Fake alert malware

[singletrack70]

Usually I can get around these infections, but this one is bad. Pop-ups and redirection to various bogus sites, plus fake anti-virus window popups. Nothing shows up in my Avira anti-virus scans, also tried Kaspersky, no luck. Malwarebytes scans show nothing either and updates are blocked. I was able to get Spybot SD to run with a relatively recent definition set, but it doesn't seem to have cured the root issue (punny!)

here's my logs, thanks in advance.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Brett at 22:27:11.73 on Mon 09/27/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.559 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\System32\igfxtray.exe

C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\WINDOWS\System32\CePMTray.exe

C:\Program Files\D-Link\Air USB Utility\AirCFG.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WZCBDL Service\WZCBDLS.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Documents and Settings\Brett\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.toshiba.com/search

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [TPNF] c:\program files\toshiba\touchpadnf\TPTray.exe

mRun: [CeEKey.exe] c:\program files\toshiba\e-key\CeEKey.exe

mRun: [CeEPOWER] c:\windows\system32\CePMTray.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [D-Link Air USB Utility] c:\program files\d-link\air usb utility\AirCFG.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270683942033

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brett\applic~1\mozilla\firefox\profiles\s4ahdjo1.default\

FF - plugin: c:\documents and settings\brett\application data\facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-26 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-9-26 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-9-26 656320]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-25 60936]

R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [2002-9-27 22912]

R2 WZCBDLService;WZCBDL Service;c:\program files\wzcbdl service\WZCBDLS.exe [2002-3-19 36864]

R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\Vch.sys [2002-6-12 18487]

R3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-4-10 636416]

S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]

S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]

S3 {40867A83-9E92-474c-A921-20AA73EAE42F};AIM 3.0 CH-7007;c:\windows\system32\drivers\A303.sys [2002-6-12 26169]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-9-26 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-9-26 1145816]

=============== Created Last 30 ================

2010-09-28 02:25:12 0 ----a-w- c:\documents and settings\brett\defogger_reenable

2010-09-28 01:50:53 0 d-----w- c:\docume~1\brett\applic~1\SUPERAntiSpyware.com

2010-09-28 01:50:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-09-28 01:50:03 0 d-----w- c:\program files\SUPERAntiSpyware

2010-09-26 19:14:41 0 d-----w- c:\program files\Trend Micro

2010-09-26 13:38:27 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-09-26 13:38:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-09-26 12:55:01 626902 ----a-w- c:\windows\system32\drivers\Cat.DB

2010-09-26 12:54:56 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2010-09-26 12:54:56 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2010-09-26 12:54:55 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2010-09-26 12:54:49 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2010-09-26 12:54:49 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2010-09-26 12:54:21 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2010-09-26 12:54:21 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2010-09-26 12:54:20 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2010-09-26 12:54:20 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2010-09-26 12:53:41 0 d-----w- c:\program files\PC Tools Security

2010-09-26 12:53:41 0 d-----w- c:\program files\common files\PC Tools

2010-09-26 12:53:41 0 d-----w- c:\docume~1\brett\applic~1\PC Tools

2010-09-26 12:50:20 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-09-25 23:12:20 0 d-----w- c:\windows\system32\NtmsData

2010-09-25 11:52:15 0 d-----w- c:\docume~1\brett\applic~1\Malwarebytes

2010-09-25 11:51:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-25 11:51:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-25 11:51:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-25 11:51:44 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-25 11:28:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-25 11:01:16 0 d-----w- c:\docume~1\brett\applic~1\Avira

2010-09-25 10:54:33 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-25 10:54:32 0 d-----w- c:\program files\Avira

2010-09-25 10:54:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-09-14 01:30:16 0 d-----w- c:\program files\GPLGS

2010-09-14 01:29:30 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-09-14 01:29:10 0 d-----w- c:\program files\Acro Software

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 22:28:03.23 ===============

scanfiles.zip

[MrCharlie]

Welcome to the forum

Please do this:

A few notes first:

• ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7 (32-bit only).
  ComboFix must be run from an Administrative account.
  It must be downloaded and run from your desktop.
  Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  

---------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

ComboFix Guide <---please read!

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------
  They may interfere with the running of ComboFix.
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please let me know.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

5.Give it atleast 20-30 minutes to finish if needed.

MrC

[singletrack70]

Hello MrC,

Thank you for your reply. I believe I have resolved this issue, but tell me what you think.

I did a Google search on wordslife.com (one of the regular site redirects) and learned that this virus/malware changes browser DNS settings. By resetting my router, I was able to update Malwarebytes and Kaspersky and (after cleaning lot of trojans and mlware) my PC seems back to normal. I actually have a small network and all four PCs were infected at some level, but this simple fix seems to have nipped it in the bud.

