Jump to content

White Smoke Translator related BSODs


Gene1

Recommended Posts

Everytime I remove WST it comes back. I am disconnected from the internet now, but BSODs persist. As you can see, MWB log shows no problems. This is day 20 in my quest to vanquish this beast.

AMD Phenom X4 9100e / 1.8 GHz

4GB DDR2 SDRAM

1.0 x 640.0 GB Hard Drive - Standard - Serial ATA-300 - 7200.0 rpm

ATI Radeon HD 3200

Microsoft Windows Vista Home Premium 64-bit Edition

I am running Microsoft Security Essentials and Spybot S&D

Here are my MBAM and GMER logs. DDS could not run without BSOD

Malwarebytes' Anti-Malware 1.50

Database version: 5348

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18975

12/24/2010 2:29:24 AM

mbam-log-2010-12-24 (02-29-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 504997

Time elapsed: 1 hour(s), 9 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

GMER 1.0.15.15530 -

Rootkit scan 2010-12-24 03:36:28

Windows 6.0.6002 Service Pack 2

Running: b8eim19y.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0xB4 0x6D 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x95 0xF2 0x40 0x3D ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@p0 C:\Program Files (x86)\DAEMON Tools Pro\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001@hdf12 0x0A 0x8B 0x8A 0xD3 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C\00000001\gdq0@hdf12 0x10 0xBD 0xCD 0x31 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0xB4 0x6D 0x90 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0x95 0xF2 0x40 0x3D ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0xB4 0x6D 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0x95 0xF2 0x40 0x3D ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}@oajidkjjkcmpeoonmodmaeimgbdgoi 0x64 0x61 0x6D 0x67 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}@oanfdmglcojpbpipgadoaediiddeal 0x6A 0x61 0x6D 0x67 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{25C5A8C1-35C8-BB5B-3138-147D83ABA789}@nahijfgcfcmingaajljnpiloijdj 0x6A 0x61 0x6D 0x67 ...

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63FBBF18-53D2-5568-8DFC-44FB6A79BAA6}

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63FBBF18-53D2-5568-8DFC-44FB6A79BAA6}@hapnjhhkahmobbae 0x6A 0x61 0x64 0x6D ...

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

:)

Please don't attach the scan results, use Copy/Paste

Use Add/Remove Programs and remove if listed:

White Smoke

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Ok done. Please note that I am running in safe mode. Should I be normally logging in? The reason why I am not is because 90% the PC BSODs before I can do anything. Safe Mode is about 40%.

After running the scans, I seem to be getting less BSODs, but this could just be a coincidence, as it has happened before.

GooredFix log:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 12:45 on 24/12/2010 (Rocky)

Firefox version 3.6.12 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:00 08/01/2009]

{AB2CE124-6272-4b12-94A9-7303C7397BD1} [17:24 13/11/2010]

{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [05:47 08/03/2009]

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [03:45 30/01/2010]

C:\Users\Rocky\Application Data\Mozilla\Firefox\Profiles\a51w1hrx.default\extensions\

artur.dubovoy@gmail.com [22:43 11/10/2010]

engine@conduit.com [17:16 13/11/2010]

NG_Classic@snakehole.net [19:20 18/05/2010]

redshift_V2@shift-themes.com [02:54 20/11/2010]

searchrecs@veoh.com [16:03 13/06/2009]

searchtoolbar@zugo.com [02:36 28/11/2010]

{1392b8d2-5c05-419f-a8f6-b9f15a596612} [17:16 13/11/2010]

{20a82645-c095-46ed-80e3-08825760534b} [01:52 27/04/2010]

{635abd67-4fe9-1b23-4f01-e679fa7484c1} [23:51 29/10/2010]

{6ce6f000-9b3c-11dd-ad8b-0800200c9a66} [02:32 03/09/2009]

{7b13ec3e-999a-4b70-b9cb-2617b8323822} [21:17 20/07/2010]

{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} [22:43 11/10/2010]

{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [01:45 11/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [23:05 01/02/2009]

-=E.O.F=-

Tdsskiller log:

2010/12/24 12:54:01.0403 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/24 12:54:01.0403 ================================================================================

2010/12/24 12:54:01.0403 SystemInfo:

