Jump to content

Followed directions now I'm here.


Recommended Posts

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

:lol:

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

2010/12/28 15:15:28.0734 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/28 15:15:28.0734 ================================================================================

2010/12/28 15:15:28.0734 SystemInfo:

2010/12/28 15:15:28.0734

2010/12/28 15:15:28.0734 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/28 15:15:28.0734 Product type: Workstation

2010/12/28 15:15:28.0734 ComputerName: S-CCF18D49B90C4

2010/12/28 15:15:28.0734 UserName: Shane Mascho

2010/12/28 15:15:28.0734 Windows directory: C:\WINDOWS

2010/12/28 15:15:28.0734 System windows directory: C:\WINDOWS

2010/12/28 15:15:28.0734 Processor architecture: Intel x86

2010/12/28 15:15:28.0734 Number of processors: 1

2010/12/28 15:15:28.0734 Page size: 0x1000

2010/12/28 15:15:28.0734 Boot type: Normal boot

2010/12/28 15:15:28.0734 ================================================================================

2010/12/28 15:15:30.0218 Initialize success

2010/12/28 15:15:33.0328 ================================================================================

2010/12/28 15:15:33.0328 Scan started

2010/12/28 15:15:33.0328 Mode: Manual;

2010/12/28 15:15:33.0328 ================================================================================

2010/12/28 15:15:35.0171 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

2010/12/28 15:15:35.0578 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/28 15:15:35.0718 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/28 15:15:36.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/28 15:15:36.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/28 15:15:37.0375 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

2010/12/28 15:15:37.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/28 15:15:37.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/28 15:15:38.0078 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/28 15:15:38.0296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/28 15:15:38.0625 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/12/28 15:15:38.0890 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/12/28 15:15:39.0062 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/12/28 15:15:39.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/28 15:15:39.0609 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/28 15:15:39.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/28 15:15:40.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/28 15:15:40.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/28 15:15:40.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/28 15:15:41.0109 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/28 15:15:41.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/28 15:15:41.0593 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/28 15:15:41.0906 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/28 15:15:42.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/28 15:15:42.0390 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/28 15:15:42.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/28 15:15:42.0921 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/28 15:15:43.0093 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2010/12/28 15:15:43.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/28 15:15:43.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/28 15:15:43.0656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/28 15:15:43.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/28 15:15:44.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/28 15:15:44.0296 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2010/12/28 15:15:44.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/28 15:15:44.0781 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/28 15:15:45.0109 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/12/28 15:15:45.0328 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/12/28 15:15:45.0515 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/12/28 15:15:45.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/28 15:15:46.0312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/28 15:15:46.0921 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/28 15:15:47.0859 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/28 15:15:48.0265 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/28 15:15:48.0468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/28 15:15:48.0609 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/28 15:15:48.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\IPSEC.SYS

2010/12/28 15:15:48.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/28 15:15:49.0125 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/28 15:15:49.0359 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/28 15:15:49.0500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/28 15:15:49.0687 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/28 15:15:50.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/28 15:15:50.0468 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/12/28 15:15:50.0562 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/28 15:15:50.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/28 15:15:51.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/28 15:15:51.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/28 15:15:51.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/28 15:15:51.0640 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/12/28 15:15:52.0109 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/12/28 15:15:52.0406 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/12/28 15:15:52.0703 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/28 15:15:52.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/28 15:15:53.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/28 15:15:53.0484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/28 15:15:53.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/28 15:15:53.0937 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/28 15:15:54.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/28 15:15:54.0171 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/28 15:15:54.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/28 15:15:54.0562 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/28 15:15:54.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/28 15:15:55.0031 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/28 15:15:55.0218 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/28 15:15:55.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/28 15:15:55.0578 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/28 15:15:55.0781 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/28 15:15:56.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/28 15:15:56.0171 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/28 15:15:56.0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/28 15:15:56.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/28 15:15:57.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/28 15:15:57.0875 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/12/28 15:15:58.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/28 15:15:58.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/28 15:15:59.0062 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/28 15:15:59.0250 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/28 15:15:59.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/28 15:15:59.0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/28 15:15:59.0875 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/28 15:16:00.0062 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/12/28 15:16:00.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/28 15:16:01.0171 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/12/28 15:16:01.0343 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/28 15:16:01.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/28 15:16:01.0750 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/28 15:16:02.0187 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/28 15:16:02.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/28 15:16:02.0625 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/28 15:16:02.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/28 15:16:03.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/28 15:16:03.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/28 15:16:03.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/28 15:16:03.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/28 15:16:04.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/28 15:16:04.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/28 15:16:04.0609 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/28 15:16:04.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/28 15:16:05.0328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/28 15:16:05.0578 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/28 15:16:05.0859 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

2010/12/28 15:16:05.0859 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2010/12/28 15:16:05.0875 sptd - detected Locked file (1)

2010/12/28 15:16:05.0984 SQTECH905C (bedbec41e242d5af8fb6b0b4b4a845a7) C:\WINDOWS\system32\Drivers\Capt905c.sys

2010/12/28 15:16:06.0171 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/28 15:16:06.0390 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/28 15:16:06.0593 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/28 15:16:06.0875 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/28 15:16:07.0015 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/12/28 15:16:07.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/28 15:16:07.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/28 15:16:07.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/28 15:16:08.0031 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/28 15:16:08.0234 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2010/12/28 15:16:08.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/28 15:16:08.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/28 15:16:08.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/28 15:16:09.0109 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2010/12/28 15:16:09.0265 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/28 15:16:09.0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/28 15:16:09.0750 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/28 15:16:10.0000 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/28 15:16:10.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/28 15:16:10.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/28 15:16:10.0531 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/28 15:16:10.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/28 15:16:10.0937 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/28 15:16:11.0125 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/28 15:16:11.0328 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/12/28 15:16:11.0484 Suspicious service (NoAccess): vbmad7bc

