Possible rootkit?

tinaroo · June 10, 2011

I've been getting a lot of problems lately while on the net. Often when I follow a link on google, the status bar shows "Requesting from google.ad.sgdoubleclick.net" or I get redirected to some random site which doesn't display (usually just a blank page or a few words). Also, when typing into google it doesn't come up with the dropdown menu of popular searches. Occasionally, I also get random tabs opening which start out directed to some random site but end up on google.com/webhp, whateveer that is.

I read somewhere that this could be caused by the extension XULRunner. For some reason I had two copies so I disabled both of them. The google.ad.sgdoubleclick.net and google dropdown issues seem to be resolved but the other two remain.

I haven't been able to find anything with Avira AntiVir or Malwarebytes. However, when I start up Malwarebytes, it says that the database is 13 days old and when I try to update it, the following error appears.

"PROGRAM_ERROR_UPDATING (12163, 0, IsInternetConnected)"

I've also tried Spybot Search and Destroy 2 but after I installed it, it said that important files for successful scanning are missing. I am unable to uninstall this programme either. When I attempt it, the progress bar doesn't move.

Is there someone able to help me?

Elise · June 10, 2011

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
[*]Double click on the DDS icon, allow it to run.
[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.
[*]Notepad will open with the results.
[*]Follow the instructions that pop up for posting the results.
[*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

tinaroo · June 10, 2011

Here's what is written in DDS.txt. It said not to post the attach.txt unless specifically asked so I'll assume you don't need it. I've saved it just in case you do. Thanks for replying so quickly by the way.

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Michael Everett at 0:21:31 on 2011-06-11

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.1739 [GMT 10:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\AnalogX\NetStat Live\nsl.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\net.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\net1.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://sydney.edu.au/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\michael everett\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [NetStat Live] c:\program files\analogx\netstat live\nsl.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: microsoft.com

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 125.254.64.202 125.254.64.203

TCP: Interfaces\{16B331AC-E42A-43F9-B37F-7D3F1906D1C1}\57379746D27657563747 : DhcpNameServer = 129.78.64.2 129.78.64.1

TCP: Interfaces\{16B331AC-E42A-43F9-B37F-7D3F1906D1C1}\D494E444 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF} : DhcpNameServer = 125.254.64.202 125.254.64.203

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: SDWinLogon - SDWinLogon.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\michael everett\appdata\roaming\mozilla\firefox\profiles\n4ds0ug2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://sydney.edu.au/

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\users\michael everett\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-8-25 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-7 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-7 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-7 61960]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]

R2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\spybot - search & destroy 2\SDFWSvc.exe [2011-6-9 3585696]

R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\spybot - search & destroy 2\SDMonSvc.exe [2011-6-9 3834456]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-6-9 3515656]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-6-9 167040]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-10 493248]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-25 29472]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-25 185344]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-6-9 3769048]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw1v32.sys [2009-8-25 5958656]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-2 1343400]

.

=============== Created Last 30 ================

.

2073-04-13 07:17:26 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe

2011-06-09 10:16:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-09 10:16:08 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-06-09 10:15:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-06-09 09:01:05 -------- d-----w- c:\users\michael everett\appdata\roaming\Malwarebytes

2011-06-09 09:00:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-09 09:00:55 -------- d-----w- c:\programdata\Malwarebytes

2011-06-09 09:00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-09 09:00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 23:54:59 -------- d-----w- c:\users\michael everett\appdata\roaming\Avira

2011-06-07 07:58:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-07 07:58:52 -------- d-----w- c:\programdata\Avira

2011-06-07 07:58:52 -------- d-----w- c:\program files\Avira

2011-06-03 08:59:51 -------- d-----w- c:\users\michael everett\appdata\local\Oblivion

2011-06-03 08:55:39 -------- d-----w- c:\program files\Bethesda Softworks

2011-05-29 06:51:33 -------- d-----w- c:\windows\system32\custom matrices

2011-05-29 06:51:32 -------- d-----w- c:\windows\system32\QuickTime

2011-05-29 06:51:32 -------- d-----w- c:\windows\system32\C2MP

2011-05-29 06:33:27 -------- d-----w- c:\program files\Winamp Detect

2011-05-29 06:33:19 -------- d-----w- c:\program files\common files\PX Storage Engine

2011-05-16 03:18:34 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de20b6f6-5f18-4fca-aa19-f9283764b485}\mpengine.dll

.

