Jump to content

Recommended Posts

I've been getting a lot of problems lately while on the net. Often when I follow a link on google, the status bar shows "Requesting from google.ad.sgdoubleclick.net" or I get redirected to some random site which doesn't display (usually just a blank page or a few words). Also, when typing into google it doesn't come up with the dropdown menu of popular searches. Occasionally, I also get random tabs opening which start out directed to some random site but end up on google.com/webhp, whateveer that is.

I read somewhere that this could be caused by the extension XULRunner. For some reason I had two copies so I disabled both of them. The google.ad.sgdoubleclick.net and google dropdown issues seem to be resolved but the other two remain.

I haven't been able to find anything with Avira AntiVir or Malwarebytes. However, when I start up Malwarebytes, it says that the database is 13 days old and when I try to update it, the following error appears.

"PROGRAM_ERROR_UPDATING (12163, 0, IsInternetConnected)"

I've also tried Spybot Search and Destroy 2 but after I installed it, it said that important files for successful scanning are missing. I am unable to uninstall this programme either. When I attempt it, the progress bar doesn't move.

Is there someone able to help me?

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Here's what is written in DDS.txt. It said not to post the attach.txt unless specifically asked so I'll assume you don't need it. I've saved it just in case you do. Thanks for replying so quickly by the way.

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Michael Everett at 0:21:31 on 2011-06-11

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.1739 [GMT 10:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe

C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\AnalogX\NetStat Live\nsl.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\net.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\net1.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://sydney.edu.au/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [AdobeBridge]

uRun: [Google Update] "c:\users\michael everett\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam"

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [NetStat Live] c:\program files\analogx\netstat live\nsl.exe

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

Trusted Zone: microsoft.com

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 125.254.64.202 125.254.64.203

TCP: Interfaces\{16B331AC-E42A-43F9-B37F-7D3F1906D1C1}\57379746D27657563747 : DhcpNameServer = 129.78.64.2 129.78.64.1

TCP: Interfaces\{16B331AC-E42A-43F9-B37F-7D3F1906D1C1}\D494E444 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{5A416805-8EEB-43F9-A879-AC16148FFBDF} : DhcpNameServer = 125.254.64.202 125.254.64.203

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: SDWinLogon - SDWinLogon.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\michael everett\appdata\roaming\mozilla\firefox\profiles\n4ds0ug2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://sydney.edu.au/

FF - prefs.js: network.proxy.type - 2

FF - plugin: c:\program files\microsoft silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\users\michael everett\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2009-8-25 81920]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-3 176128]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-7 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-7 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-7 61960]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]

R2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\spybot - search & destroy 2\SDFWSvc.exe [2011-6-9 3585696]

R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\spybot - search & destroy 2\SDMonSvc.exe [2011-6-9 3834456]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-6-9 3515656]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-6-9 167040]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-10 493248]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-25 29472]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-15 228408]

R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-25 185344]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-6-9 3769048]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw1v32.sys [2009-8-25 5958656]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-2 1343400]

.

=============== Created Last 30 ================

.

2073-04-13 07:17:26 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe

2011-06-09 10:16:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-09 10:16:08 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-06-09 10:15:56 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-06-09 09:01:05 -------- d-----w- c:\users\michael everett\appdata\roaming\Malwarebytes

2011-06-09 09:00:56 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-09 09:00:55 -------- d-----w- c:\programdata\Malwarebytes

2011-06-09 09:00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-09 09:00:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-07 23:54:59 -------- d-----w- c:\users\michael everett\appdata\roaming\Avira

2011-06-07 07:58:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-07 07:58:52 -------- d-----w- c:\programdata\Avira

2011-06-07 07:58:52 -------- d-----w- c:\program files\Avira

2011-06-03 08:59:51 -------- d-----w- c:\users\michael everett\appdata\local\Oblivion

2011-06-03 08:55:39 -------- d-----w- c:\program files\Bethesda Softworks

2011-05-29 06:51:33 -------- d-----w- c:\windows\system32\custom matrices

2011-05-29 06:51:32 -------- d-----w- c:\windows\system32\QuickTime

2011-05-29 06:51:32 -------- d-----w- c:\windows\system32\C2MP

2011-05-29 06:33:27 -------- d-----w- c:\program files\Winamp Detect

2011-05-29 06:33:19 -------- d-----w- c:\program files\common files\PX Storage Engine

2011-05-16 03:18:34 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de20b6f6-5f18-4fca-aa19-f9283764b485}\mpengine.dll

.

==================== Find3M ====================

.