2010/12/28 15:16:11.0593 vbmad7bc (537e6fb46a431820ca8e5ca96390d5d0) C:\WINDOWS\system32\drivers\vbmad7bc.sys

2010/12/28 15:16:11.0593 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmad7bc.sys. md5: 537e6fb46a431820ca8e5ca96390d5d0

2010/12/28 15:16:11.0609 vbmad7bc - detected Locked service (1)

2010/12/28 15:16:11.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/28 15:16:12.0062 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/12/28 15:16:12.0234 VIAudio (2e1ffc794290d9b16f1db1084583e655) C:\WINDOWS\system32\drivers\vinyl97.sys

2010/12/28 15:16:12.0406 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/28 15:16:12.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/28 15:16:12.0859 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/12/28 15:16:13.0109 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/12/28 15:16:13.0390 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/28 15:16:13.0812 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/12/28 15:16:13.0984 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/28 15:16:14.0171 XBCD (f35663b3d640d751a4d7eb29d105c994) C:\WINDOWS\system32\Drivers\xbcd.sys

2010/12/28 15:16:14.0328 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys

2010/12/28 15:16:14.0687 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/28 15:16:14.0812 ================================================================================

2010/12/28 15:16:14.0812 Scan finished

2010/12/28 15:16:14.0812 ================================================================================

2010/12/28 15:16:14.0875 Detected object count: 3

2010/12/28 15:16:45.0468 Locked file(sptd) - User select action: Skip

2010/12/28 15:16:45.0468 Locked service(vbmad7bc) - User select action: Skip

2010/12/28 15:16:45.0500 \HardDisk0 - will be cured after reboot

2010/12/28 15:16:45.0500 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/28 15:18:32.0375 Deinitialize success

Link to post
Share on other sites

2 files it skipped, should I change those to delete? Said it was a kernal file so I left it as skip.

2010/12/28 17:17:39.0296 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/28 17:17:39.0312 ================================================================================

2010/12/28 17:17:39.0312 SystemInfo:

2010/12/28 17:17:39.0312

2010/12/28 17:17:39.0328 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/28 17:17:39.0328 Product type: Workstation

2010/12/28 17:17:39.0328 ComputerName: S-CCF18D49B90C4

2010/12/28 17:17:39.0328 UserName: Shane Mascho

2010/12/28 17:17:39.0328 Windows directory: C:\WINDOWS

2010/12/28 17:17:39.0328 System windows directory: C:\WINDOWS

2010/12/28 17:17:39.0328 Processor architecture: Intel x86

2010/12/28 17:17:39.0328 Number of processors: 1

2010/12/28 17:17:39.0328 Page size: 0x1000

2010/12/28 17:17:39.0328 Boot type: Normal boot

2010/12/28 17:17:39.0328 ================================================================================

2010/12/28 17:17:49.0406 Initialize success

2010/12/28 17:17:52.0265 ================================================================================

2010/12/28 17:17:52.0265 Scan started

2010/12/28 17:17:52.0265 Mode: Manual;

2010/12/28 17:17:52.0265 ================================================================================

2010/12/28 17:17:54.0140 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

2010/12/28 17:17:54.0718 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/28 17:17:54.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/28 17:17:55.0171 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/28 17:17:55.0484 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/28 17:17:56.0281 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

2010/12/28 17:17:56.0500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/28 17:17:56.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/28 17:17:56.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/28 17:17:57.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/28 17:17:57.0375 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/12/28 17:17:57.0593 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/12/28 17:17:57.0812 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/12/28 17:17:58.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/28 17:17:58.0906 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/28 17:17:59.0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/28 17:18:00.0312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/28 17:18:00.0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/28 17:18:01.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/28 17:18:01.0640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/28 17:18:01.0875 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/28 17:18:02.0171 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/28 17:18:02.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/28 17:18:03.0093 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/28 17:18:03.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/28 17:18:03.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/28 17:18:04.0046 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/28 17:18:04.0281 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2010/12/28 17:18:04.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/28 17:18:04.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/28 17:18:05.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/28 17:18:05.0703 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/28 17:18:06.0078 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/28 17:18:06.0562 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2010/12/28 17:18:07.0234 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/28 17:18:07.0671 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/28 17:18:08.0375 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/12/28 17:18:08.0640 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/12/28 17:18:09.0015 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/12/28 17:18:09.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/28 17:18:10.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/28 17:18:11.0468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/28 17:18:12.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/28 17:18:12.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/28 17:18:12.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/28 17:18:13.0015 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/28 17:18:13.0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\IPSEC.SYS

