malwarebytes runs clean but...

[TQIS Makes Websites]

Hello.

In the attached log, mbam reports a registry value infection that seems consistent with this rogue svchost.exe process.

mbam now runs clean, but I still have a big problem on my Windows XP. The Task Manager shown in the attached screenshot highlights a svchost.exe process spinning out of control. At some point, the machine will start to swap paged memory, ignore interrupts and user input, and force me to reboot. My work-around is to constantly monitor the task manager; kill the spinning process; and use Administrative Tools/Services to restart a few networking essentials.

Sorry if the attached screenshot is excessive. The console window shows the results of the following command:

tasklist /SVC /FI "IMAGENAME EQ SVCHOST.EXE"

Can anyone recommend a next step?

Thanks!

Jim

mbam-log-2009-05-29 (14-26-30).txt

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[TQIS Makes Websites]

The 3 requested attachments follows.

Thanks!

-Jim

mbam-log-2011-07-29 (13-47-14).txt

attach.txt

dds.txt

[screen317]

Hi,

Please do not attach any logs.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[TQIS Makes Websites]

I find your request a little confusing. How do I post a log without attaching a log? Is there somewhere else on the MBAM website to post files without attaching them to forum messages? Your original request also requested that I post the MBAM log separate from my reply.

Please let me know if I am somehow not following your instructions correctly.

-Jim

combofixlog.txt

[screen317]

Hi,

Just copy and paste the text of the file into your reply....

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[TQIS Makes Websites]

Thanks for clarifying things. I just killed another spinning svchost.exe process, and when I launch FireFox, a 2nd tab automatically opens displaying ads. These two indications of an infection remain consistent after a couple weeks.

I ran ESET. It reported a couple issues. But I cannot determine if/where any logs are. When I ran ESET a second time,

it reported clean results.

Here are the results of your SecurityCheck scan:

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 25

Java SE Development Kit 6 Update 25

Java DB 10.6.2.1

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

[screen317]

You may have a new infection here.

Grab a fresh copy of ComboFix, run it, and post its log directly into your reply.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

• Click the "Scan" button to start scan.
  
• Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  
• Please post the contents of that log in your next reply.
  

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

[TQIS Makes Websites]

TDSKiller did the job! Here is the log:

2011/08/11 18:53:05.0421 2172 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13

2011/08/11 18:53:05.0781 2172 ================================================================================

2011/08/11 18:53:05.0781 2172 SystemInfo:

2011/08/11 18:53:05.0781 2172

2011/08/11 18:53:05.0781 2172 OS Version: 5.1.2600 ServicePack: 2.0

2011/08/11 18:53:05.0781 2172 Product type: Workstation

2011/08/11 18:53:05.0781 2172 ComputerName: SUNNY-JIM

2011/08/11 18:53:05.0781 2172 UserName: Jim

2011/08/11 18:53:05.0781 2172 Windows directory: C:\WINDOWS

2011/08/11 18:53:05.0781 2172 System windows directory: C:\WINDOWS

2011/08/11 18:53:05.0781 2172 Processor architecture: Intel x86

2011/08/11 18:53:05.0781 2172 Number of processors: 2

2011/08/11 18:53:05.0781 2172 Page size: 0x1000

2011/08/11 18:53:05.0781 2172 Boot type: Normal boot

2011/08/11 18:53:05.0781 2172 ================================================================================

2011/08/11 18:53:06.0765 2172 Initialize success

2011/08/11 18:53:12.0015 2052 ================================================================================

2011/08/11 18:53:12.0015 2052 Scan started

2011/08/11 18:53:12.0015 2052 Mode: Manual;

2011/08/11 18:53:12.0015 2052 ================================================================================

2011/08/11 18:53:12.0984 2052 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/11 18:53:13.0000 2052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/08/11 18:53:13.0046 2052 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/08/11 18:53:13.0093 2052 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/08/11 18:53:13.0140 2052 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/08/11 18:53:13.0281 2052 Andbus (45039ad240754b3bd789668c2c986ea7) C:\WINDOWS\system32\DRIVERS\lgandbus.sys

2011/08/11 18:53:13.0296 2052 AndDiag (f7ec18db02c9fb26aed52e0e1bb98960) C:\WINDOWS\system32\DRIVERS\lganddiag.sys