2010/12/24 12:54:01.0403

2010/12/24 12:54:01.0403 OS Version: 6.0.6002 ServicePack: 2.0

2010/12/24 12:54:01.0403 Product type: Workstation

2010/12/24 12:54:01.0403 ComputerName: ROCKY-PC

2010/12/24 12:54:01.0403 UserName: Rocky

2010/12/24 12:54:01.0403 Windows directory: C:\Windows

2010/12/24 12:54:01.0403 System windows directory: C:\Windows

2010/12/24 12:54:01.0403 Running under WOW64

2010/12/24 12:54:01.0403 Processor architecture: Intel x64

2010/12/24 12:54:01.0403 Number of processors: 4

2010/12/24 12:54:01.0403 Page size: 0x1000

2010/12/24 12:54:01.0403 Boot type: Safe boot

2010/12/24 12:54:01.0403 ================================================================================

2010/12/24 12:54:01.0403 Utility is running under WOW64

2010/12/24 12:54:02.0136 Initialize success

2010/12/24 12:54:28.0329 ================================================================================

2010/12/24 12:54:28.0329 Scan started

2010/12/24 12:54:28.0329 Mode: Manual;

2010/12/24 12:54:28.0329 ================================================================================

2010/12/24 12:54:29.0093 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

2010/12/24 12:54:29.0171 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

2010/12/24 12:54:29.0249 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

2010/12/24 12:54:29.0312 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

2010/12/24 12:54:29.0327 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

2010/12/24 12:54:29.0374 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

2010/12/24 12:54:29.0452 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys

2010/12/24 12:54:29.0514 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys

2010/12/24 12:54:29.0546 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

2010/12/24 12:54:29.0592 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

2010/12/24 12:54:29.0624 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

2010/12/24 12:54:29.0655 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

2010/12/24 12:54:29.0686 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

2010/12/24 12:54:29.0733 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

2010/12/24 12:54:29.0764 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

2010/12/24 12:54:29.0842 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/12/24 12:54:29.0873 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

2010/12/24 12:54:29.0998 atikmdag (3471469d4a85564cdd72e4459d106f0b) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/12/24 12:54:30.0060 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys

2010/12/24 12:54:30.0154 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

2010/12/24 12:54:30.0201 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys

2010/12/24 12:54:30.0216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

2010/12/24 12:54:30.0263 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

2010/12/24 12:54:30.0310 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

2010/12/24 12:54:30.0341 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

2010/12/24 12:54:30.0372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

2010/12/24 12:54:30.0388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

2010/12/24 12:54:30.0435 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

2010/12/24 12:54:30.0482 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

2010/12/24 12:54:30.0528 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

2010/12/24 12:54:30.0544 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

2010/12/24 12:54:30.0606 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

2010/12/24 12:54:30.0684 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

2010/12/24 12:54:30.0716 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

2010/12/24 12:54:30.0840 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

2010/12/24 12:54:30.0965 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys

2010/12/24 12:54:30.0996 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

2010/12/24 12:54:31.0074 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

2010/12/24 12:54:31.0121 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys

2010/12/24 12:54:31.0168 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/12/24 12:54:31.0215 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

2010/12/24 12:54:31.0293 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

2010/12/24 12:54:31.0386 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys

2010/12/24 12:54:31.0418 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

2010/12/24 12:54:31.0511 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

2010/12/24 12:54:31.0558 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

2010/12/24 12:54:31.0589 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

2010/12/24 12:54:31.0636 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

2010/12/24 12:54:31.0683 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

2010/12/24 12:54:31.0730 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/12/24 12:54:31.0776 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

2010/12/24 12:54:31.0839 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

2010/12/24 12:54:31.0870 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

2010/12/24 12:54:31.0917 GEARAspiWDM (d279181e1cf2d85d31cdcffd56b16795) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2010/12/24 12:54:31.0995 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

2010/12/24 12:54:32.0057 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/12/24 12:54:32.0088 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

2010/12/24 12:54:32.0135 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

2010/12/24 12:54:32.0182 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

2010/12/24 12:54:32.0213 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

2010/12/24 12:54:32.0307 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

2010/12/24 12:54:32.0322 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

2010/12/24 12:54:32.0369 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/12/24 12:54:32.0416 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

2010/12/24 12:54:32.0447 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

2010/12/24 12:54:32.0541 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys

2010/12/24 12:54:32.0619 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys

2010/12/24 12:54:32.0634 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

2010/12/24 12:54:32.0681 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

2010/12/24 12:54:32.0728 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/12/24 12:54:32.0790 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