2010/12/28 17:18:13.0968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/28 17:18:14.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/28 17:18:15.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/28 17:18:15.0421 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/28 17:18:15.0671 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/28 17:18:16.0046 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/28 17:18:16.0687 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/12/28 17:18:17.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/28 17:18:17.0765 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/28 17:18:18.0203 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/28 17:18:18.0468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/28 17:18:18.0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/28 17:18:19.0296 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/12/28 17:18:19.0828 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/12/28 17:18:20.0171 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/12/28 17:18:20.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/28 17:18:20.0718 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/28 17:18:21.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/28 17:18:21.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/28 17:18:21.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/28 17:18:21.0562 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/28 17:18:21.0765 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/28 17:18:21.0875 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/28 17:18:22.0062 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/28 17:18:22.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/28 17:18:22.0468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/28 17:18:22.0640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/28 17:18:22.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/28 17:18:23.0156 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/28 17:18:23.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/28 17:18:23.0562 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/28 17:18:23.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/28 17:18:23.0984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/28 17:18:24.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/28 17:18:24.0734 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/28 17:18:24.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/28 17:18:25.0515 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/12/28 17:18:26.0281 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/28 17:18:26.0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/28 17:18:26.0703 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/28 17:18:26.0937 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/28 17:18:27.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/28 17:18:27.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/28 17:18:27.0640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/28 17:18:27.0843 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/12/28 17:18:28.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/28 17:18:28.0875 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/12/28 17:18:29.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/28 17:18:29.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/28 17:18:29.0437 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/28 17:18:30.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/28 17:18:30.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/28 17:18:30.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/28 17:18:30.0531 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/28 17:18:30.0734 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/28 17:18:30.0937 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/28 17:18:31.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/28 17:18:31.0375 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/28 17:18:32.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/28 17:18:32.0265 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/28 17:18:32.0437 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/28 17:18:32.0687 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/28 17:18:33.0000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/28 17:18:33.0218 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/28 17:18:33.0453 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

2010/12/28 17:18:33.0453 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2010/12/28 17:18:33.0468 sptd - detected Locked file (1)

2010/12/28 17:18:33.0609 SQTECH905C (bedbec41e242d5af8fb6b0b4b4a845a7) C:\WINDOWS\system32\Drivers\Capt905c.sys

2010/12/28 17:18:33.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/28 17:18:34.0000 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/28 17:18:34.0156 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/28 17:18:34.0437 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/28 17:18:34.0875 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/12/28 17:18:35.0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/28 17:18:35.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/28 17:18:36.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/28 17:18:37.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/28 17:18:37.0390 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2010/12/28 17:18:37.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/28 17:18:39.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/28 17:18:40.0078 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/28 17:18:41.0078 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2010/12/28 17:18:41.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/28 17:18:42.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/28 17:18:43.0093 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/28 17:18:43.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/28 17:18:44.0078 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/28 17:18:44.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/28 17:18:45.0281 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/28 17:18:45.0562 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/28 17:18:45.0796 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/28 17:18:46.0078 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/28 17:18:46.0406 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/12/28 17:18:46.0656 Suspicious service (NoAccess): vbmad7bc

2010/12/28 17:18:46.0875 vbmad7bc (537e6fb46a431820ca8e5ca96390d5d0) C:\WINDOWS\system32\drivers\vbmad7bc.sys

2010/12/28 17:18:46.0875 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmad7bc.sys. md5: 537e6fb46a431820ca8e5ca96390d5d0

2010/12/28 17:18:46.0890 vbmad7bc - detected Locked service (1)

2010/12/28 17:18:47.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/28 17:18:47.0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/12/28 17:18:47.0734 VIAudio (2e1ffc794290d9b16f1db1084583e655) C:\WINDOWS\system32\drivers\vinyl97.sys

2010/12/28 17:18:47.0937 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/28 17:18:48.0125 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/28 17:18:48.0312 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/12/28 17:18:48.0843 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/12/28 17:18:49.0703 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/28 17:18:50.0156 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/12/28 17:18:50.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/28 17:18:50.0593 XBCD (f35663b3d640d751a4d7eb29d105c994) C:\WINDOWS\system32\Drivers\xbcd.sys

2010/12/28 17:18:50.0765 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys

2010/12/28 17:18:51.0531 ================================================================================

2010/12/28 17:18:51.0531 Scan finished

2010/12/28 17:18:51.0531 ================================================================================

2010/12/28 17:18:51.0625 Detected object count: 2

2010/12/28 17:19:10.0812 Locked file(sptd) - User select action: Skip

2010/12/28 17:19:10.0812 Locked service(vbmad7bc) - User select action: Skip

Link to post
Share on other sites

I did as you said, after restart I scanned again and the same file shows up. Also, MBAM, Microsoft Security Essentials and other programs are closing by themselves and the .exe gets deleted everytime I try to install/use the program. Here's the log again from the most recent scan.

2010/12/29 15:08:03.0343 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/29 15:08:03.0343 ================================================================================

2010/12/29 15:08:03.0343 SystemInfo:

2010/12/29 15:08:03.0343

2010/12/29 15:08:03.0343 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/29 15:08:03.0343 Product type: Workstation

2010/12/29 15:08:03.0343 ComputerName: S-CCF18D49B90C4

2010/12/29 15:08:03.0343 UserName: Shane Mascho

2010/12/29 15:08:03.0343 Windows directory: C:\WINDOWS

2010/12/29 15:08:03.0343 System windows directory: C:\WINDOWS

2010/12/29 15:08:03.0343 Processor architecture: Intel x86

2010/12/29 15:08:03.0343 Number of processors: 1

2010/12/29 15:08:03.0343 Page size: 0x1000

2010/12/29 15:08:03.0343 Boot type: Normal boot

2010/12/29 15:08:03.0343 ================================================================================

2010/12/29 15:08:05.0718 Initialize success

2010/12/29 15:08:07.0953 ================================================================================

2010/12/29 15:08:07.0953 Scan started

2010/12/29 15:08:07.0953 Mode: Manual;

2010/12/29 15:08:07.0953 ================================================================================

2010/12/29 15:08:10.0437 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

2010/12/29 15:08:10.0718 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/29 15:08:10.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/29 15:08:11.0140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/29 15:08:11.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/29 15:08:12.0265 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