==================== Find3M ====================

.

2011-05-02 23:05:10 3661824 ----a-w- c:\windows\system32\ffdshow.ax

2011-05-02 22:30:50 1144147 ----a-w- c:\windows\system32\ffmpegmt.dll

2011-05-02 22:27:54 3935545 ----a-w- c:\windows\system32\ffmpeg.dll

2011-05-02 20:23:46 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-05-02 20:19:34 100352 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-05-02 20:19:20 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-18 21:32:44 163840 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-03-18 21:29:56 181248 ----a-w- c:\windows\system32\ff_unrar.dll

2011-03-18 21:28:30 1557504 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-03-18 21:27:08 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2011-03-18 21:26:44 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-03-18 21:25:38 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2011-03-18 21:25:24 141312 ----a-w- c:\windows\system32\ff_liba52.dll

2010-02-10 00:25:06 83456 ----a-w- c:\program files\University Internet.exe

.

============= FINISH: 0:22:37.81 ===============

Elise · June 10, 2011

Hi again, please post me attach.txt as well. I don't need it immediately, but will after a few steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

tinaroo · June 10, 2011

It didn't prompt for installation for the recovery console and I've never installed it. Does it come standard now? Anyway, it seemed to work because a message box popped upsaying it had found a trojan. Here's what it gave me along with attach.txt which has been compressed. It's late now so I'll follow any further instructions you give me in the morning.

ComboFix 11-06-10.05 - Michael Everett 11/06/2011 2:08.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.2138 [GMT 10:00]

Running from: c:\users\Michael Everett\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\chrome.manifest

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\chrome\content\_cfg.js

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\chrome\content\overlay.xul

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\install.rdf

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\chrome.manifest

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\chrome\content\_cfg.js

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\chrome\content\overlay.xul

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\install.rdf

.

((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))

.

2073-04-13 07:17 . 2006-11-21 10:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-06-10 16:19 . 2011-06-10 16:19 -------- d-----w- c:\users\Michael Everett\AppData\Local\temp

2011-06-10 16:19 . 2011-06-10 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-09 10:16 . 2011-06-09 10:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-09 10:16 . 2009-01-25 03:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-06-09 10:15 . 2011-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-06-09 09:01 . 2011-06-09 09:01 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Malwarebytes

2011-06-09 09:00 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-09 09:00 . 2011-06-09 09:00 -------- d-----w- c:\programdata\Malwarebytes

2011-06-09 09:00 . 2011-06-09 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-09 09:00 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 23:54 . 2011-06-07 23:54 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Avira

2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\programdata\Avira

2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\program files\Avira

2011-06-07 07:58 . 2011-04-01 07:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-07 07:58 . 2011-04-01 07:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-03 08:59 . 2011-06-03 09:00 -------- d-----w- c:\users\Michael Everett\AppData\Local\Oblivion

2011-06-03 08:55 . 2011-06-03 08:55 -------- d-----w- c:\program files\Bethesda Softworks

2011-05-29 06:53 . 2011-05-29 06:53 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\DivX

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\custom matrices

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\C2MP

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\QuickTime

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Winamp Detect

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-05-29 06:33 . 2011-05-29 06:42 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Winamp

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Winamp

2011-05-16 03:18 . 2011-04-17 23:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE20B6F6-5F18-4FCA-AA19-F9283764B485}\mpengine.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-16 00:21 . 2011-04-24 14:24 0 ----a-w- c:\users\Michael Everett\AppData\Local\Xpova.bin

2011-05-02 23:05 . 2011-05-02 23:05 3661824 ----a-w- c:\windows\system32\ffdshow.ax

2011-05-02 22:30 . 2011-05-02 22:30 1144147 ----a-w- c:\windows\system32\ffmpegmt.dll

