/2008] 101BA3EA053480BB5D957EF37C06B5ED

-= EOF =-

Link to post
Share on other sites

OK, two Windows files are infected and we have to replace them:

c:\windows\system32\drivers\partmgr.sys . . . is infected!! . . . Failed to find a valid replacement.

c:\windows\system32\wininit.exe . . . is infected!!

There's only one good copy of one file on your hard drive.

I think the best way to replace both of them is to run the system file checker.

You'll need your Windows disk.

Here's a link on how to do run it:

http://www.tech-recipes.com/rx/2231/vista_...m_file_checker/

Let me know, MrC

Link to post
Share on other sites

I'll try to clean this computer up as best as I can, but it's so badly infected it should be formatted and the operating system reinstalled.

Do you still have the Vista disk??

We may have to use it to fix the MBR (Master Boot Record)

----------------------------

The infected wininit.exe was replaced which is good...but....partmgr.sys wasn't

c:\windows\system32\drivers\partmgr.sys . . . is infected!! . . . Failed to find a valid replacement.

---------------------------------------

Your MBR is infected and ComboFix can't fix it:

kernel: MBR read successfully

detected MBR rootkit hooks:

--------------------------

Lets see if TDSSKiller can fix it:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change This Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

MrC

Link to post
Share on other sites

2010/09/26 19:59:46.0377 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/26 19:59:46.0378 ================================================================================

2010/09/26 19:59:46.0378 SystemInfo:

2010/09/26 19:59:46.0378

2010/09/26 19:59:46.0378 OS Version: 6.0.6001 ServicePack: 1.0

2010/09/26 19:59:46.0378 Product type: Workstation

2010/09/26 19:59:46.0378 ComputerName: THE-PC

2010/09/26 19:59:46.0378 UserName: The General

2010/09/26 19:59:46.0378 Windows directory: C:\Windows

2010/09/26 19:59:46.0378 System windows directory: C:\Windows

2010/09/26 19:59:46.0379 Processor architecture: Intel x86

2010/09/26 19:59:46.0379 Number of processors: 2

2010/09/26 19:59:46.0379 Page size: 0x1000

2010/09/26 19:59:46.0379 Boot type: Normal boot

2010/09/26 19:59:46.0379 ================================================================================

2010/09/26 19:59:46.0725 Initialize success

2010/09/26 19:59:55.0865 ================================================================================

2010/09/26 19:59:55.0865 Scan started

2010/09/26 19:59:55.0865 Mode: Manual;

2010/09/26 19:59:55.0865 ================================================================================

2010/09/26 19:59:57.0438 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2010/09/26 19:59:57.0582 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2010/09/26 19:59:57.0704 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2010/09/26 19:59:57.0812 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2010/09/26 19:59:57.0934 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2010/09/26 19:59:58.0088 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys

2010/09/26 19:59:58.0198 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2010/09/26 19:59:58.0340 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2010/09/26 19:59:58.0434 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/09/26 19:59:58.0538 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2010/09/26 19:59:58.0653 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2010/09/26 19:59:58.0740 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2010/09/26 19:59:58.0845 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2010/09/26 19:59:58.0939 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2010/09/26 19:59:59.0097 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2010/09/26 19:59:59.0204 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2010/09/26 19:59:59.0306 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/09/26 19:59:59.0400 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2010/09/26 19:59:59.0561 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/09/26 19:59:59.0691 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/09/26 19:59:59.0811 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2010/09/26 19:59:59.0930 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/09/26 20:00:00.0041 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/09/26 20:00:00.0142 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/09/26 20:00:00.0248 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

2010/09/26 20:00:00.0298 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys

2010/09/26 20:00:00.0413 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/09/26 20:00:00.0517 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/09/26 20:00:00.0619 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/09/26 20:00:00.0723 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/09/26 20:00:00.0827 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/09/26 20:00:01.0048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/09/26 20:00:01.0154 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2010/09/26 20:00:01.0258 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2010/09/26 20:00:01.0351 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2010/09/26 20:00:01.0460 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2010/09/26 20:00:01.0552 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

2010/09/26 20:00:01.0676 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2010/09/26 20:00:01.0768 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2010/09/26 20:00:01.0901 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2010/09/26 20:00:02.0020 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2010/09/26 20:00:02.0161 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2010/09/26 20:00:02.0257 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/09/26 20:00:02.0366 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/09/26 20:00:02.0566 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/09/26 20:00:02.0799 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2010/09/26 20:00:02.0941 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/09/26 20:00:03.0057 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2010/09/26 20:00:03.0201 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2010/09/26 20:00:03.0372 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2010/09/26 20:00:03.0509 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2010/09/26 20:00:03.0641 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2010/09/26 20:00:03.0747 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/09/26 20:00:03.0878 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys

2010/09/26 20:00:03.0990 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/09/26 20:00:04.0085 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/09/26 20:00:04.0189 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/09/26 20:00:04.0293 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2010/09/26 20:00:04.0401 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/09/26 20:00:04.0514 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2010/09/26 20:00:04.0618 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/09/26 20:00:04.0738 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2010/09/26 20:00:04.0845 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/09/26 20:00:04.0940 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/09/26 20:00:05.0029 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/09/26 20:00:05.0123 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2010/09/26 20:00:05.0224 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2010/09/26 20:00:05.0331 HTTP (e046fbc483b041a41b1e922c97cfcc0d) C:\Windows\system32\drivers\HTTP.sys

2010/09/26 20:00:05.0444 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2010/09/26 20:00:05.0547 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/09/26 20:00:05.0663 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2010/09/26 20:00:05.0818 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/09/26 20:00:05.0939 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/09/26 20:00:06.0028 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/09/26 20:00:06.0148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/09/26 20:00:06.0331 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2010/09/26 20:00:06.0441 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/09/26 20:00:06.0566 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/09/26 20:00:06.0679 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2010/09/26 20:00:06.0776 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/09/26 20:00:06.0864 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/09/26 20:00:06.0961 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/09/26 20:00:07.0058 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/09/26 20:00:07.0154 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

2010/09/26 20:00:07.0275 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2010/09/26 20:00:07.0438 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/09/26 20:00:07.0604 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2010/09/26 20:00:07.0702 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2010/09/26 20:00:07.0818 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2010/09/26 20:00:07.0936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/09/26 20:00:08.0066 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2010/09/26 20:00:08.0174 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2010/09/26 20:00:08.0308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/09/26 20:00:08.0414 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/09/26 20:00:08.0553 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/09/26 20:00:08.0655 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/09/26 20:00:08.0770 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/09/26 20:00:08.0895 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2010/09/26 20:00:08.0987 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/09/26 20:00:09.0114 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/09/26 20:00:09.0216 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2010/09/26 20:00:09.0350 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/09/26 20:00:09.0449 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/09/26 20:00:09.0550 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/09/26 20:00:09.0665 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2010/09/26 20:00:09.0761 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2010/09/26 20:00:09.0876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/09/26 20:00:09.0979 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/09/26 20:00:10.0093 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/09/26 20:00:10.0226 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/09/26 20:00:10.0341 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/09/26 20:00:10.0463 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2010/09/26 20:00:10.0590 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/09/26 20:00:10.0721 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/09/26 20:00:10.0822 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2010/09/26 20:00:10.0978 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2010/09/26 20:00:11.0104 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2010/09/26 20:00:11.0225 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/09/26 20:00:11.0327 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/09/26 20:00:11.0438 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/09/26 20:00:11.0531 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/09/26 20:00:11.0641 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/09/26 20:00:11.0747 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2010/09/26 20:00:11.0888 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/09/26 20:00:12.0011 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2010/09/26 20:00:12.0116 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/09/26 20:00:12.0239 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2010/09/26 20:00:12.0383 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/09/26 20:00:12.0484 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/09/26 20:00:12.0881 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/09/26 20:00:13.0210 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2010/09/26 20:00:13.0317 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2010/09/26 20:00:13.0456 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2010/09/26 20:00:13.0796 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/09/26 20:00:13.0917 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/09/26 20:00:14.0048 partmgr (0dced380de555e2a6a70514005bc9ceb) C:\Windows\system32\drivers\partmgr.sys

2010/09/26 20:00:14.0049 Suspicious file (Forged): C:\Windows\system32\drivers\partmgr.sys. Real md5: 0dced380de555e2a6a70514005bc9ceb, Fake md5: 37ee9885e83542dc90ee56a0652c896e