2011-05-02 23:05:10 3661824 ----a-w- c:\windows\system32\ffdshow.ax

2011-05-02 22:30:50 1144147 ----a-w- c:\windows\system32\ffmpegmt.dll

2011-05-02 22:27:54 3935545 ----a-w- c:\windows\system32\ffmpeg.dll

2011-05-02 20:23:46 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-05-02 20:19:34 100352 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-05-02 20:19:20 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-03-18 21:32:44 163840 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-03-18 21:29:56 181248 ----a-w- c:\windows\system32\ff_unrar.dll

2011-03-18 21:28:30 1557504 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-03-18 21:27:08 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2011-03-18 21:26:44 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-03-18 21:25:38 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2011-03-18 21:25:24 141312 ----a-w- c:\windows\system32\ff_liba52.dll

2010-02-10 00:25:06 83456 ----a-w- c:\program files\University Internet.exe

.

============= FINISH: 0:22:37.81 ===============

Link to post
Share on other sites

Hi again, please post me attach.txt as well. :) I don't need it immediately, but will after a few steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

It didn't prompt for installation for the recovery console and I've never installed it. Does it come standard now? Anyway, it seemed to work because a message box popped upsaying it had found a trojan. Here's what it gave me along with attach.txt which has been compressed. It's late now so I'll follow any further instructions you give me in the morning.

ComboFix 11-06-10.05 - Michael Everett 11/06/2011 2:08.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.2138 [GMT 10:00]

Running from: c:\users\Michael Everett\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\chrome.manifest

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\chrome\content\_cfg.js

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\chrome\content\overlay.xul

c:\users\Administrator\AppData\Local\{DA84236B-86D4-410F-8870-3B35E2F383D0}\install.rdf

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\chrome.manifest

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\chrome\content\_cfg.js

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\chrome\content\overlay.xul

c:\users\Michael Everett\AppData\Local\{76A08B9F-8805-4DFC-9CFA-09A1B3A4616B}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))

.

.

2073-04-13 07:17 . 2006-11-21 10:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-06-10 16:19 . 2011-06-10 16:19 -------- d-----w- c:\users\Michael Everett\AppData\Local\temp

2011-06-10 16:19 . 2011-06-10 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-09 10:16 . 2011-06-09 10:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-09 10:16 . 2009-01-25 03:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-06-09 10:15 . 2011-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-06-09 09:01 . 2011-06-09 09:01 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Malwarebytes

2011-06-09 09:00 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-09 09:00 . 2011-06-09 09:00 -------- d-----w- c:\programdata\Malwarebytes

2011-06-09 09:00 . 2011-06-09 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-09 09:00 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 23:54 . 2011-06-07 23:54 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Avira

2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\programdata\Avira

2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\program files\Avira

2011-06-07 07:58 . 2011-04-01 07:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-07 07:58 . 2011-04-01 07:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-03 08:59 . 2011-06-03 09:00 -------- d-----w- c:\users\Michael Everett\AppData\Local\Oblivion

2011-06-03 08:55 . 2011-06-03 08:55 -------- d-----w- c:\program files\Bethesda Softworks

2011-05-29 06:53 . 2011-05-29 06:53 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\DivX

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\custom matrices

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\C2MP

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\QuickTime

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Winamp Detect

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-05-29 06:33 . 2011-05-29 06:42 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Winamp

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Winamp

2011-05-16 03:18 . 2011-04-17 23:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE20B6F6-5F18-4FCA-AA19-F9283764B485}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-16 00:21 . 2011-04-24 14:24 0 ----a-w- c:\users\Michael Everett\AppData\Local\Xpova.bin

2011-05-02 23:05 . 2011-05-02 23:05 3661824 ----a-w- c:\windows\system32\ffdshow.ax

2011-05-02 22:30 . 2011-05-02 22:30 1144147 ----a-w- c:\windows\system32\ffmpegmt.dll

2011-05-02 22:27 . 2011-05-02 22:27 3935545 ----a-w- c:\windows\system32\ffmpeg.dll

2011-05-02 20:23 . 2011-05-02 20:23 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-05-02 20:19 . 2011-05-02 20:19 100352 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-05-02 20:19 . 2011-05-02 20:19 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-05-02 07:50 . 2011-05-02 07:50 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-02 07:50 . 2011-05-02 07:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-02 07:50 . 2011-05-02 07:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-02 07:50 . 2011-05-02 07:50 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-02 07:50 . 2011-05-02 07:50 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-02 07:50 . 2011-05-02 07:50 367104 ----a-w- c:\windows\system32\html.iec

2011-05-02 07:50 . 2011-05-02 07:50 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-02 07:50 . 2011-05-02 07:50 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-02 07:50 . 2011-05-02 07:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-02 07:50 . 2011-05-02 07:50 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-02 07:50 . 2011-05-02 07:50 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-02 07:50 . 2011-05-02 07:50 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-02 07:50 . 2011-05-02 07:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-02 07:50 . 2011-05-02 07:50 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-02 07:50 . 2011-05-02 07:50 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-05-02 07:50 . 2011-05-02 07:50 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-02 07:50 . 2011-05-02 07:50 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-02 07:50 . 2011-05-02 07:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-02 07:50 . 2011-05-02 07:50 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-02 07:50 . 2011-05-02 07:50 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-02 07:50 . 2011-05-02 07:50 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-02 03:14 . 2011-05-02 03:14 1266 ----a-w- c:\users\Michael Everett\AppData\Local\ayimafey.dll