2011-05-02 22:27 . 2011-05-02 22:27 3935545 ----a-w- c:\windows\system32\ffmpeg.dll

2011-05-02 20:23 . 2011-05-02 20:23 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-05-02 20:19 . 2011-05-02 20:19 100352 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-05-02 20:19 . 2011-05-02 20:19 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-05-02 07:50 . 2011-05-02 07:50 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-02 07:50 . 2011-05-02 07:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-02 07:50 . 2011-05-02 07:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-02 07:50 . 2011-05-02 07:50 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-02 07:50 . 2011-05-02 07:50 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-02 07:50 . 2011-05-02 07:50 367104 ----a-w- c:\windows\system32\html.iec

2011-05-02 07:50 . 2011-05-02 07:50 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-02 07:50 . 2011-05-02 07:50 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-02 07:50 . 2011-05-02 07:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-02 07:50 . 2011-05-02 07:50 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-02 07:50 . 2011-05-02 07:50 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-02 07:50 . 2011-05-02 07:50 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-02 07:50 . 2011-05-02 07:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-02 07:50 . 2011-05-02 07:50 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-02 07:50 . 2011-05-02 07:50 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-05-02 07:50 . 2011-05-02 07:50 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-02 07:50 . 2011-05-02 07:50 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-02 07:50 . 2011-05-02 07:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-02 07:50 . 2011-05-02 07:50 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-02 07:50 . 2011-05-02 07:50 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-02 07:50 . 2011-05-02 07:50 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-02 03:14 . 2011-05-02 03:14 1266 ----a-w- c:\users\Michael Everett\AppData\Local\ayimafey.dll

2011-03-30 07:09 . 2011-03-30 07:09 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-03-18 21:32 . 2011-03-18 21:32 163840 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-03-18 21:29 . 2011-03-18 21:29 181248 ----a-w- c:\windows\system32\ff_unrar.dll

2011-03-18 21:28 . 2011-03-18 21:28 1557504 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-03-18 21:27 . 2011-03-18 21:27 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2011-03-18 21:26 . 2011-03-18 21:26 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-03-18 21:25 . 2011-03-18 21:25 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2011-03-18 21:25 . 2011-03-18 21:25 141312 ----a-w- c:\windows\system32\ff_liba52.dll

2010-02-10 00:25 . 2010-02-10 00:25 83456 ----a-w- c:\program files\University Internet.exe

2011-03-18 17:57 . 2011-03-27 02:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]

"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]

"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 148888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"NetStat Live"="c:\program files\AnalogX\NetStat Live\nsl.exe" [2011-02-19 184304]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-05-10 5607080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Michael Everett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Michael Everett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-13 21:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 08:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

2009-05-13 00:09 581480 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 13:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]

2009-07-21 17:34 567864 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-05-11 167040]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 cpuz130;cpuz130;c:\users\MICHAE~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-10 3585696]

S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-10 3834456]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-05-10 3515656]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-05-10 3769048]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185294379-445280456-1778739153-1000Core.job

- c:\users\Michael Everett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:24]

.

2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185294379-445280456-1778739153-1000UA.job

- c:\users\Michael Everett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:24]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sydney.edu.au/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: microsoft.com

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Michael Everett\AppData\Roaming\Mozilla\Firefox\Profiles\n4ds0ug2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://sydney.edu.au/

FF - prefs.js: network.proxy.type - 2

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

Notify-SDWinLogon - SDWinLogon.dll

MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 - c:\users\Michael Everett\Desktop\Random Crap\Desktop\unins000.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-11 02:21:34

ComboFix-quarantined-files.txt 2011-06-10 16:21

.

Pre-Run: 240,440,590,336 bytes free

Post-Run: 246,092,943,360 bytes free

.

- - End Of File - - 397DA8D699A150DF140E688C2D9992C4

tinaroo · June 10, 2011

Sorry, I meant to say it had found a rootkit, not a trojan.