2011/08/11 18:53:13.0328 2052 AndGps (6d79f0c7f33dd85f50d69c7d7efec9e0) C:\WINDOWS\system32\DRIVERS\lgandgps.sys

2011/08/11 18:53:13.0343 2052 ANDModem (881837e816b948f7a94098add21afd7c) C:\WINDOWS\system32\DRIVERS\lgandmodem.sys

2011/08/11 18:53:13.0375 2052 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/11 18:53:13.0453 2052 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/08/11 18:53:13.0484 2052 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/11 18:53:13.0515 2052 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/11 18:53:13.0562 2052 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/11 18:53:13.0593 2052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/11 18:53:13.0687 2052 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/08/11 18:53:13.0703 2052 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/08/11 18:53:13.0734 2052 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/08/11 18:53:13.0765 2052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/08/11 18:53:13.0875 2052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/11 18:53:13.0921 2052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/11 18:53:13.0937 2052 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/11 18:53:13.0953 2052 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/11 18:53:14.0000 2052 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/08/11 18:53:14.0031 2052 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/08/11 18:53:14.0125 2052 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/11 18:53:14.0171 2052 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/11 18:53:14.0218 2052 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/11 18:53:14.0234 2052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/11 18:53:14.0265 2052 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/11 18:53:14.0296 2052 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/11 18:53:14.0343 2052 EMSCR (66029e6c4b19223c24d8710eed3aaeab) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

2011/08/11 18:53:14.0359 2052 ESDCR (9f0fa60836e1d1148cc0c1b6e67aa6f7) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

2011/08/11 18:53:14.0390 2052 ESMCR (d9da881be71b74b328471ccf28b5f0a9) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

2011/08/11 18:53:14.0421 2052 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/11 18:53:14.0453 2052 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/08/11 18:53:14.0515 2052 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys

2011/08/11 18:53:14.0546 2052 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys

2011/08/11 18:53:14.0562 2052 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/11 18:53:14.0578 2052 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/08/11 18:53:14.0609 2052 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/08/11 18:53:14.0640 2052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/11 18:53:14.0656 2052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/11 18:53:14.0671 2052 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/11 18:53:14.0703 2052 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/08/11 18:53:14.0765 2052 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/11 18:53:14.0828 2052 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/11 18:53:14.0906 2052 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/08/11 18:53:14.0937 2052 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/11 18:53:15.0109 2052 IntcAzAudAddService (7385944d4f025bd8c498bfd97981e336) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/08/11 18:53:15.0187 2052 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/11 18:53:15.0203 2052 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/08/11 18:53:15.0234 2052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/11 18:53:15.0250 2052 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/11 18:53:15.0281 2052 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/11 18:53:15.0296 2052 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/11 18:53:15.0328 2052 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/11 18:53:15.0359 2052 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/11 18:53:15.0375 2052 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

2011/08/11 18:53:15.0406 2052 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/11 18:53:15.0421 2052 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/11 18:53:15.0453 2052 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/11 18:53:15.0515 2052 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/08/11 18:53:15.0546 2052 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/08/11 18:53:15.0578 2052 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/08/11 18:53:15.0625 2052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/11 18:53:15.0671 2052 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/11 18:53:15.0687 2052 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/11 18:53:15.0703 2052 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/11 18:53:15.0750 2052 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/11 18:53:15.0796 2052 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/11 18:53:15.0843 2052 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/11 18:53:15.0875 2052 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/11 18:53:15.0890 2052 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/11 18:53:15.0906 2052 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/11 18:53:15.0937 2052 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/11 18:53:15.0953 2052 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/11 18:53:16.0000 2052 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/11 18:53:16.0015 2052 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/11 18:53:16.0031 2052 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/11 18:53:16.0046 2052 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/11 18:53:16.0062 2052 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/11 18:53:16.0078 2052 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/11 18:53:16.0109 2052 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/11 18:53:16.0218 2052 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

2011/08/11 18:53:16.0265 2052 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/11 18:53:16.0281 2052 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/11 18:53:16.0328 2052 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/11 18:53:16.0359 2052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/11 18:53:16.0390 2052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/11 18:53:16.0406 2052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/11 18:53:16.0421 2052 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/11 18:53:16.0468 2052 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