2010/09/26 20:00:14.0069 partmgr - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/09/26 20:00:14.0203 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/09/26 20:00:14.0322 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2010/09/26 20:00:14.0424 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2010/09/26 20:00:14.0531 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/09/26 20:00:14.0675 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/09/26 20:00:14.0982 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/09/26 20:00:15.0085 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2010/09/26 20:00:15.0201 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2010/09/26 20:00:15.0376 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2010/09/26 20:00:15.0526 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/09/26 20:00:15.0666 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/09/26 20:00:15.0757 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/09/26 20:00:15.0867 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/09/26 20:00:15.0971 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/09/26 20:00:16.0064 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2010/09/26 20:00:16.0169 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2010/09/26 20:00:16.0275 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/09/26 20:00:16.0382 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2010/09/26 20:00:16.0476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/09/26 20:00:16.0595 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2010/09/26 20:00:16.0746 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/09/26 20:00:16.0901 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/09/26 20:00:17.0081 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/09/26 20:00:17.0198 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2010/09/26 20:00:17.0299 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2010/09/26 20:00:17.0400 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/09/26 20:00:17.0532 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2010/09/26 20:00:17.0634 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2010/09/26 20:00:17.0744 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2010/09/26 20:00:17.0860 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/09/26 20:00:18.0004 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2010/09/26 20:00:18.0117 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2010/09/26 20:00:18.0217 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2010/09/26 20:00:18.0346 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2010/09/26 20:00:18.0454 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/09/26 20:00:18.0595 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2010/09/26 20:00:18.0753 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys

2010/09/26 20:00:18.0858 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys

2010/09/26 20:00:18.0967 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys

2010/09/26 20:00:19.0194 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/09/26 20:00:19.0304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/09/26 20:00:19.0415 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/09/26 20:00:19.0533 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/09/26 20:00:19.0679 Tcpip (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\drivers\tcpip.sys

2010/09/26 20:00:19.0826 Tcpip6 (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\DRIVERS\tcpip.sys

2010/09/26 20:00:19.0966 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2010/09/26 20:00:20.0097 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/09/26 20:00:20.0194 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/09/26 20:00:20.0304 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2010/09/26 20:00:20.0414 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2010/09/26 20:00:20.0574 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/09/26 20:00:20.0677 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/09/26 20:00:20.0778 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2010/09/26 20:00:20.0900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2010/09/26 20:00:21.0024 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2010/09/26 20:00:21.0146 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2010/09/26 20:00:21.0254 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2010/09/26 20:00:21.0353 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/09/26 20:00:21.0454 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/09/26 20:00:21.0606 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/09/26 20:00:21.0756 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/09/26 20:00:21.0862 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/09/26 20:00:21.0978 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2010/09/26 20:00:22.0094 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2010/09/26 20:00:22.0203 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/09/26 20:00:22.0308 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/09/26 20:00:22.0431 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2010/09/26 20:00:22.0530 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/09/26 20:00:22.0662 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/09/26 20:00:22.0815 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/09/26 20:00:22.0916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/09/26 20:00:23.0022 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2010/09/26 20:00:23.0136 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2010/09/26 20:00:23.0250 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2010/09/26 20:00:23.0353 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/09/26 20:00:23.0457 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2010/09/26 20:00:23.0595 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2010/09/26 20:00:23.0726 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2010/09/26 20:00:23.0900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/09/26 20:00:24.0034 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/26 20:00:24.0084 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/09/26 20:00:24.0206 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2010/09/26 20:00:24.0313 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/09/26 20:00:24.0555 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2010/09/26 20:00:24.0702 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/09/26 20:00:24.0799 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/09/26 20:00:24.0908 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys

2010/09/26 20:00:25.0016 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys

2010/09/26 20:00:25.0123 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys

2010/09/26 20:00:25.0224 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys

2010/09/26 20:00:25.0342 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys

2010/09/26 20:00:25.0486 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/09/26 20:00:25.0610 ================================================================================

2010/09/26 20:00:25.0610 Scan finished

2010/09/26 20:00:25.0610 ================================================================================

2010/09/26 20:00:25.0645 Detected object count: 1

2010/09/26 20:00:37.0161 partmgr (0dced380de555e2a6a70514005bc9ceb) C:\Windows\system32\drivers\partmgr.sys

2010/09/26 20:00:37.0162 Suspicious file (Forged): C:\Windows\system32\drivers\partmgr.sys. Real md5: 0dced380de555e2a6a70514005bc9ceb, Fake md5: 37ee9885e83542dc90ee56a0652c896e

2010/09/26 20:00:41.0418 Backup copy found, using it..

2010/09/26 20:00:41.0426 C:\Windows\system32\drivers\partmgr.sys - will be cured after reboot

2010/09/26 20:00:41.0426 Rootkit.Win32.TDSS.tdl3(partmgr) - User select action: Cure

2010/09/26 20:07:48.0555 Deinitialize success

Thx for all your help!

Link to post
Share on other sites

OK, Great :blink:

--------------------

Please Uninstall ComboFix:

Go to start > run and copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.