2010/12/29 15:08:12.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/29 15:08:12.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/29 15:08:13.0031 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/29 15:08:13.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/29 15:08:13.0671 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/12/29 15:08:13.0875 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/12/29 15:08:14.0125 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/12/29 15:08:14.0343 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/29 15:08:14.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/29 15:08:15.0015 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/29 15:08:16.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/29 15:08:16.0421 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/29 15:08:16.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/29 15:08:17.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/29 15:08:17.0859 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/29 15:08:18.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/29 15:08:18.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/29 15:08:18.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/29 15:08:18.0625 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/29 15:08:19.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/29 15:08:19.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/29 15:08:19.0515 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2010/12/29 15:08:19.0671 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/29 15:08:19.0890 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/29 15:08:20.0078 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/29 15:08:20.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/29 15:08:20.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/29 15:08:20.0718 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2010/12/29 15:08:20.0875 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/29 15:08:21.0046 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/29 15:08:21.0265 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/12/29 15:08:21.0468 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/12/29 15:08:21.0718 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/12/29 15:08:21.0953 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/29 15:08:22.0265 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/29 15:08:22.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/29 15:08:22.0703 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/29 15:08:22.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/29 15:08:23.0015 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/29 15:08:23.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/29 15:08:23.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\IPSEC.SYS

2010/12/29 15:08:23.0531 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/29 15:08:23.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/29 15:08:23.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/29 15:08:24.0078 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/29 15:08:24.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/29 15:08:24.0453 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/29 15:08:24.0796 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/12/29 15:08:24.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/29 15:08:25.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/29 15:08:25.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/29 15:08:25.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/29 15:08:25.0765 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/29 15:08:26.0031 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/12/29 15:08:26.0375 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/12/29 15:08:26.0750 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/12/29 15:08:27.0062 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/29 15:08:27.0296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/29 15:08:27.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/29 15:08:27.0718 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/29 15:08:27.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/29 15:08:28.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/29 15:08:28.0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/29 15:08:28.0468 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/29 15:08:28.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/29 15:08:28.0875 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/29 15:08:29.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/29 15:08:29.0359 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/29 15:08:29.0562 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/29 15:08:29.0734 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/29 15:08:29.0875 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/29 15:08:30.0218 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/29 15:08:30.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/29 15:08:30.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/29 15:08:30.0968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/29 15:08:31.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/29 15:08:31.0437 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/29 15:08:32.0015 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/12/29 15:08:33.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/29 15:08:34.0234 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/29 15:08:34.0562 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/29 15:08:35.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/29 15:08:35.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/29 15:08:36.0000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/29 15:08:37.0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/29 15:08:37.0515 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/12/29 15:08:40.0437 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/29 15:08:40.0937 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/12/29 15:08:41.0406 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/29 15:08:41.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/29 15:08:42.0500 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/29 15:08:44.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/29 15:08:45.0156 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/29 15:08:45.0421 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/29 15:08:45.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/29 15:08:45.0921 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/29 15:08:46.0171 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/29 15:08:46.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/29 15:08:46.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/29 15:08:48.0250 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/29 15:08:48.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/29 15:08:48.0906 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/29 15:08:49.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/29 15:08:49.0531 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/29 15:08:49.0953 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/29 15:08:50.0250 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

2010/12/29 15:08:50.0250 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2010/12/29 15:08:50.0265 sptd - detected Locked file (1)

2010/12/29 15:08:50.0437 SQTECH905C (bedbec41e242d5af8fb6b0b4b4a845a7) C:\WINDOWS\system32\Drivers\Capt905c.sys

2010/12/29 15:08:50.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/29 15:08:50.0984 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/29 15:08:51.0265 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/29 15:08:51.0546 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/29 15:08:51.0781 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/12/29 15:08:52.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/29 15:08:52.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/29 15:08:53.0093 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/29 15:08:53.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/29 15:08:53.0656 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2010/12/29 15:08:53.0843 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/29 15:08:54.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/29 15:08:54.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/29 15:08:54.0843 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2010/12/29 15:08:55.0078 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/29 15:08:55.0421 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/29 15:08:55.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/29 15:08:55.0921 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/29 15:08:56.0218 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/29 15:08:56.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/29 15:08:56.0593 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/29 15:08:56.0828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/29 15:08:57.0062 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/29 15:08:57.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/29 15:08:57.0453 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/12/29 15:08:57.0875 vbmad7bc (537e6fb46a431820ca8e5ca96390d5d0) C:\WINDOWS\system32\drivers\vbmad7bc.sys

2010/12/29 15:08:57.0875 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmad7bc.sys. md5: 537e6fb46a431820ca8e5ca96390d5d0

2010/12/29 15:08:57.0890 vbmad7bc - detected Locked file (1)

2010/12/29 15:08:58.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/29 15:08:58.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/12/29 15:08:58.0703 VIAudio (2e1ffc794290d9b16f1db1084583e655) C:\WINDOWS\system32\drivers\vinyl97.sys

2010/12/29 15:08:58.0937 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/29 15:08:59.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/29 15:08:59.0687 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/12/29 15:09:00.0140 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/12/29 15:09:00.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/29 15:09:00.0843 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/12/29 15:09:01.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/29 15:09:01.0500 XBCD (f35663b3d640d751a4d7eb29d105c994) C:\WINDOWS\system32\Drivers\xbcd.sys

2010/12/29 15:09:01.0734 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys

2010/12/29 15:09:03.0390 ================================================================================

2010/12/29 15:09:03.0390 Scan finished

2010/12/29 15:09:03.0390 ================================================================================

2010/12/29 15:09:03.0421 Detected object count: 2

2010/12/29 15:10:48.0640 Locked file(sptd) - User select action: Skip

2010/12/29 15:10:48.0640 Locked file(vbmad7bc) - User select action: Skip

Link to post
Share on other sites

Can you post a DDS scan?