2011-03-30 07:09 . 2011-03-30 07:09 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-03-18 21:32 . 2011-03-18 21:32 163840 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-03-18 21:29 . 2011-03-18 21:29 181248 ----a-w- c:\windows\system32\ff_unrar.dll

2011-03-18 21:28 . 2011-03-18 21:28 1557504 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-03-18 21:27 . 2011-03-18 21:27 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2011-03-18 21:26 . 2011-03-18 21:26 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-03-18 21:25 . 2011-03-18 21:25 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2011-03-18 21:25 . 2011-03-18 21:25 141312 ----a-w- c:\windows\system32\ff_liba52.dll

2010-02-10 00:25 . 2010-02-10 00:25 83456 ----a-w- c:\program files\University Internet.exe

2011-03-18 17:57 . 2011-03-27 02:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]

"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]

"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 148888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"NetStat Live"="c:\program files\AnalogX\NetStat Live\nsl.exe" [2011-02-19 184304]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-05-10 5607080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Michael Everett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Michael Everett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-13 21:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 08:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

2009-05-13 00:09 581480 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 13:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]

2009-07-21 17:34 567864 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-05-11 167040]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 cpuz130;cpuz130;c:\users\MICHAE~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-10 3585696]

S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-10 3834456]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-05-10 3515656]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-05-10 3769048]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185294379-445280456-1778739153-1000Core.job

- c:\users\Michael Everett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:24]

.

2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185294379-445280456-1778739153-1000UA.job

- c:\users\Michael Everett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sydney.edu.au/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: microsoft.com

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Michael Everett\AppData\Roaming\Mozilla\Firefox\Profiles\n4ds0ug2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://sydney.edu.au/

FF - prefs.js: network.proxy.type - 2

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-AdobeBridge - (no file)

Notify-SDWinLogon - SDWinLogon.dll

MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe

MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

AddRemove-{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 - c:\users\Michael Everett\Desktop\Random Crap\Desktop\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-11 02:21:34

ComboFix-quarantined-files.txt 2011-06-10 16:21

.

Pre-Run: 240,440,590,336 bytes free

Post-Run: 246,092,943,360 bytes free

.

- - End Of File - - 397DA8D699A150DF140E688C2D9992C4

Link to post
Share on other sites

Hi, to be sure lets also do an extra rootkit scan. Do you have any problem left at this point?

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Everything ran smoothly for this. It found something with TDSS in the name which it then cured after a reboot. Hopefully, the problem is fixed now.

2011/06/11 11:47:21.0967 5812 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48

2011/06/11 11:47:21.0983 5812 ================================================================================

2011/06/11 11:47:21.0983 5812 SystemInfo:

2011/06/11 11:47:21.0983 5812

2011/06/11 11:47:21.0983 5812 OS Version: 6.1.7600 ServicePack: 0.0

2011/06/11 11:47:21.0983 5812 Product type: Workstation

2011/06/11 11:47:21.0983 5812 ComputerName: MICHAELEVERETT

2011/06/11 11:47:21.0983 5812 UserName: Michael Everett

2011/06/11 11:47:21.0983 5812 Windows directory: C:\Windows

2011/06/11 11:47:21.0983 5812 System windows directory: C:\Windows

2011/06/11 11:47:21.0983 5812 Processor architecture: Intel x86

2011/06/11 11:47:21.0983 5812 Number of processors: 2

2011/06/11 11:47:21.0983 5812 Page size: 0x1000

2011/06/11 11:47:21.0983 5812 Boot type: Normal boot

2011/06/11 11:47:21.0983 5812 ================================================================================

2011/06/11 11:47:23.0012 5812 Initialize success

2011/06/11 11:47:33.0745 2408 ================================================================================

2011/06/11 11:47:33.0745 2408 Scan started

2011/06/11 11:47:33.0745 2408 Mode: Manual;

2011/06/11 11:47:33.0745 2408 ================================================================================

2011/06/11 11:47:34.0432 2408 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/06/11 11:47:34.0463 2408 Accelerometer (4df5e6215a102a192b2b6dbb61f2fba5) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/06/11 11:47:34.0588 2408 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/06/11 11:47:34.0634 2408 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/06/11 11:47:34.0775 2408 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/06/11 11:47:34.0900 2408 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/06/11 11:47:34.0978 2408 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/06/11 11:47:35.0149 2408 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/06/11 11:47:35.0227 2408 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/06/11 11:47:35.0274 2408 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/06/11 11:47:35.0383 2408 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/06/11 11:47:35.0414 2408 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/06/11 11:47:35.0477 2408 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/06/11 11:47:35.0524 2408 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/06/11 11:47:35.0617 2408 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/06/11 11:47:35.0664 2408 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/06/11 11:47:35.0711 2408 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2011/06/11 11:47:35.0773 2408 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/06/11 11:47:35.0976 2408 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2011/06/11 11:47:36.0085 2408 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/06/11 11:47:36.0194 2408 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/06/11 11:47:36.0226 2408 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/06/11 11:47:36.0288 2408 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/06/11 11:47:36.0366 2408 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/06/11 11:47:36.0428 2408 AtiHdmiService (0bf168115851f9a7e070dc16901cf7c1) C:\Windows\system32\drivers\AtiHdmi.sys

2011/06/11 11:47:36.0538 2408 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/06/11 11:47:36.0694 2408 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/06/11 11:47:36.0787 2408 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/06/11 11:47:36.0834 2408 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/06/11 11:47:36.0928 2408 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/06/11 11:47:36.0990 2408 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/06/11 11:47:37.0052 2408 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/06/11 11:47:37.0130 2408 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/06/11 11:47:37.0177 2408 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/06/11 11:47:37.0208 2408 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/06/11 11:47:37.0224 2408 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/06/11 11:47:37.0255 2408 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/06/11 11:47:37.0286 2408 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/06/11 11:47:37.0302 2408 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/06/11 11:47:37.0333 2408 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/06/11 11:47:37.0396 2408 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/06/11 11:47:37.0427 2408 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/06/11 11:47:37.0442 2408 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/06/11 11:47:37.0489 2408 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/06/11 11:47:37.0520 2408 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/06/11 11:47:37.0567 2408 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys

2011/06/11 11:47:37.0645 2408 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys

2011/06/11 11:47:37.0754 2408 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

2011/06/11 11:47:37.0801 2408 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/06/11 11:47:38.0004 2408 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/06/11 11:47:38.0066 2408 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/06/11 11:47:38.0144 2408 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/06/11 11:47:38.0176 2408 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/06/11 11:47:38.0269 2408 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/06/11 11:47:38.0316 2408 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/06/11 11:47:38.0378 2408 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/06/11 11:47:38.0456 2408 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/06/11 11:47:38.0503 2408 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/06/11 11:47:38.0706 2408 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/06/11 11:47:38.0800 2408 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/06/11 11:47:38.0862 2408 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/06/11 11:47:38.0909 2408 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/06/11 11:47:38.0987 2408 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/06/11 11:47:39.0080 2408 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/06/11 11:47:39.0127 2408 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys

2011/06/11 11:47:39.0268 2408 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/06/11 11:47:39.0486 2408 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/06/11 11:47:39.0548 2408 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\Windows\system32\DRIVERS\enecir.sys

2011/06/11 11:47:39.0611 2408 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/06/11 11:47:39.0673 2408 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/06/11 11:47:39.0751 2408 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/06/11 11:47:39.0798 2408 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/06/11 11:47:39.0876 2408 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/06/11 11:47:39.0907 2408 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/06/11 11:47:39.0938 2408 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/06/11 11:47:40.0032 2408 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/06/11 11:47:40.0079 2408 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/06/11 11:47:40.0110 2408 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/06/11 11:47:40.0188 2408 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/06/11 11:47:40.0250 2408 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/06/11 11:47:40.0344 2408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/06/11 11:47:40.0391 2408 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/06/11 11:47:40.0422 2408 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/06/11 11:47:40.0469 2408 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/06/11 11:47:40.0500 2408 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/06/11 11:47:40.0531 2408 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/06/11 11:47:40.0609 2408 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/06/11 11:47:40.0703 2408 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/06/11 11:47:40.0781 2408 hpdskflt (e1d82f0c8456abb03b7df5d623ca47d1) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/06/11 11:47:40.0843 2408 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/06/11 11:47:40.0937 2408 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/06/11 11:47:40.0999 2408 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/06/11 11:47:41.0046 2408 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/06/11 11:47:41.0093 2408 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/06/11 11:47:41.0202 2408 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/06/11 11:47:41.0249 2408 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/06/11 11:47:41.0280 2408 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/06/11 11:47:41.0311 2408 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/06/11 11:47:41.0358 2408 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/06/11 11:47:41.0389 2408 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/06/11 11:47:41.0420 2408 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/06/11 11:47:41.0483 2408 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/06/11 11:47:41.0545 2408 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/06/11 11:47:41.0592 2408 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/06/11 11:47:41.0654 2408 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\Windows\system32\DRIVERS\jmcr.sys

2011/06/11 11:47:41.0717 2408 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/06/11 11:47:41.0795 2408 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/06/11 11:47:41.0857 2408 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/06/11 11:47:41.0873 2408 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/06/11 11:47:41.0982 2408 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\Windows\system32\DRIVERS\LHidFilt.Sys

2011/06/11 11:47:42.0091 2408 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/06/11 11:47:42.0138 2408 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\Windows\system32\DRIVERS\LMouFilt.Sys

2011/06/11 11:47:42.0169 2408 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/06/11 11:47:42.0232 2408 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/06/11 11:47:42.0263 2408 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/06/11 11:47:42.0325 2408 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/06/11 11:47:42.0388 2408 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/06/11 11:47:42.0466 2408 LUsbFilt (9bbd8674c1d3811b851c8cf8a8e30e2c) C:\Windows\system32\Drivers\LUsbFilt.Sys

2011/06/11 11:47:42.0497 2408 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/06/11 11:47:42.0544 2408 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/06/11 11:47:42.0575 2408 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/06/11 11:47:42.0606 2408 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/06/11 11:47:42.0700 2408 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/06/11 11:47:42.0762 2408 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/06/11 11:47:42.0824 2408 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/06/11 11:47:42.0840 2408 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/06/11 11:47:42.0871 2408 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/06/11 11:47:42.0918 2408 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/06/11 11:47:42.0980 2408 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/06/11 11:47:43.0012 2408 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/06/11 11:47:43.0043 2408 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/06/11 11:47:43.0121 2408 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/06/11 11:47:43.0136 2408 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/06/11 11:47:43.0183 2408 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/06/11 11:47:43.0246 2408 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/06/11 11:47:43.0292 2408 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/06/11 11:47:43.0339 2408 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/06/11 11:47:43.0386 2408 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/06/11 11:47:43.0402 2408 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/06/11 11:47:43.0433 2408 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/06/11 11:47:43.0448 2408 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/06/11 11:47:43.0480 2408 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/06/11 11:47:43.0511 2408 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/06/11 11:47:43.0542 2408 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/06/11 11:47:43.0604 2408 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/06/11 11:47:43.0667 2408 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/06/11 11:47:43.0745 2408 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/06/11 11:47:43.0807 2408 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/06/11 11:47:43.0838 2408 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/06/11 11:47:43.0901 2408 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/06/11 11:47:43.0932 2408 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/06/11 11:47:43.0979 2408 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/06/11 11:47:44.0010 2408 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/06/11 11:47:44.0244 2408 NETw1v32 (d1f531b61cb35422d691e545de60554c) C:\Windows\system32\DRIVERS\NETw1v32.sys

2011/06/11 11:47:44.0540 2408 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys

2011/06/11 11:47:44.0712 2408 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/06/11 11:47:44.0790 2408 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/06/11 11:47:44.0806 2408 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/06/11 11:47:44.0868 2408 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/06/11 11:47:44.0977 2408 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/06/11 11:47:45.0024 2408 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

2011/06/11 11:47:45.0102 2408 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/06/11 11:47:45.0164 2408 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/06/11 11:47:45.0211 2408 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/06/11 11:47:45.0320 2408 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/06/11 11:47:45.0367 2408 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/06/11 11:47:45.0414 2408 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/06/11 11:47:45.0445 2408 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/06/11 11:47:45.0508 2408 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/06/11 11:47:45.0523 2408 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/06/11 11:47:45.0554 2408 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/06/11 11:47:45.0586 2408 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/06/11 11:47:45.0664 2408 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/06/11 11:47:45.0866 2408 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/06/11 11:47:45.0898 2408 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/06/11 11:47:45.0960 2408 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/06/11 11:47:46.0038 2408 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/06/11 11:47:46.0147 2408 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/06/11 11:47:46.0178 2408 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/06/11 11:47:46.0210 2408 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/06/11 11:47:46.0256 2408 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/06/11 11:47:46.0288 2408 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/06/11 11:47:46.0334 2408 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/06/11 11:47:46.0366 2408 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/06/11 11:47:46.0381 2408 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/06/11 11:47:46.0428 2408 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/06/11 11:47:46.0506 2408 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/06/11 11:47:46.0553 2408 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/06/11 11:47:46.0584 2408 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/06/11 11:47:46.0615 2408 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/06/11 11:47:46.0646 2408 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/06/11 11:47:46.0756 2408 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/06/11 11:47:46.0849 2408 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/06/11 11:47:46.0912 2408 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/06/11 11:47:46.0958 2408 RTL8167 (ae51516a7f70af7b5d9070fe41442e87) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/06/11 11:47:47.0021 2408 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/06/11 11:47:47.0130 2408 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys

2011/06/11 11:47:47.0177 2408 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/06/11 11:47:47.0224 2408 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

2011/06/11 11:47:47.0302 2408 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/06/11 11:47:47.0395 2408 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/06/11 11:47:47.0442 2408 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/06/11 11:47:47.0473 2408 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/06/11 11:47:47.0520 2408 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/06/11 11:47:47.0536 2408 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/06/11 11:47:47.0567 2408 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/06/11 11:47:47.0582 2408 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/06/11 11:47:47.0645 2408 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/06/11 11:47:47.0770 2408 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/06/11 11:47:47.0832 2408 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/06/11 11:47:47.0863 2408 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/06/11 11:47:47.0941 2408 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/06/11 11:47:48.0050 2408 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys

2011/06/11 11:47:48.0082 2408 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys

2011/06/11 11:47:48.0113 2408 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/06/11 11:47:48.0175 2408 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

2011/06/11 11:47:48.0222 2408 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

2011/06/11 11:47:48.0331 2408 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys

2011/06/11 11:47:48.0394 2408 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/06/11 11:47:48.0456 2408 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/06/11 11:47:48.0518 2408 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys

2011/06/11 11:47:48.0784 2408 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/06/11 11:47:48.0846 2408 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\Windows\system32\DRIVERS\SynTP.sys

2011/06/11 11:47:48.0971 2408 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

2011/06/11 11:47:49.0080 2408 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

2011/06/11 11:47:49.0111 2408 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/06/11 11:47:49.0158 2408 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/06/11 11:47:49.0189 2408 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/06/11 11:47:49.0205 2408 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/06/11 11:47:49.0220 2408 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/06/11 11:47:49.0298 2408 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/06/11 11:47:49.0376 2408 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/06/11 11:47:49.0408 2408 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/06/11 11:47:49.0439 2408 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/06/11 11:47:49.0501 2408 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/06/11 11:47:49.0532 2408 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/06/11 11:47:49.0579 2408 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/06/11 11:47:49.0688 2408 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2011/06/11 11:47:49.0751 2408 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/06/11 11:47:49.0782 2408 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/06/11 11:47:49.0813 2408 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/06/11 11:47:49.0844 2408 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/06/11 11:47:49.0876 2408 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/06/11 11:47:49.0907 2408 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/06/11 11:47:49.0938 2408 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/06/11 11:47:50.0000 2408 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/06/11 11:47:50.0063 2408 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

2011/06/11 11:47:50.0125 2408 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/06/11 11:47:50.0156 2408 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/06/11 11:47:50.0188 2408 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/06/11 11:47:50.0219 2408 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/06/11 11:47:50.0250 2408 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/06/11 11:47:50.0328 2408 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/06/11 11:47:50.0344 2408 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/06/11 11:47:50.0359 2408 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/06/11 11:47:50.0406 2408 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/06/11 11:47:50.0484 2408 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/06/11 11:47:50.0562 2408 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys

2011/06/11 11:47:50.0718 2408 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/06/11 11:47:50.0765 2408 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/06/11 11:47:50.0796 2408 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/06/11 11:47:50.0812 2408 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/06/11 11:47:50.0874 2408 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/06/11 11:47:50.0921 2408 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/11 11:47:50.0936 2408 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/06/11 11:47:51.0061 2408 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/06/11 11:47:51.0139 2408 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/06/11 11:47:51.0233 2408 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/06/11 11:47:51.0264 2408 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/06/11 11:47:51.0420 2408 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/06/11 11:47:51.0467 2408 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/06/11 11:47:51.0514 2408 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/06/11 11:47:51.0560 2408 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/06/11 11:47:51.0607 2408 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/06/11 11:47:51.0748 2408 MBR (0x1B8) (8207763beda3258263acda732c1cf617) \Device\Harddisk0\DR0

2011/06/11 11:47:51.0748 2408 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/06/11 11:47:51.0748 2408 ================================================================================

2011/06/11 11:47:51.0748 2408 Scan finished

2011/06/11 11:47:51.0748 2408 ================================================================================

2011/06/11 11:47:51.0763 1344 Detected object count: 1

2011/06/11 11:47:51.0763 1344 Actual detected object count: 1

2011/06/11 11:48:05.0366 1344 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/06/11 11:48:05.0366 1344 \Device\Harddisk0\DR0 - ok

2011/06/11 11:48:05.0366 1344 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/06/11 11:48:12.0932 5248 Deinitialize success

Link to post
Share on other sites

Unfortunately you had a nasty rootkit on your computer. Please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please rerun combofix and post me the new log.

Link to post
Share on other sites

:(

Could you please give me more information about what a backdoor is and does. Is there no way to remove the backdoor without reformatting? I really don't want o have to do that. It's exam period and all this extra stress is not helpful.

I generally use this computer for recreation: music, videos and the like. However, I also do internet banking and access my university profile on it which I think are the only security risks. There are no other important files of that sort. I don't know if this is relavent but I connect through the university's proxy which is run by pretty capable people. I mention this because the link you gave me mentioned something about firewalls and I imagine this means I was behind two of them.

The only effects that I have noticed have been the redirection ones that I mentioned earlier. I think it might just be adware because I googled the name of something that turned up in the status bar for a second or two (plusone) and it came up with marketing links. As far as I know, there have been no access attampts on any account of mine for anything from another IP address. I will check with my bank as soon as I am able.

How bad is this? Here's the new log from combofix.

ComboFix 11-06-10.05 - Michael Everett 11/06/2011 18:29:29.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.1753 [GMT 10:00]

Running from: c:\users\Michael Everett\Downloads\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))

.

.

2073-04-13 07:17 . 2006-11-21 10:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Family\AppData\Local\temp

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-11 08:38 . 2011-06-11 08:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-06-09 10:16 . 2011-06-09 10:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-06-09 10:16 . 2009-01-25 03:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2011-06-09 10:15 . 2011-06-09 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2011-06-09 09:01 . 2011-06-09 09:01 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Malwarebytes

2011-06-09 09:00 . 2011-05-28 23:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-09 09:00 . 2011-06-09 09:00 -------- d-----w- c:\programdata\Malwarebytes

2011-06-09 09:00 . 2011-06-09 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-09 09:00 . 2011-05-28 23:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 23:54 . 2011-06-07 23:54 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Avira

2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\programdata\Avira

2011-06-07 07:58 . 2011-06-07 07:58 -------- d-----w- c:\program files\Avira

2011-06-07 07:58 . 2011-04-01 07:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-07 07:58 . 2011-04-01 07:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-06-03 08:59 . 2011-06-03 09:00 -------- d-----w- c:\users\Michael Everett\AppData\Local\Oblivion

2011-06-03 08:55 . 2011-06-03 08:55 -------- d-----w- c:\program files\Bethesda Softworks

2011-05-29 06:53 . 2011-05-29 06:53 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\DivX

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\custom matrices

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\C2MP

2011-05-29 06:51 . 2011-05-29 06:51 -------- d-----w- c:\windows\system32\QuickTime

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Winamp Detect

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2011-05-29 06:33 . 2011-05-29 06:42 -------- d-----w- c:\users\Michael Everett\AppData\Roaming\Winamp

2011-05-29 06:33 . 2011-05-29 06:33 -------- d-----w- c:\program files\Winamp

2011-05-16 03:18 . 2011-04-17 23:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE20B6F6-5F18-4FCA-AA19-F9283764B485}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-16 00:21 . 2011-04-24 14:24 0 ----a-w- c:\users\Michael Everett\AppData\Local\Xpova.bin

2011-05-02 23:05 . 2011-05-02 23:05 3661824 ----a-w- c:\windows\system32\ffdshow.ax

2011-05-02 22:30 . 2011-05-02 22:30 1144147 ----a-w- c:\windows\system32\ffmpegmt.dll

2011-05-02 22:27 . 2011-05-02 22:27 3935545 ----a-w- c:\windows\system32\ffmpeg.dll

2011-05-02 20:23 . 2011-05-02 20:23 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2011-05-02 20:19 . 2011-05-02 20:19 100352 ----a-w- c:\windows\system32\ff_wmv9.dll

2011-05-02 20:19 . 2011-05-02 20:19 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-05-02 07:50 . 2011-05-02 07:50 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-02 07:50 . 2011-05-02 07:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-02 07:50 . 2011-05-02 07:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-02 07:50 . 2011-05-02 07:50 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-02 07:50 . 2011-05-02 07:50 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-02 07:50 . 2011-05-02 07:50 367104 ----a-w- c:\windows\system32\html.iec

2011-05-02 07:50 . 2011-05-02 07:50 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-02 07:50 . 2011-05-02 07:50 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-05-02 07:50 . 2011-05-02 07:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-02 07:50 . 2011-05-02 07:50 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-02 07:50 . 2011-05-02 07:50 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-02 07:50 . 2011-05-02 07:50 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-02 07:50 . 2011-05-02 07:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-02 07:50 . 2011-05-02 07:50 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-02 07:50 . 2011-05-02 07:50 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-05-02 07:50 . 2011-05-02 07:50 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-02 07:50 . 2011-05-02 07:50 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-02 07:50 . 2011-05-02 07:50 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-02 07:50 . 2011-05-02 07:50 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-02 07:50 . 2011-05-02 07:50 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-02 07:50 . 2011-05-02 07:50 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-02 03:14 . 2011-05-02 03:14 1266 ----a-w- c:\users\Michael Everett\AppData\Local\ayimafey.dll

2011-03-30 07:09 . 2011-03-30 07:09 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2011-03-18 21:32 . 2011-03-18 21:32 163840 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2011-03-18 21:29 . 2011-03-18 21:29 181248 ----a-w- c:\windows\system32\ff_unrar.dll

2011-03-18 21:28 . 2011-03-18 21:28 1557504 ----a-w- c:\windows\system32\ff_samplerate.dll

2011-03-18 21:27 . 2011-03-18 21:27 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2011-03-18 21:26 . 2011-03-18 21:26 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2011-03-18 21:25 . 2011-03-18 21:25 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2011-03-18 21:25 . 2011-03-18 21:25 141312 ----a-w- c:\windows\system32\ff_liba52.dll

2010-02-10 00:25 . 2010-02-10 00:25 83456 ----a-w- c:\program files\University Internet.exe

2011-03-18 17:57 . 2011-03-27 02:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-22 458844]

"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]

"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 148888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"NetStat Live"="c:\program files\AnalogX\NetStat Live\nsl.exe" [2011-02-19 184304]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-05-10 5607080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-31 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Michael Everett^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Michael Everett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-13 21:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 08:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]

2009-05-13 00:09 581480 ----a-w- c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 13:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]

2009-07-21 17:34 567864 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 cpuz130;cpuz130;c:\users\MICHAE~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]

R3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [2009-03-02 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]

S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-10 3585696]

S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-10 3834456]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-05-10 3515656]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-05-10 3769048]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-05-11 167040]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185294379-445280456-1778739153-1000Core.job

- c:\users\Michael Everett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:24]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2185294379-445280456-1778739153-1000UA.job

- c:\users\Michael Everett\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-26 21:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sydney.edu.au/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: mbamupdates.com

Trusted Zone: microsoft.com

TCP: DhcpNameServer = 125.254.64.202 125.254.64.203

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.usyd.edu.au/CACHE/stc/1/binaries/vpnweb.cab

FF - ProfilePath - c:\users\Michael Everett\AppData\Roaming\Mozilla\Firefox\Profiles\n4ds0ug2.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://sydney.edu.au/

FF - prefs.js: network.proxy.type - 2

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5352)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Completion time: 2011-06-11 18:39:57

ComboFix-quarantined-files.txt 2011-06-11 08:39

.

Pre-Run: 246,401,036,288 bytes free

Post-Run: 248,581,136,384 bytes free

.

- - End Of File - - 5E0E5F0FB583E6A5D8C2ED0ACFC7C171

Link to post
Share on other sites

The redirects were caused by this rootkit.

A backdoor is a vulnerability in your Windows system. It cannot be "fixed" because it is not known where/how it is created. Most likely you should be fine, but I cannot give you 100% guarantee. The infection itself is gone and no longer poses a threat, but a possible backdoor can be exploited by future malware.

In your case I'd recommend you for now to do the cleanup and afterwards decide if you want to reformat or not, so you won't have to do this during your exams.

Please let me know if you have any problem left at this point. Run MBAM, update it and do a full scan. Post me the resulting log.

Link to post
Share on other sites

I still can't update the database. It came up with "PROGRAM_ERROR_UPDATING (12163, 0, IsInternetConnected)" again. Is it possible to manually download the update? Some programmes have trouble accessing the internet here because we use a proxy. This is from its 14 day old database.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6705

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

12/06/2011 1:41:54 AM

mbam-log-2011-06-12 (01-41-54).txt

Scan type: Full scan (C:\|)

Objects scanned: 635465

Time elapsed: 1 hour(s), 39 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hmm... now it says I'm out by 37 days. I just downloaded the exe and ran it. Am I supposed to do something else as well?

Yes, I have always had similar problems with Win Defender, Win Update and Avast (hence the switch to Avira). Other programmes, like Skype, are impossible to use. It's a real pain.

Link to post
Share on other sites

Can you once again download the MBAM update manually and see if it makes a difference?

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Besides the proxy problem, do you have any problem left?

Link to post
Share on other sites

Still doesn't work. Reinstalling it doesn't work either. Why can you only download an outdated version?

All of my original problems have been fixed though. Thanks so much, you guys are truly awesome. I just wish I had time to learn how to do this so I could help others.

Link to post
Share on other sites

From the FAQ topic:

You can also download a manual update from here - NOTE: This manual update will always be way behind in version level compared to updates from within the program
So, unfortunately these updates are behind. Although, your logs do not show any evidence of malware, so MBAM would not show any active infection.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and TDSSkiller

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

I uninstalled Malewarebytes and installed SuperAntiSpyware instead. I can get their updates to work so that's good. I did a quick scan and it found a whole lot of ad tracking cookies. Spyware blaster has an option to use your proxy settings for updates which I wish all programmes had.

Everything is running smoothly. Thanks again for your help.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.