Should I still run the combofix on each of the PCs?

Thanks again for your help.

[MrCharlie]

I can't tell if your computers are clean without running some scans on them.

MBAM is updated several times a day so I would continue to scan them after updating MBAM and see if anything else is found.

Please remember that the lack of systems doesn't mean the computer is clean.

MrC

[singletrack70]

Good point sir. I'll run the scan tonight and post logs.

Thanks!

[MrCharlie]

MBAM should take care of any fake alerts.

TDSSKiller is used for the redirects:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change This Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

MrC

[singletrack70]

OK, so I ran an updated MBAM as well as TDSSKiller. Good news, no infections! here are the logs.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4725

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/30/2010 8:31:29 PM

mbam-log-2010-09-30 (20-31-29).txt

Scan type: Full scan (C:\|)

Objects scanned: 185329

Time elapsed: 2 hour(s), 17 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

TDSSKiller:

2010/09/30 18:08:36.0874 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/30 18:08:36.0874 ================================================================================

2010/09/30 18:08:36.0874 SystemInfo:

2010/09/30 18:08:36.0874

2010/09/30 18:08:36.0874 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/30 18:08:36.0874 Product type: Workstation

2010/09/30 18:08:36.0874 ComputerName: MISSIONCONTROL

2010/09/30 18:08:36.0874 UserName: Brett

2010/09/30 18:08:36.0874 Windows directory: C:\WINDOWS

2010/09/30 18:08:36.0874 System windows directory: C:\WINDOWS

2010/09/30 18:08:36.0874 Processor architecture: Intel x86

2010/09/30 18:08:36.0874 Number of processors: 1

2010/09/30 18:08:36.0874 Page size: 0x1000

2010/09/30 18:08:36.0874 Boot type: Normal boot

2010/09/30 18:08:36.0874 ================================================================================

2010/09/30 18:08:37.0645 Initialize success

2010/09/30 18:08:39.0888 ================================================================================

2010/09/30 18:08:39.0888 Scan started

2010/09/30 18:08:39.0888 Mode: Manual;

2010/09/30 18:08:39.0888 ================================================================================

2010/09/30 18:08:42.0462 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/09/30 18:08:42.0692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/30 18:08:43.0703 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/09/30 18:08:45.0196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/30 18:08:45.0436 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/30 18:08:45.0967 ALCXWDM (1a7cd3326f2ab50f78f3bf3c1647b586) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/30 18:08:46.0487 ApfiltrService (e02b79478dc04b78229bf8228e2da8c9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/09/30 18:08:47.0439 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/30 18:08:47.0739 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/30 18:08:48.0100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/30 18:08:48.0480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/30 18:08:48.0861 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/09/30 18:08:49.0161 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/30 18:08:49.0522 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/30 18:08:49.0842 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/30 18:08:50.0073 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/30 18:08:50.0473 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/30 18:08:50.0864 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/09/30 18:08:51.0254 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/09/30 18:08:51.0955 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/30 18:08:52.0266 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/30 18:08:52.0666 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/30 18:08:53.0558 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/30 18:08:53.0858 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/30 18:08:54.0168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/30 18:08:54.0539 EPOWER (099da561f21e2f961b1d43b19e0e2a11) C:\WINDOWS\system32\Drivers\hkdrv.sys

2010/09/30 18:08:54.0809 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/30 18:08:55.0080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/30 18:08:55.0380 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/30 18:08:55.0621 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/30 18:08:55.0931 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/30 18:08:56.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/30 18:08:56.0492 FTDIBUS (b283f1bc1ff852bd232449a4b3e3ce63) C:\WINDOWS\system32\drivers\ftdibus.sys

2010/09/30 18:08:56.0782 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/30 18:08:57.0023 FTSER2K (678a73f56ddf84a08c31123c386e9967) C:\WINDOWS\system32\drivers\ftser2k.sys

2010/09/30 18:08:57.0243 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/30 18:08:57.0553 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/30 18:08:59.0035 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/30 18:08:59.0586 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/30 18:08:59.0857 ialm (9af40a530e4a3762bd385ae258faacd5) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/09/30 18:09:00.0107 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2010/09/30 18:09:00.0578 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/09/30 18:09:00.0808 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/30 18:09:01.0058 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/30 18:09:01.0429 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/30 18:09:01.0649 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/30 18:09:01.0860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/30 18:09:02.0090 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/30 18:09:02.0480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/30 18:09:02.0751 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/30 18:09:02.0991 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys

2010/09/30 18:09:03.0241 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys

2010/09/30 18:09:03.0532 KLIF (395a295fd9ea657b4a3621e402cc56c5) C:\WINDOWS\system32\DRIVERS\klif.sys

2010/09/30 18:09:03.0792 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys

2010/09/30 18:09:04.0013 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys

2010/09/30 18:09:04.0353 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/30 18:09:04.0583 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/30 18:09:04.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/30 18:09:05.0234 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/30 18:09:05.0715 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/30 18:09:06.0456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/30 18:09:07.0147 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/30 18:09:08.0930 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/30 18:09:10.0222 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/30 18:09:10.0933 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/30 18:09:11.0503 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/30 18:09:12.0104 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/30 18:09:13.0516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/30 18:09:14.0988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/30 18:09:15.0860 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/30 18:09:16.0731 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/30 18:09:17.0442 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/30 18:09:18.0083 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/30 18:09:18.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/30 18:09:19.0305 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/30 18:09:19.0946 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/30 18:09:20.0596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/30 18:09:21.0197 NIOC (660afb141d2b66d46bbce3d0167e693b) C:\WINDOWS\System32\NIOC.SYS

2010/09/30 18:09:21.0838 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/30 18:09:22.0780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/30 18:09:24.0282 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/30 18:09:25.0113 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/30 18:09:25.0674 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/30 18:09:26.0285 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/09/30 18:09:26.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/30 18:09:27.0486 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/30 18:09:28.0127 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/30 18:09:28.0758 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/30 18:09:30.0200 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/09/30 18:09:34.0266 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/30 18:09:35.0278 PRISM_USB (8ac1edaf6af3ca4d15ecda66190f1290) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys

2010/09/30 18:09:35.0868 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/30 18:09:36.0439 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/30 18:09:37.0070 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/30 18:09:40.0175 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/30 18:09:40.0755 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/30 18:09:41.0346 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/30 18:09:42.0007 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/30 18:09:42.0708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/30 18:09:43.0790 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/30 18:09:44.0911 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/30 18:09:45.0793 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/30 18:09:46.0414 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/30 18:09:47.0135 rtl8139 (8be348f9aeeb4da0005b7f500f46f6ad) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/09/30 18:09:47.0545 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/09/30 18:09:47.0635 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/09/30 18:09:48.0807 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/30 18:09:50.0039 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/30 18:09:50.0740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/09/30 18:09:51.0210 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/30 18:09:52.0763 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/30 18:09:54.0004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/30 18:09:55.0036 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/30 18:09:55.0797 SrvcEKIOMngr (44592307a8f95568ab9d6a2c9ad61499) C:\WINDOWS\system32\Drivers\EKIoMngr.sys

2010/09/30 18:09:56.0328 SrvcEPIOMngr (c9256caf71c3aef24c9b90494da06003) C:\WINDOWS\system32\Drivers\EPIoMngr.sys

2010/09/30 18:09:56.0809 SrvcSSIOMngr (8e28ca7b8f39490ca23f383622b1b0ec) C:\WINDOWS\system32\Drivers\SSIoMngr.sys

2010/09/30 18:09:57.0319 SrvcTPIOMngr (0677c4c3d26d6e6bde2cbae3c490a4ad) C:\WINDOWS\system32\Drivers\TPIoMngr.sys

2010/09/30 18:09:57.0880 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/09/30 18:09:58.0541 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/30 18:09:59.0222 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/30 18:10:02.0727 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/30 18:10:03.0458 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\system32\drivers\TBiosDrv.sys

2010/09/30 18:10:04.0159 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/30 18:10:04.0780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/30 18:10:05.0411 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/30 18:10:06.0002 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/30 18:10:07.0013 TOSHIBASoftModem (fb978ef3d4f53382ee4ee7c2293ae1c5) C:\WINDOWS\system32\DRIVERS\LTSM.sys

2010/09/30 18:10:09.0306 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/30 18:10:10.0929 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/30 18:10:11.0910 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/30 18:10:12.0481 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/30 18:10:13.0122 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/30 18:10:13.0673 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/30 18:10:14.0444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/30 18:10:15.0525 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/30 18:10:16.0216 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/30 18:10:17.0258 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/30 18:10:18.0289 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/09/30 18:10:19.0451 {40867A83-9E92-474c-A921-20AA73EAE42F} (abd08381624bc0cff7f7467ee8dd0142) C:\WINDOWS\system32\drivers\A303.sys

2010/09/30 18:10:20.0583 {A7E39B01-B403-11d4-BD18-00D0B7A1821E} (8a752747a565aaaa7c3c51a87bc597cd) C:\WINDOWS\system32\drivers\Vch.sys

2010/09/30 18:10:20.0873 ================================================================================

2010/09/30 18:10:20.0873 Scan finished

2010/09/30 18:10:20.0873 ================================================================================

2010/09/30 18:10:35.0514 Deinitialize success

[MrCharlie]

OK...GOOD

You have the tools now so use them.

If you need more help, just start a new post, this one will be closed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[singletrack70]

Thank you for your help!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!