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Link to post
Share on other sites

I ran a TDSSKiller scan again, deleted the file you said and did a reboot. Scanned again after reboot and the file comes back every time. Here is the log and attachment from DDS:

2010/12/29 16:19:47.0609 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/29 16:19:47.0609 ================================================================================

2010/12/29 16:19:47.0609 SystemInfo:

2010/12/29 16:19:47.0609

2010/12/29 16:19:47.0609 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/29 16:19:47.0609 Product type: Workstation

2010/12/29 16:19:47.0609 ComputerName: S-CCF18D49B90C4

2010/12/29 16:19:47.0609 UserName: Shane Mascho

2010/12/29 16:19:47.0609 Windows directory: C:\WINDOWS

2010/12/29 16:19:47.0609 System windows directory: C:\WINDOWS

2010/12/29 16:19:47.0609 Processor architecture: Intel x86

2010/12/29 16:19:47.0609 Number of processors: 1

2010/12/29 16:19:47.0609 Page size: 0x1000

2010/12/29 16:19:47.0609 Boot type: Normal boot

2010/12/29 16:19:47.0609 ================================================================================

2010/12/29 16:20:02.0890 Initialize success

2010/12/29 16:20:05.0000 ================================================================================

2010/12/29 16:20:05.0000 Scan started

2010/12/29 16:20:05.0000 Mode: Manual;

2010/12/29 16:20:05.0000 ================================================================================

2010/12/29 16:20:07.0703 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys

2010/12/29 16:20:09.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/29 16:20:10.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/12/29 16:20:11.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/29 16:20:12.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/29 16:20:16.0546 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys

2010/12/29 16:20:17.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/29 16:20:17.0453 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/12/29 16:20:18.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/29 16:20:18.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/29 16:20:19.0250 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/12/29 16:20:19.0687 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2010/12/29 16:20:20.0609 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/12/29 16:20:21.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/12/29 16:20:23.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/29 16:20:24.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/12/29 16:20:25.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/29 16:20:26.0546 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/29 16:20:27.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/29 16:20:30.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/29 16:20:31.0937 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/29 16:20:32.0937 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/29 16:20:33.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/29 16:20:34.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/29 16:20:35.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/29 16:20:36.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/29 16:20:37.0187 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/12/29 16:20:37.0906 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2010/12/29 16:20:38.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/29 16:20:39.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/29 16:20:40.0265 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/29 16:20:40.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/29 16:20:41.0421 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/29 16:20:41.0984 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2010/12/29 16:20:42.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/29 16:20:43.0250 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/29 16:20:44.0437 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/12/29 16:20:45.0031 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/12/29 16:20:45.0453 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/12/29 16:20:45.0968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/29 16:20:47.0250 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/29 16:20:47.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/29 16:20:49.0593 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/29 16:20:50.0578 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/29 16:20:51.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/29 16:20:52.0156 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/29 16:20:52.0593 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\IPSEC.SYS

2010/12/29 16:20:53.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/29 16:20:53.0703 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/29 16:20:54.0156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/29 16:20:54.0656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/12/29 16:20:55.0234 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/29 16:20:55.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/29 16:20:56.0546 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\WINDOWS\system32\DRIVERS\mcdbus.sys

2010/12/29 16:20:57.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/29 16:20:57.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/29 16:20:58.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/29 16:20:59.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/29 16:20:59.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/29 16:21:00.0750 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/12/29 16:21:01.0437 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2010/12/29 16:21:02.0109 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2010/12/29 16:21:02.0843 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/29 16:21:03.0453 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/29 16:21:04.0062 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/29 16:21:04.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/29 16:21:05.0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/29 16:21:05.0687 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/29 16:21:06.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/29 16:21:06.0546 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/12/29 16:21:06.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/29 16:21:07.0406 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/12/29 16:21:07.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/29 16:21:08.0375 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/12/29 16:21:08.0703 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/29 16:21:08.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/29 16:21:09.0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/29 16:21:09.0484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/29 16:21:09.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/29 16:21:09.0890 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/29 16:21:10.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/29 16:21:10.0500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/29 16:21:10.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/29 16:21:13.0390 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/12/29 16:21:13.0671 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/29 16:21:13.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/29 16:21:14.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/29 16:21:14.0437 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/29 16:21:14.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/29 16:21:14.0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/29 16:21:15.0421 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/12/29 16:21:15.0828 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/12/29 16:21:17.0656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/29 16:21:17.0750 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/12/29 16:21:18.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/29 16:21:18.0578 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/29 16:21:19.0015 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/12/29 16:21:21.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/29 16:21:21.0734 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/29 16:21:22.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/29 16:21:22.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/29 16:21:23.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/29 16:21:23.0531 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/29 16:21:24.0281 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/29 16:21:24.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/29 16:21:26.0234 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/29 16:21:26.0718 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/12/29 16:21:27.0375 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/12/29 16:21:28.0000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/29 16:21:28.0656 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/12/29 16:21:29.0312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/29 16:21:29.0890 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys

2010/12/29 16:21:29.0890 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2010/12/29 16:21:29.0906 sptd - detected Locked file (1)

2010/12/29 16:21:30.0203 SQTECH905C (bedbec41e242d5af8fb6b0b4b4a845a7) C:\WINDOWS\system32\Drivers\Capt905c.sys

2010/12/29 16:21:30.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/29 16:21:30.0828 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/29 16:21:31.0078 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/12/29 16:21:31.0375 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/12/29 16:21:31.0625 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