2011/08/11 18:53:16.0484 2052 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/11 18:53:16.0500 2052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/11 18:53:16.0515 2052 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/11 18:53:16.0562 2052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/11 18:53:16.0593 2052 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/08/11 18:53:16.0718 2052 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/08/11 18:53:16.0750 2052 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/11 18:53:16.0765 2052 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/11 18:53:16.0796 2052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/11 18:53:16.0812 2052 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/11 18:53:16.0906 2052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/11 18:53:16.0937 2052 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/11 18:53:16.0953 2052 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/11 18:53:16.0968 2052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/11 18:53:17.0000 2052 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/11 18:53:17.0031 2052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/11 18:53:17.0046 2052 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/11 18:53:17.0093 2052 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/11 18:53:17.0109 2052 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/11 18:53:17.0171 2052 RTLE8023xp (0e74171ee80a8640de564b72dbbb397b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/08/11 18:53:17.0218 2052 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/08/11 18:53:17.0250 2052 sdbus (a1ab8355ecf5ace3f2d5a47fc8a231e9) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/08/11 18:53:17.0281 2052 Secdrv (f376a1580204e47f37a721e1cbc5582a) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/11 18:53:17.0328 2052 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2011/08/11 18:53:17.0359 2052 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/11 18:53:17.0437 2052 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys

2011/08/11 18:53:17.0484 2052 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/11 18:53:17.0515 2052 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/08/11 18:53:17.0578 2052 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/11 18:53:17.0625 2052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/08/11 18:53:17.0671 2052 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/11 18:53:17.0718 2052 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/11 18:53:17.0812 2052 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/08/11 18:53:17.0843 2052 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/11 18:53:17.0875 2052 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

2011/08/11 18:53:17.0921 2052 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/11 18:53:17.0968 2052 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys

2011/08/11 18:53:17.0984 2052 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys

2011/08/11 18:53:18.0015 2052 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/11 18:53:18.0031 2052 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/11 18:53:18.0062 2052 tdudf (09aa3cf863793f92276b39e74878c386) C:\WINDOWS\system32\DRIVERS\tdudf.sys

2011/08/11 18:53:18.0078 2052 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/11 18:53:18.0140 2052 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys

2011/08/11 18:53:18.0171 2052 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys

2011/08/11 18:53:18.0187 2052 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys

2011/08/11 18:53:18.0203 2052 Udfs (7cef3e36843bf5dd55120fcce88800ce) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/11 18:53:18.0250 2052 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/11 18:53:18.0296 2052 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/11 18:53:18.0312 2052 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/11 18:53:18.0359 2052 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/11 18:53:18.0390 2052 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/11 18:53:18.0421 2052 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/11 18:53:18.0437 2052 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/11 18:53:18.0453 2052 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/08/11 18:53:18.0484 2052 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/11 18:53:18.0531 2052 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/11 18:53:18.0562 2052 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/08/11 18:53:18.0625 2052 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/11 18:53:18.0718 2052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/11 18:53:18.0750 2052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/08/11 18:53:18.0781 2052 MBR (0x1B8) (464f726ab218b795952c4bedb6be8acd) \Device\Harddisk0\DR0

2011/08/11 18:53:18.0781 2052 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/08/11 18:53:18.0781 2052 Boot (0x1200) (3392d8b611f61b8402c72ddf1372815f) \Device\Harddisk0\DR0\Partition0

2011/08/11 18:53:18.0796 2052 ================================================================================

2011/08/11 18:53:18.0796 2052 Scan finished

2011/08/11 18:53:18.0796 2052 ================================================================================

2011/08/11 18:53:18.0812 3332 Detected object count: 1

2011/08/11 18:53:18.0812 3332 Actual detected object count: 1

2011/08/11 18:53:32.0812 3332 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/08/11 18:53:32.0812 3332 \Device\Harddisk0\DR0 - ok

2011/08/11 18:53:32.0812 3332 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/08/11 18:53:36.0781 2920 Deinitialize success

[screen317]

Hi,

Please proceed with the other steps in my previous post so we can ensure that everything is gone...

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!