Elise · June 10, 2011

Hi, to be sure lets also do an extra rootkit scan. Do you have any problem left at this point?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

tinaroo · June 11, 2011

Everything ran smoothly for this. It found something with TDSS in the name which it then cured after a reboot. Hopefully, the problem is fixed now.

2011/06/11 11:47:21.0967 5812 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/11 11:47:21.0983 5812 ================================================================================

2011/06/11 11:47:21.0983 5812 SystemInfo:

2011/06/11 11:47:21.0983 5812

2011/06/11 11:47:21.0983 5812 OS Version: 6.1.7600 ServicePack: 0.0

2011/06/11 11:47:21.0983 5812 Product type: Workstation

2011/06/11 11:47:21.0983 5812 ComputerName: MICHAELEVERETT

2011/06/11 11:47:21.0983 5812 UserName: Michael Everett

2011/06/11 11:47:21.0983 5812 Windows directory: C:\Windows

2011/06/11 11:47:21.0983 5812 System windows directory: C:\Windows

2011/06/11 11:47:21.0983 5812 Processor architecture: Intel x86

2011/06/11 11:47:21.0983 5812 Number of processors: 2

2011/06/11 11:47:21.0983 5812 Page size: 0x1000

2011/06/11 11:47:21.0983 5812 Boot type: Normal boot

2011/06/11 11:47:21.0983 5812 ================================================================================

2011/06/11 11:47:23.0012 5812 Initialize success

2011/06/11 11:47:33.0745 2408 ================================================================================

2011/06/11 11:47:33.0745 2408 Scan started

2011/06/11 11:47:33.0745 2408 Mode: Manual;

2011/06/11 11:47:33.0745 2408 ================================================================================

2011/06/11 11:47:34.0432 2408 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/06/11 11:47:34.0463 2408 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/06/11 11:47:34.0588 2408 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/06/11 11:47:34.0634 2408 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/06/11 11:47:34.0775 2408 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/06/11 11:47:34.0900 2408 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/06/11 11:47:34.0978 2408 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/06/11 11:47:35.0149 2408 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/06/11 11:47:35.0227 2408 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/06/11 11:47:35.0274 2408 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/06/11 11:47:35.0383 2408 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/06/11 11:47:35.0414 2408 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/06/11 11:47:35.0477 2408 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/06/11 11:47:35.0524 2408 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/06/11 11:47:35.0617 2408 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/06/11 11:47:35.0664 2408 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/06/11 11:47:35.0711 2408 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2011/06/11 11:47:35.0773 2408 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/06/11 11:47:35.0976 2408 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2011/06/11 11:47:36.0085 2408 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/06/11 11:47:36.0194 2408 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/06/11 11:47:36.0226 2408 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/06/11 11:47:36.0288 2408 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/11 11:47:36.0366 2408 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/06/11 11:47:36.0428 2408 AtiHdmiService (0bf168115851f9a7e070dc16901cf7c1) C:\Windows\system32\drivers\AtiHdmi.sys

2011/06/11 11:47:36.0538 2408 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/11 11:47:36.0694 2408 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/06/11 11:47:36.0787 2408 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/06/11 11:47:36.0834 2408 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/06/11 11:47:36.0928 2408 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/06/11 11:47:36.0990 2408 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/06/11 11:47:37.0052 2408 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/06/11 11:47:37.0130 2408 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/11 11:47:37.0177 2408 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/11 11:47:37.0208 2408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/06/11 11:47:37.0224 2408 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/06/11 11:47:37.0255 2408 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/06/11 11:47:37.0286 2408 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/11 11:47:37.0302 2408 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/11 11:47:37.0333 2408 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/11 11:47:37.0396 2408 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/06/11 11:47:37.0427 2408 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/06/11 11:47:37.0442 2408 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/06/11 11:47:37.0489 2408 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/06/11 11:47:37.0520 2408 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/06/11 11:47:37.0567 2408 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

2011/06/11 11:47:37.0645 2408 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys

2011/06/11 11:47:37.0754 2408 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/06/11 11:47:37.0801 2408 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/06/11 11:47:38.0004 2408 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/11 11:47:38.0066 2408 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/11 11:47:38.0144 2408 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/06/11 11:47:38.0176 2408 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/06/11 11:47:38.0269 2408 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/11 11:47:38.0316 2408 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/06/11 11:47:38.0378 2408 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/06/11 11:47:38.0456 2408 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/11 11:47:38.0503 2408 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/06/11 11:47:38.0706 2408 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/06/11 11:47:38.0800 2408 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/06/11 11:47:38.0862 2408 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/06/11 11:47:38.0909 2408 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/06/11 11:47:38.0987 2408 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/06/11 11:47:39.0080 2408 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/06/11 11:47:39.0127 2408 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/11 11:47:39.0268 2408 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/06/11 11:47:39.0486 2408 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/06/11 11:47:39.0548 2408 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys

2011/06/11 11:47:39.0611 2408 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/06/11 11:47:39.0673 2408 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/06/11 11:47:39.0751 2408 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/06/11 11:47:39.0798 2408 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/11 11:47:39.0876 2408 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/06/11 11:47:39.0907 2408 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/06/11 11:47:39.0938 2408 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/11 11:47:40.0032 2408 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/06/11 11:47:40.0079 2408 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/06/11 11:47:40.0110 2408 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/11 11:47:40.0188 2408 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/11 11:47:40.0250 2408 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/06/11 11:47:40.0344 2408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/06/11 11:47:40.0391 2408 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/11 11:47:40.0422 2408 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/06/11 11:47:40.0469 2408 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/11 11:47:40.0500 2408 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/06/11 11:47:40.0531 2408 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/06/11 11:47:40.0609 2408 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/06/11 11:47:40.0703 2408 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/11 11:47:40.0781 2408 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/06/11 11:47:40.0843 2408 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/06/11 11:47:40.0937 2408 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/06/11 11:47:40.0999 2408 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/06/11 11:47:41.0046 2408 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/11 11:47:41.0093 2408 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/11 11:47:41.0202 2408 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/06/11 11:47:41.0249 2408 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/06/11 11:47:41.0280 2408 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/06/11 11:47:41.0311 2408 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/11 11:47:41.0358 2408 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/11 11:47:41.0389 2408 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/06/11 11:47:41.0420 2408 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/06/11 11:47:41.0483 2408 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/06/11 11:47:41.0545 2408 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/06/11 11:47:41.0592 2408 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/11 11:47:41.0654 2408 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys

2011/06/11 11:47:41.0717 2408 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/11 11:47:41.0795 2408 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/06/11 11:47:41.0857 2408 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/11 11:47:41.0873 2408 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/11 11:47:41.0982 2408 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/06/11 11:47:42.0091 2408 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/11 11:47:42.0138 2408 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/06/11 11:47:42.0169 2408 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/06/11 11:47:42.0232 2408 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/06/11 11:47:42.0263 2408 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/06/11 11:47:42.0325 2408 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/06/11 11:47:42.0388 2408 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/06/11 11:47:42.0466 2408 LUsbFilt (9bbd8674c1d3811b851c8cf8a8e30e2c) C:\Windows\system32\Drivers\LUsbFilt.Sys

2011/06/11 11:47:42.0497 2408 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/06/11 11:47:42.0544 2408 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/06/11 11:47:42.0575 2408 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/06/11 11:47:42.0606 2408 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/11 11:47:42.0700 2408 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/11 11:47:42.0762 2408 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/11 11:47:42.0824 2408 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/06/11 11:47:42.0840 2408 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/06/11 11:47:42.0871 2408 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/11 11:47:42.0918 2408 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/06/11 11:47:42.0980 2408 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/11 11:47:43.0012 2408 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/11 11:47:43.0043 2408 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/11 11:47:43.0121 2408 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/06/11 11:47:43.0136 2408 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/06/11 11:47:43.0183 2408 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/06/11 11:47:43.0246 2408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/11 11:47:43.0292 2408 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/06/11 11:47:43.0339 2408 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/11 11:47:43.0386 2408 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/11 11:47:43.0402 2408 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/06/11 11:47:43.0433 2408 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/06/11 11:47:43.0448 2408 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/11 11:47:43.0480 2408 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/06/11 11:47:43.0511 2408 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/06/11 11:47:43.0542 2408 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/06/11 11:47:43.0604 2408 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/11 11:47:43.0667 2408 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/06/11 11:47:43.0745 2408 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/11 11:47:43.0807 2408 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/11 11:47:43.0838 2408 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/11 11:47:43.0901 2408 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/11 11:47:43.0932 2408 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/06/11 11:47:43.0979 2408 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/11 11:47:44.0010 2408 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/11 11:47:44.0244 2408 NETw1v32 (d1f531b61cb35422d691e545de60554c) C:\Windows\system32\DRIVERS\NETw1v32.sys