2010/12/29 16:21:31.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/29 16:21:32.0203 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/29 16:21:32.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/29 16:21:33.0281 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/29 16:21:33.0468 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2010/12/29 16:21:33.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/29 16:21:34.0000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/29 16:21:34.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/29 16:21:34.0515 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2010/12/29 16:21:34.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/29 16:21:35.0109 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/29 16:21:35.0343 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/12/29 16:21:35.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/29 16:21:35.0625 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/29 16:21:35.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/29 16:21:35.0984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/12/29 16:21:36.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/12/29 16:21:36.0406 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/29 16:21:36.0593 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/29 16:21:36.0781 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2010/12/29 16:21:37.0171 vbmad7bc (537e6fb46a431820ca8e5ca96390d5d0) C:\WINDOWS\system32\drivers\vbmad7bc.sys

2010/12/29 16:21:37.0171 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmad7bc.sys. md5: 537e6fb46a431820ca8e5ca96390d5d0

2010/12/29 16:21:37.0187 vbmad7bc - detected Locked file (1)

2010/12/29 16:21:37.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/29 16:21:37.0750 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/12/29 16:21:37.0921 VIAudio (2e1ffc794290d9b16f1db1084583e655) C:\WINDOWS\system32\drivers\vinyl97.sys

2010/12/29 16:21:38.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/29 16:21:38.0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/29 16:21:38.0531 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/12/29 16:21:38.0781 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2010/12/29 16:21:39.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/29 16:21:39.0437 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys

2010/12/29 16:21:39.0562 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/12/29 16:21:39.0812 XBCD (f35663b3d640d751a4d7eb29d105c994) C:\WINDOWS\system32\Drivers\xbcd.sys

2010/12/29 16:21:40.0000 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys

2010/12/29 16:21:41.0062 ================================================================================

2010/12/29 16:21:41.0062 Scan finished

2010/12/29 16:21:41.0062 ================================================================================

2010/12/29 16:21:41.0093 Detected object count: 2

2010/12/29 16:21:50.0843 Locked file(sptd) - User select action: Skip

2010/12/29 16:21:50.0843 HKLM\SYSTEM\ControlSet001\services\vbmad7bc - will be deleted after reboot

2010/12/29 16:21:50.0859 HKLM\SYSTEM\ControlSet003\services\vbmad7bc - will be deleted after reboot

2010/12/29 16:21:50.0906 C:\WINDOWS\system32\drivers\vbmad7bc.sys - will be deleted after reboot

2010/12/29 16:21:50.0906 Locked file(vbmad7bc) - User select action: Delete

2010/12/29 16:21:57.0968 Deinitialize success

Attach.zip

Link to post
Share on other sites

Ugh, sorry my mind isn't working right today. Thought I sent the DDS log.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Shane Mascho at 16:33:58.26 on Wed 12/29/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.501 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\Shane Mascho\Application Data\mjusbsp\magicJack.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Shane Mascho\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uWindow Title = Windows Internet Explorer provided by Comcast

uSearch Bar =

mSearch Page = www.google.com

mStart Page = www.google.com

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:53414

mSearchAssistant =

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uWinlogon: Shell=explorer.exe,c:\documents and settings\shane mascho\application data\dwm.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL

BHO: {E5A1691B-D188-4419-AD02-90002030B8EE} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -

TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL

TB: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File

TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\shane mascho\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259338497421

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: cryptnet32 - cryptnet32.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanem~1\applic~1\mozilla\firefox\profiles\ttlz6tlk.default\

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=63175&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\shane mascho\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-28 11608]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-12-26 2850296]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-28 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-28 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-28 61960]

R2 VideoSrv;Windows Video;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-21 11520]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]

S0 uurb;uurb;c:\windows\system32\drivers\xmlvps.sys --> c:\windows\system32\drivers\xmlvps.sys [?]

S1 brewlzmq;brewlzmq;\??\c:\windows\system32\drivers\brewlzmq.sys --> c:\windows\system32\drivers\brewlzmq.sys [?]

S1 dedc;dedc; [x]

S1 ezozdlir;ezozdlir;\??\c:\windows\system32\drivers\ezozdlir.sys --> c:\windows\system32\drivers\ezozdlir.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-5-30 266240]

S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]

S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-12-26 72808]

S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]

S3 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager\TurbineMessageService.exe [?]

S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PanelSvc;PanelSvc;"c:\program files\knowledge networks\panelapp\panelsvc.exe" --> c:\program files\knowledge networks\panelapp\PanelSvc.exe [?]

S3 pfsvgae;pfsvgae;\??\c:\docume~1\shanem~1\locals~1\temp\pfsvgae.sys --> c:\docume~1\shanem~1\locals~1\temp\pfsvgae.sys [?]

S3 rootrepeal[1];rootrepeal[1];\??\c:\windows\system32\drivers\rootrepeal[1].sys --> c:\windows\system32\drivers\rootrepeal[1].sys [?]

S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2009-7-29 19677]

S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]

S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]

S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]

=============== Created Last 30 ================

2010-12-29 21:28:48 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys

2010-12-29 21:25:21 38016 ----a-w- c:\windows\system32\drivers\vbmad7bc.sys

2010-12-29 03:54:35 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{4f0072e3-7189-4a85-a0e7-fc9d8a089af8}\mpengine.dll

2010-12-29 03:50:27 -------- d-----w- c:\program files\Microsoft Security Client

2010-12-29 03:28:16 -------- d-----w- c:\program files\DarkSwords

2010-12-28 23:19:29 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-28 21:28:03 -------- d-----w- c:\program files\FileASSASSIN

2010-12-28 19:13:54 -------- d-----w- c:\windows\system32\NtmsData

2010-12-28 19:04:55 -------- d-----w- c:\docume~1\shanem~1\applic~1\DAEMON Tools Pro

2010-12-28 19:04:55 -------- d-----w- c:\docume~1\shanem~1\applic~1\DAEMON Tools Lite

2010-12-28 19:02:27 75264 ----a-w- c:\windows\system32\afcc.sys

2010-12-28 18:59:32 75264 ----a-w- c:\windows\system32\dedc.sys

2010-12-28 14:13:07 -------- d-----w- c:\docume~1\shanem~1\applic~1\Avira

2010-12-28 14:08:14 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-12-28 14:08:13 -------- d-----w- c:\program files\Avira

2010-12-28 14:08:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-12-27 04:33:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\oBiBi06300

2010-12-27 01:11:41 -------- d-----w- c:\docume~1\shanem~1\applic~1\Huby

2010-12-27 00:37:34 -------- d-----w- c:\docume~1\shanem~1\applic~1\Malwarebytes

2010-12-27 00:36:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-27 00:12:05 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2010-12-26 23:58:16 121344 ----a-w- c:\docume~1\shanem~1\applic~1\microsoft\conhost.exe

2010-12-26 23:33:52 -------- d-----w- c:\program files\a-squared Free

2010-12-26 22:41:25 -------- d-----w- c:\docume~1\shanem~1\applic~1\SUPERAntiSpyware.com

2010-12-26 22:41:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-26 22:34:39 12546056 ----a-w- C:\SAS_7112.COM

2010-12-26 22:23:05 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2010-12-26 21:09:30 229 ----a-w- c:\docume~1\shanem~1\applic~1\fklgu.bat

2010-12-24 15:05:33 796672 ----a-w- c:\windows\GPInstall.exe

2010-12-13 16:53:58 129536 --sha-r- c:\windows\system32\msjet404.dll

2010-12-13 16:50:45 296984 ----a-w- c:\windows\system32\shimg.dll

2010-12-08 20:55:55 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-08 19:36:23 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-08 19:35:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-08 19:34:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-08 01:53:19 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-04 13:15:11 -------- d-----w- c:\program files\Winamp Detect

2010-12-03 01:10:21 -------- d-----w- c:\program files\CCleaner

2010-11-30 14:11:52 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 18:50:19 1409 ----a-w- c:\windows\QTFont.for

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 16:34:36.50 ===============

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

One thing I see is you're being redirected by a proxy server.

uInternet Settings,ProxyServer = http=127.0.0.1:53414

You have 2 anti-virus programs:

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Avira

Microsoft Security Essentials

Next:

Delete these files if listed:

c:\documents and settings\shane mascho\application data\dwm.exe <--ONLY from this location

c:\windows\system32\drivers\klmdb.sys

c:\windows\system32\drivers\vbmad7bc.sys

c:\windows\system32\afcc.sys

c:\windows\system32\dedc.sys

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Next:

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM, check for Updates and see if it will scan

Link to post
Share on other sites

Report:

I had to use FileAssassin to delete "vbmad7bc.sys"

I ran a scan with TDSSKiller and found "vbmad7bc.sys" again after reboot

I selected "show hidden files and folder" but could not find the file "dwm.exe"

IE's proxy changes everytime I restart the computer.

Also, when I ran the "fixme" file, line 2 could not find the registry key, lines 1, 3 and 4 were completed.

Malwarebyte installs and updates but is still closing within seconds of running.

Link to post
Share on other sites

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

Be sure to download any updates.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

I downloaded and ran the .exe. A small loading screen with "Combo Fix" in it pops up. It closed a bunch of processes and when it finished it did not save a combifix.txt file. It did however create a folder with a combofix.sys file in it. But, no txt file.

Link to post
Share on other sites

I downloaded and ran the .exe. A small loading screen with "Combo Fix" in it pops up. It closed a bunch of processes and when it finished it did not save a combifix.txt file. It did however create a folder with a combofix.sys file in it. But, no txt file.

Saw a post that said to rename it to ABCD.exe then when I looked again the post said iexplore.exe. I'll try running from a usb stick and report again

Link to post
Share on other sites

Well, I went and made sure any anti-virus, malware or spyware program were disabled or uninstalled. Disabled any firewall and tried to run iexplore.exe(aka combofix.exe) from both my desktop and from my usb stick. Still doing the same thing. A small load screen pops up with "Combo Fix" writen above it. It loads for about 45 seconds and closes some processes, the screen will flash and the load screen goes away. After that, nothing. A folder named "32788R22FWJFW" saves on the C drive but no other pop up or txt file.

Link to post
Share on other sites

DDS log:

DDS (Ver_10-12-12.02) - NTFSx86

Run by Shane Mascho at 18:46:30.42 on Wed 12/29/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.546 [GMT -5:00]

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\32788R22FWJFW\iexplore.exe

C:\Documents and Settings\Shane Mascho\Application Data\mjusbsp\st00000\mjsetup.exe

C:\Documents and Settings\Shane Mascho\Application Data\mjusbsp\magicJack.exe

C:\Documents and Settings\Shane Mascho\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uWindow Title = Windows Internet Explorer provided by Comcast

uSearch Bar =

mSearch Page = www.google.com

mStart Page = www.google.com

mWindow Title = Windows Internet Explorer provided by Comcast

mSearchAssistant =

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL

BHO: {E5A1691B-D188-4419-AD02-90002030B8EE} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File

TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -

TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL

TB: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File

TB: {0C8413C1-FAD1-446C-8584-BE50576F863E} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\shane mascho\application data\mjusbsp\cdloader2.exe" MAGICJACK

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259338497421

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: cryptnet32 - cryptnet32.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shanem~1\applic~1\mozilla\firefox\profiles\ttlz6tlk.default\

FF - prefs.js: browser.search.selectedEngine - Search the Web

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=63175&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\shane mascho\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScope42.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npArtistScopeDRM11.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R2 VideoSrv;Windows Video;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-2-21 11520]

S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]

S0 uurb;uurb;c:\windows\system32\drivers\xmlvps.sys --> c:\windows\system32\drivers\xmlvps.sys [?]

S1 brewlzmq;brewlzmq;\??\c:\windows\system32\drivers\brewlzmq.sys --> c:\windows\system32\drivers\brewlzmq.sys [?]

S1 dedc;dedc; [x]

S1 ezozdlir;ezozdlir;\??\c:\windows\system32\drivers\ezozdlir.sys --> c:\windows\system32\drivers\ezozdlir.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\shanem~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]

S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-5-30 266240]

S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S2 Viewpoint Manager Service;Viewpoint Manager Service; [x]

S3 dopewars-server;dopewars server;c:\program files\dopewars-1.5.12\dopewars.exe -n --> c:\program files\dopewars-1.5.12\dopewars.exe -N [?]

S3 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager\TurbineMessageService.exe [?]

S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PanelSvc;PanelSvc;"c:\program files\knowledge networks\panelapp\panelsvc.exe" --> c:\program files\knowledge networks\panelapp\PanelSvc.exe [?]

S3 pfsvgae;pfsvgae;\??\c:\docume~1\shanem~1\locals~1\temp\pfsvgae.sys --> c:\docume~1\shanem~1\locals~1\temp\pfsvgae.sys [?]

S3 rootrepeal[1];rootrepeal[1];\??\c:\windows\system32\drivers\rootrepeal[1].sys --> c:\windows\system32\drivers\rootrepeal[1].sys [?]

S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2009-7-29 19677]

S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]

S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]

S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]

=============== Created Last 30 ================

2010-12-29 23:36:10 38016 ----a-w- c:\windows\system32\drivers\vbmad7bc.sys

2010-12-29 22:53:08 75264 ----a-w- c:\windows\system32\dedc.sys

2010-12-29 22:50:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-29 22:50:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-29 03:54:35 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{4f0072e3-7189-4a85-a0e7-fc9d8a089af8}\mpengine.dll

2010-12-29 03:50:27 -------- d-----w- c:\program files\Microsoft Security Client

2010-12-29 03:28:16 -------- d-----w- c:\program files\DarkSwords

2010-12-28 23:19:29 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-28 21:28:03 -------- d-----w- c:\program files\FileASSASSIN

2010-12-28 19:13:54 -------- d-----w- c:\windows\system32\NtmsData

2010-12-28 19:04:55 -------- d-----w- c:\docume~1\shanem~1\applic~1\DAEMON Tools Pro

2010-12-28 19:04:55 -------- d-----w- c:\docume~1\shanem~1\applic~1\DAEMON Tools Lite

2010-12-28 14:13:07 -------- d-----w- c:\docume~1\shanem~1\applic~1\Avira

2010-12-27 04:33:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\oBiBi06300

2010-12-27 01:11:41 -------- d-----w- c:\docume~1\shanem~1\applic~1\Huby

2010-12-27 00:37:34 -------- d-----w- c:\docume~1\shanem~1\applic~1\Malwarebytes

2010-12-27 00:36:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-26 23:58:16 121344 ----a-w- c:\docume~1\shanem~1\applic~1\microsoft\conhost.exe

2010-12-26 23:33:52 -------- d-----w- c:\program files\a-squared Free

2010-12-26 22:41:25 -------- d-----w- c:\docume~1\shanem~1\applic~1\SUPERAntiSpyware.com

2010-12-26 22:41:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-12-26 22:34:39 12546056 ----a-w- C:\SAS_7112.COM

2010-12-26 22:23:05 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll

2010-12-26 21:09:30 229 ----a-w- c:\docume~1\shanem~1\applic~1\fklgu.bat

2010-12-24 15:05:33 796672 ----a-w- c:\windows\GPInstall.exe

2010-12-13 16:53:58 129536 --sha-r- c:\windows\system32\msjet404.dll

2010-12-13 16:50:45 296984 ----a-w- c:\windows\system32\shimg.dll

2010-12-08 20:55:55 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-12-08 19:36:23 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-12-08 19:35:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-12-08 19:34:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-08 01:53:19 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-12-04 13:15:11 -------- d-----w- c:\program files\Winamp Detect

2010-12-03 01:10:21 -------- d-----w- c:\program files\CCleaner

2010-11-30 14:11:52 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 18:50:19 1409 ----a-w- c:\windows\QTFont.for

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 18:47:57.07 ===============

Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/29/2009 9:27:08 AM

System Uptime: 12/29/2010 6:35:07 PM (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7142

Processor: AMD Sempron Processor 3100+ | Socket 754 | 1799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 11.011 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is FIXED (FAT32) - 466 GiB total, 15.499 GiB free.

H: is Removable

J: is Removable

K: is CDROM ()

L: is CDROM ()

P: is Removable

Q: is CDROM (UDF)

R: is FIXED (NTFS) - 931 GiB total, 301.732 GiB free.

==== Disabled Device Manager Items =============

Class GUID:

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\3&13C0B0C5&0&50

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\3&13C0B0C5&0&50

Service:

==== System Restore Points ===================

RP1: 12/13/2010 12:25:15 PM - System Checkpoint

RP2: 12/14/2010 1:53:31 PM - System Checkpoint

RP3: 12/17/2010 10:53:31 AM - System Checkpoint

RP4: 12/28/2010 6:37:00 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.