2010/12/24 12:54:32.0822 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

2010/12/24 12:54:32.0853 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

2010/12/24 12:54:32.0868 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

2010/12/24 12:54:32.0931 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/12/24 12:54:32.0946 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

2010/12/24 12:54:32.0993 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

2010/12/24 12:54:33.0024 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/12/24 12:54:33.0071 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/12/24 12:54:33.0118 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

2010/12/24 12:54:33.0149 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

2010/12/24 12:54:33.0227 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

2010/12/24 12:54:33.0290 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

2010/12/24 12:54:33.0321 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

2010/12/24 12:54:33.0368 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

2010/12/24 12:54:33.0399 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

2010/12/24 12:54:33.0446 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

2010/12/24 12:54:33.0492 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

2010/12/24 12:54:33.0555 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

2010/12/24 12:54:33.0586 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

2010/12/24 12:54:33.0648 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

2010/12/24 12:54:33.0680 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

2010/12/24 12:54:33.0711 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

2010/12/24 12:54:33.0758 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys

2010/12/24 12:54:33.0773 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

2010/12/24 12:54:33.0804 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys

2010/12/24 12:54:33.0867 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

2010/12/24 12:54:33.0898 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

2010/12/24 12:54:33.0960 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

2010/12/24 12:54:34.0007 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/12/24 12:54:34.0038 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/12/24 12:54:34.0085 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/12/24 12:54:34.0101 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

2010/12/24 12:54:34.0132 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

2010/12/24 12:54:34.0210 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

2010/12/24 12:54:34.0241 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

2010/12/24 12:54:34.0288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

2010/12/24 12:54:34.0335 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/12/24 12:54:34.0382 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

2010/12/24 12:54:34.0428 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

2010/12/24 12:54:34.0475 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/12/24 12:54:34.0506 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

2010/12/24 12:54:34.0553 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

2010/12/24 12:54:34.0600 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

2010/12/24 12:54:34.0662 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

2010/12/24 12:54:34.0709 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/12/24 12:54:34.0725 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/12/24 12:54:34.0772 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/12/24 12:54:34.0803 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

2010/12/24 12:54:34.0834 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

2010/12/24 12:54:34.0881 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

2010/12/24 12:54:34.0990 netr7364 (4d457321124ef6031875da01e9c402b3) C:\Windows\system32\DRIVERS\WUSB54GCx64.sys

2010/12/24 12:54:35.0037 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

2010/12/24 12:54:35.0099 NPF (109338286793775088cb5a3a13c874db) C:\Windows\system32\drivers\npf.sys

2010/12/24 12:54:35.0130 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

2010/12/24 12:54:35.0177 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

2010/12/24 12:54:35.0240 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

2010/12/24 12:54:35.0271 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

2010/12/24 12:54:35.0302 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

2010/12/24 12:54:35.0333 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

2010/12/24 12:54:35.0364 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

2010/12/24 12:54:35.0458 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/12/24 12:54:35.0552 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

2010/12/24 12:54:35.0583 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

2010/12/24 12:54:35.0630 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

2010/12/24 12:54:35.0661 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

2010/12/24 12:54:35.0692 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

2010/12/24 12:54:35.0754 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

2010/12/24 12:54:35.0910 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

2010/12/24 12:54:35.0942 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys

2010/12/24 12:54:36.0004 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

2010/12/24 12:54:36.0051 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys

2010/12/24 12:54:36.0098 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

2010/12/24 12:54:36.0129 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

2010/12/24 12:54:36.0191 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

2010/12/24 12:54:36.0222 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

2010/12/24 12:54:36.0269 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/12/24 12:54:36.0300 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/12/24 12:54:36.0347 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

2010/12/24 12:54:36.0378 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

2010/12/24 12:54:36.0425 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/12/24 12:54:36.0472 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

2010/12/24 12:54:36.0503 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

2010/12/24 12:54:36.0534 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

2010/12/24 12:54:36.0644 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

2010/12/24 12:54:36.0675 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys

2010/12/24 12:54:36.0722 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS

2010/12/24 12:54:36.0753 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

2010/12/24 12:54:36.0846 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/12/24 12:54:36.0893 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

2010/12/24 12:54:36.0940 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

2010/12/24 12:54:37.0002 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

2010/12/24 12:54:37.0065 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

2010/12/24 12:54:37.0112 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

2010/12/24 12:54:37.0127 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

2010/12/24 12:54:37.0158 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

2010/12/24 12:54:37.0221 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

2010/12/24 12:54:37.0252 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

2010/12/24 12:54:37.0314 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

2010/12/24 12:54:37.0392 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

2010/12/24 12:54:37.0470 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys

2010/12/24 12:54:37.0470 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf

2010/12/24 12:54:37.0470 sptd - detected Locked file (1)

2010/12/24 12:54:37.0564 srv (8cd33a47ca02c79038b669f31f95bdac) C:\Windows\system32\DRIVERS\srv.sys

2010/12/24 12:54:37.0611 srv2 (1bedf533096c56e70f87e3e3ee02caf5) C:\Windows\system32\DRIVERS\srv2.sys

2010/12/24 12:54:37.0626 srvnet (2b8c340f830c465f514d966f7e6a822f) C:\Windows\system32\DRIVERS\srvnet.sys

2010/12/24 12:54:37.0704 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

2010/12/24 12:54:37.0751 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

2010/12/24 12:54:37.0782 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

2010/12/24 12:54:37.0814 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

2010/12/24 12:54:37.0923 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys

2010/12/24 12:54:37.0970 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys

2010/12/24 12:54:38.0032 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

2010/12/24 12:54:38.0079 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

2010/12/24 12:54:38.0094 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

2010/12/24 12:54:38.0157 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

2010/12/24 12:54:38.0204 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

2010/12/24 12:54:38.0282 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/12/24 12:54:38.0313 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

2010/12/24 12:54:38.0360 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

2010/12/24 12:54:38.0406 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

2010/12/24 12:54:38.0469 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

2010/12/24 12:54:38.0531 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

2010/12/24 12:54:38.0562 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

2010/12/24 12:54:38.0609 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

2010/12/24 12:54:38.0640 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

2010/12/24 12:54:38.0687 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

2010/12/24 12:54:38.0765 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

2010/12/24 12:54:38.0781 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/12/24 12:54:38.0828 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys

2010/12/24 12:54:38.0874 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

2010/12/24 12:54:38.0921 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

2010/12/24 12:54:38.0937 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

2010/12/24 12:54:38.0968 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

2010/12/24 12:54:39.0030 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/12/24 12:54:39.0062 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/12/24 12:54:39.0108 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

2010/12/24 12:54:39.0155 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/12/24 12:54:39.0171 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

2010/12/24 12:54:39.0218 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

2010/12/24 12:54:39.0249 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys

2010/12/24 12:54:39.0280 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

2010/12/24 12:54:39.0327 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

2010/12/24 12:54:39.0374 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

2010/12/24 12:54:39.0420 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

2010/12/24 12:54:39.0483 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys

2010/12/24 12:54:39.0498 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

2010/12/24 12:54:39.0545 wacomvhid (9d45e06348c6703fba2064ac149aabda) C:\Windows\system32\DRIVERS\wacomvhid.sys

2010/12/24 12:54:39.0576 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys

2010/12/24 12:54:39.0623 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/24 12:54:39.0639 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

2010/12/24 12:54:39.0701 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

2010/12/24 12:54:39.0748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/12/24 12:54:39.0904 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys

2010/12/24 12:54:39.0951 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

2010/12/24 12:54:40.0044 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

2010/12/24 12:54:40.0122 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/12/24 12:54:40.0169 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/12/24 12:54:40.0247 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys

2010/12/24 12:54:40.0325 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/24 12:54:41.0448 ================================================================================

2010/12/24 12:54:41.0448 Scan finished

2010/12/24 12:54:41.0448 ================================================================================

2010/12/24 12:54:41.0480 Detected object count: 2

2010/12/24 12:55:07.0142 Locked file(sptd) - User select action: Skip

2010/12/24 12:55:07.0157 \HardDisk0 - will be cured after reboot

2010/12/24 12:55:07.0157 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/24 12:55:25.0674 Deinitialize success

Link to post
Share on other sites

Run which? TDSSKiller?

There were no threats found by TDSSKiller besides the one with the skip default. The suspicious item is sptd.sys. Should

I still leave it be?

Leave that one alone.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.