2011/06/11 11:47:44.0540 2408 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys

2011/06/11 11:47:44.0712 2408 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/06/11 11:47:44.0790 2408 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/06/11 11:47:44.0806 2408 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/11 11:47:44.0868 2408 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/06/11 11:47:44.0977 2408 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/06/11 11:47:45.0024 2408 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

2011/06/11 11:47:45.0102 2408 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/06/11 11:47:45.0164 2408 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/06/11 11:47:45.0211 2408 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/06/11 11:47:45.0320 2408 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/06/11 11:47:45.0367 2408 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/06/11 11:47:45.0414 2408 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/06/11 11:47:45.0445 2408 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/06/11 11:47:45.0508 2408 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/06/11 11:47:45.0523 2408 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/06/11 11:47:45.0554 2408 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/06/11 11:47:45.0586 2408 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/06/11 11:47:45.0664 2408 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/06/11 11:47:45.0866 2408 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/11 11:47:45.0898 2408 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/06/11 11:47:45.0960 2408 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/11 11:47:46.0038 2408 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/06/11 11:47:46.0147 2408 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/06/11 11:47:46.0178 2408 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/11 11:47:46.0210 2408 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/11 11:47:46.0256 2408 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/11 11:47:46.0288 2408 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/11 11:47:46.0334 2408 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/11 11:47:46.0366 2408 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/11 11:47:46.0381 2408 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/11 11:47:46.0428 2408 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/11 11:47:46.0506 2408 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/11 11:47:46.0553 2408 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/06/11 11:47:46.0584 2408 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/11 11:47:46.0615 2408 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/11 11:47:46.0646 2408 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/06/11 11:47:46.0756 2408 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/06/11 11:47:46.0849 2408 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/06/11 11:47:46.0912 2408 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/11 11:47:46.0958 2408 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/06/11 11:47:47.0021 2408 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/06/11 11:47:47.0130 2408 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys

2011/06/11 11:47:47.0177 2408 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/11 11:47:47.0224 2408 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

2011/06/11 11:47:47.0302 2408 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/11 11:47:47.0395 2408 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/11 11:47:47.0442 2408 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/06/11 11:47:47.0473 2408 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/06/11 11:47:47.0520 2408 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/06/11 11:47:47.0536 2408 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/06/11 11:47:47.0567 2408 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/06/11 11:47:47.0582 2408 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/11 11:47:47.0645 2408 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/06/11 11:47:47.0770 2408 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/06/11 11:47:47.0832 2408 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/06/11 11:47:47.0863 2408 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/06/11 11:47:47.0941 2408 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/06/11 11:47:48.0050 2408 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/06/11 11:47:48.0082 2408 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/11 11:47:48.0113 2408 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/06/11 11:47:48.0175 2408 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/06/11 11:47:48.0222 2408 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/06/11 11:47:48.0331 2408 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/11 11:47:48.0394 2408 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/06/11 11:47:48.0456 2408 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/06/11 11:47:48.0518 2408 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys

2011/06/11 11:47:48.0784 2408 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/11 11:47:48.0846 2408 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\Windows\system32\DRIVERS\SynTP.sys

2011/06/11 11:47:48.0971 2408 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/06/11 11:47:49.0080 2408 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/11 11:47:49.0111 2408 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/11 11:47:49.0158 2408 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/06/11 11:47:49.0189 2408 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/06/11 11:47:49.0205 2408 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/11 11:47:49.0220 2408 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/11 11:47:49.0298 2408 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/11 11:47:49.0376 2408 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/11 11:47:49.0408 2408 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/06/11 11:47:49.0439 2408 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/11 11:47:49.0501 2408 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/06/11 11:47:49.0532 2408 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/11 11:47:49.0579 2408 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/06/11 11:47:49.0688 2408 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2011/06/11 11:47:49.0751 2408 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/11 11:47:49.0782 2408 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/06/11 11:47:49.0813 2408 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/11 11:47:49.0844 2408 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/11 11:47:49.0876 2408 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/06/11 11:47:49.0907 2408 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/11 11:47:49.0938 2408 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/11 11:47:50.0000 2408 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/11 11:47:50.0063 2408 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/06/11 11:47:50.0125 2408 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/06/11 11:47:50.0156 2408 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/11 11:47:50.0188 2408 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/06/11 11:47:50.0219 2408 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/06/11 11:47:50.0250 2408 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/06/11 11:47:50.0328 2408 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/06/11 11:47:50.0344 2408 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/06/11 11:47:50.0359 2408 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/06/11 11:47:50.0406 2408 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/06/11 11:47:50.0484 2408 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/06/11 11:47:50.0562 2408 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys

2011/06/11 11:47:50.0718 2408 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/06/11 11:47:50.0765 2408 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/06/11 11:47:50.0796 2408 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/06/11 11:47:50.0812 2408 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/06/11 11:47:50.0874 2408 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/06/11 11:47:50.0921 2408 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/11 11:47:50.0936 2408 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/11 11:47:51.0061 2408 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/06/11 11:47:51.0139 2408 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/11 11:47:51.0233 2408 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/11 11:47:51.0264 2408 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/06/11 11:47:51.0420 2408 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/06/11 11:47:51.0467 2408 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/06/11 11:47:51.0514 2408 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/11 11:47:51.0560 2408 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/06/11 11:47:51.0607 2408 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/11 11:47:51.0748 2408 MBR (0x1B8) (8207763beda3258263acda732c1cf617) \Device\Harddisk0\DR0

2011/06/11 11:47:51.0748 2408 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/11 11:47:51.0748 2408 ================================================================================

2011/06/11 11:47:51.0748 2408 Scan finished

2011/06/11 11:47:51.0748 2408 ================================================================================

2011/06/11 11:47:51.0763 1344 Detected object count: 1

2011/06/11 11:47:51.0763 1344 Actual detected object count: 1

2011/06/11 11:48:05.0366 1344 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/11 11:48:05.0366 1344 \Device\Harddisk0\DR0 - ok

2011/06/11 11:48:05.0366 1344 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/11 11:48:12.0932 5248 Deinitialize success

Elise · June 11, 2011

Unfortunately you had a nasty rootkit on your computer. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please rerun combofix and post me the new log.

tinaroo · June 11, 2011

Could you please give me more information about what a backdoor is and does. Is there no way to remove the backdoor without reformatting? I really don't want o have to do that. It's exam period and all this extra stress is not helpful.

I generally use this computer for recreation: music, videos and the like. However, I also do internet banking and access my university profile on it which I think are the only security risks. There are no other important files of that sort. I don't know if this is relavent but I connect through the university's proxy which is run by pretty capable people. I mention this because the link you gave me mentioned something about firewalls and I imagine this means I was behind two of them.

The only effects that I have noticed have been the redirection ones that I mentioned earlier. I think it might just be adware because I googled the name of something that turned up in the status bar for a second or two (plusone) and it came up with marketing links. As far as I know, there have been no access attampts on any account of mine for anything from another IP address. I will check with my bank as soon as I am able.

How bad is this? Here's the new log from combofix.

ComboFix 11-06-10.05 - Michael Everett 11/06/2011 18:29:29.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.1753 [GMT 10:00]

Running from: c:\users\Michael Everett\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))

.

2073-04-13 07:17 . 2006-11-21 10:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Family\AppData\Local\temp

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp