Jump to content

Whitesmoke virus


Recommended Posts

Hi there, computer newbie here, so have some patience. My girlfriend downloaded something on her laptop and got the Whitesmoke virus. I have read this thread:

http://forums.malwarebytes.org/index.php?showtopic=69183

I have done the first step (TDSSKILLER)as posted by negster22:

Hi and Welcome to the Malwarebytes' Help Forum,

You can download the programs I'd like You to run to a clean PC and then transfer them to the infected PC via usb flash drive or CD. If you are not able to do that then try to download and run them in safemode with networking!!

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

•Download TDSSKiller and save it to your Desktop.

•Extract its contents to your desktop.

•Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

•If an infected file is detected, the default action will be Cure, click on Continue.

•If a suspicious file is detected, the default action will be Skip, click on Continue.

•It may ask you to reboot the computer to complete the process. Click on Reboot Now.

•If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

•If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Here is the results, also read somewhere that not to use combofix because "the author of Combofix does not want Combofix used without guidance"

Here is the copy of the TDSSKiller Report:

2011/09/09 18:52:45.0354 6100 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34

2011/09/09 18:52:45.0385 6100 ================================================================================

2011/09/09 18:52:45.0385 6100 SystemInfo:

2011/09/09 18:52:45.0385 6100

2011/09/09 18:52:45.0385 6100 OS Version: 6.0.6000 ServicePack: 0.0

2011/09/09 18:52:45.0385 6100 Product type: Workstation

2011/09/09 18:52:45.0385 6100 ComputerName: ENDUSER-PC

2011/09/09 18:52:45.0385 6100 UserName: EndUser

2011/09/09 18:52:45.0385 6100 Windows directory: C:\Windows

2011/09/09 18:52:45.0385 6100 System windows directory: C:\Windows

2011/09/09 18:52:45.0385 6100 Processor architecture: Intel x86

2011/09/09 18:52:45.0385 6100 Number of processors: 2

2011/09/09 18:52:45.0385 6100 Page size: 0x1000

2011/09/09 18:52:45.0385 6100 Boot type: Normal boot

2011/09/09 18:52:45.0385 6100 ================================================================================

2011/09/09 18:52:46.0602 6100 Initialize success

2011/09/09 18:52:54.0667 6584 ================================================================================

2011/09/09 18:52:54.0667 6584 Scan started

2011/09/09 18:52:54.0667 6584 Mode: Manual;

2011/09/09 18:52:54.0667 6584 ================================================================================

2011/09/09 18:52:55.0821 6584 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/09/09 18:52:55.0884 6584 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/09/09 18:52:55.0977 6584 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/09/09 18:52:56.0040 6584 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/09/09 18:52:56.0071 6584 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/09/09 18:52:56.0102 6584 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/09/09 18:52:56.0165 6584 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/09/09 18:52:56.0274 6584 AgereSoftModem (35c391e40471a0b479328fc7b1b5f40f) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/09/09 18:52:56.0445 6584 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/09/09 18:52:56.0508 6584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/09/09 18:52:56.0539 6584 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/09/09 18:52:56.0586 6584 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/09/09 18:52:56.0601 6584 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/09/09 18:52:56.0695 6584 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/09/09 18:52:56.0742 6584 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/09/09 18:52:56.0882 6584 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/09/09 18:52:56.0945 6584 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/09/09 18:52:56.0991 6584 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/09 18:52:57.0054 6584 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

2011/09/09 18:52:57.0288 6584 BCM43XX (4ab75b00b180c3f4e47538fbf664e175) C:\Windows\system32\DRIVERS\bcmwl6.sys

2011/09/09 18:52:57.0381 6584 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/09/09 18:52:57.0600 6584 BHDrvx86 (378a5e067c170dc6046226ba61ff205f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110901.001\BHDrvx86.sys

2011/09/09 18:52:57.0803 6584 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/09 18:52:57.0849 6584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/09/09 18:52:57.0896 6584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/09/09 18:52:57.0943 6584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/09/09 18:52:57.0974 6584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/09/09 18:52:58.0021 6584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/09/09 18:52:58.0052 6584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/09/09 18:52:58.0099 6584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/09/09 18:52:58.0146 6584 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/09 18:52:58.0177 6584 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/09 18:52:58.0239 6584 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/09/09 18:52:58.0286 6584 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/09/09 18:52:58.0442 6584 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/09 18:52:58.0505 6584 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/09/09 18:52:58.0536 6584 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/09 18:52:58.0567 6584 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/09/09 18:52:58.0614 6584 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/09/09 18:52:58.0676 6584 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/09/09 18:52:58.0739 6584 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/09/09 18:52:58.0832 6584 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/09/09 18:52:58.0895 6584 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/09 18:52:58.0988 6584 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/09/09 18:52:59.0051 6584 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/09/09 18:52:59.0160 6584 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/09/09 18:52:59.0300 6584 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/09/09 18:52:59.0503 6584 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/09/09 18:52:59.0643 6584 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/09/09 18:52:59.0690 6584 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/09 18:52:59.0815 6584 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/09/09 18:52:59.0862 6584 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/09/09 18:52:59.0909 6584 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/09 18:52:59.0955 6584 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/09/09 18:53:00.0065 6584 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/09 18:53:00.0111 6584 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/09/09 18:53:00.0143 6584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/09/09 18:53:00.0408 6584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/09/09 18:53:00.0470 6584 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/09 18:53:00.0548 6584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/09/09 18:53:00.0579 6584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/09/09 18:53:00.0642 6584 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

2011/09/09 18:53:00.0689 6584 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/09/09 18:53:00.0829 6584 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/09/09 18:53:00.0923 6584 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys

2011/09/09 18:53:00.0969 6584 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/09/09 18:53:01.0063 6584 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/09 18:53:01.0110 6584 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/09/09 18:53:01.0359 6584 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110908.030\IDSvix86.sys

2011/09/09 18:53:01.0562 6584 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/09 18:53:01.0765 6584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/09/09 18:53:01.0874 6584 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/09/09 18:53:01.0968 6584 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/09 18:53:02.0077 6584 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/09 18:53:02.0186 6584 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/09/09 18:53:02.0217 6584 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/09/09 18:53:02.0264 6584 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/09/09 18:53:02.0295 6584 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/09/09 18:53:02.0342 6584 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/09 18:53:02.0389 6584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/09/09 18:53:02.0451 6584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/09/09 18:53:02.0514 6584 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/09 18:53:02.0592 6584 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/09/09 18:53:02.0717 6584 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/09 18:53:02.0826 6584 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/09 18:53:02.0919 6584 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/09/09 18:53:03.0013 6584 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/09/09 18:53:03.0060 6584 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/09/09 18:53:03.0122 6584 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/09/09 18:53:03.0278 6584 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/09/09 18:53:03.0341 6584 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/09/09 18:53:03.0465 6584 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/09 18:53:03.0559 6584 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/09 18:53:03.0653 6584 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

2011/09/09 18:53:03.0715 6584 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/09/09 18:53:03.0871 6584 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/09/09 18:53:03.0965 6584 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/09 18:53:04.0089 6584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/09/09 18:53:04.0183 6584 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/09/09 18:53:04.0308 6584 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/09 18:53:04.0339 6584 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/09 18:53:04.0401 6584 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/09 18:53:04.0464 6584 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys

2011/09/09 18:53:04.0542 6584 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/09/09 18:53:04.0604 6584 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/09/09 18:53:04.0713 6584 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

2011/09/09 18:53:04.0901 6584 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/09 18:53:05.0041 6584 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/09 18:53:05.0166 6584 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/09/09 18:53:05.0291 6584 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/09/09 18:53:05.0415 6584 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/09 18:53:05.0525 6584 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/09/09 18:53:05.0649 6584 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/09/09 18:53:05.0805 6584 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/09 18:53:06.0242 6584 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110909.002\NAVENG.SYS

2011/09/09 18:53:06.0492 6584 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110909.002\NAVEX15.SYS

2011/09/09 18:53:06.0663 6584 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/09/09 18:53:06.0804 6584 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/09 18:53:06.0882 6584 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/09 18:53:06.0991 6584 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/09 18:53:07.0131 6584 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/09/09 18:53:07.0209 6584 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/09 18:53:07.0350 6584 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/09 18:53:07.0537 6584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/09/09 18:53:07.0662 6584 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/09/09 18:53:07.0787 6584 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/09 18:53:07.0927 6584 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/09/09 18:53:08.0036 6584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/09/09 18:53:08.0083 6584 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/09/09 18:53:08.0192 6584 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/09/09 18:53:08.0286 6584 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/09/09 18:53:08.0395 6584 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/09/09 18:53:08.0598 6584 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/09/09 18:53:08.0785 6584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/09/09 18:53:08.0816 6584 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/09/09 18:53:08.0863 6584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/09/09 18:53:08.0972 6584 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

2011/09/09 18:53:09.0003 6584 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2011/09/09 18:53:09.0050 6584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/09/09 18:53:09.0191 6584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/09/09 18:53:09.0425 6584 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/09 18:53:09.0503 6584 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/09/09 18:53:09.0643 6584 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/09 18:53:09.0752 6584 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/09/09 18:53:09.0893 6584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/09/09 18:53:09.0971 6584 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/09 18:53:10.0033 6584 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/09 18:53:10.0080 6584 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/09 18:53:10.0127 6584 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/09 18:53:10.0173 6584 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/09 18:53:10.0205 6584 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/09 18:53:10.0251 6584 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/09/09 18:53:10.0283 6584 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/09 18:53:10.0329 6584 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/09/09 18:53:10.0407 6584 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/09 18:53:10.0454 6584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/09/09 18:53:10.0532 6584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/09 18:53:10.0579 6584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/09/09 18:53:10.0626 6584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/09/09 18:53:10.0673 6584 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/09/09 18:53:10.0766 6584 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/09/09 18:53:10.0797 6584 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/09 18:53:10.0829 6584 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/09 18:53:10.0875 6584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/09/09 18:53:10.0922 6584 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/09/09 18:53:10.0953 6584 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/09/09 18:53:11.0000 6584 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/09/09 18:53:11.0047 6584 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/09/09 18:53:11.0109 6584 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/09/09 18:53:11.0468 6584 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS

2011/09/09 18:53:11.0531 6584 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS

2011/09/09 18:53:11.0593 6584 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/09/09 18:53:11.0655 6584 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/09 18:53:11.0718 6584 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/09 18:53:11.0811 6584 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/09 18:53:11.0858 6584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/09/09 18:53:11.0983 6584 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS

2011/09/09 18:53:12.0201 6584 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS

2011/09/09 18:53:12.0373 6584 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/09/09 18:53:12.0529 6584 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS

2011/09/09 18:53:12.0607 6584 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS

2011/09/09 18:53:12.0685 6584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/09/09 18:53:12.0716 6584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/09/09 18:53:12.0810 6584 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/09/09 18:53:12.0857 6584 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/09 18:53:12.0919 6584 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/09 18:53:12.0966 6584 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/09/09 18:53:12.0997 6584 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/09/09 18:53:13.0044 6584 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/09 18:53:13.0075 6584 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/09 18:53:13.0137 6584 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/09 18:53:13.0215 6584 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/09/09 18:53:13.0231 6584 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/09 18:53:13.0293 6584 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/09/09 18:53:13.0325 6584 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/09 18:53:13.0387 6584 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/09 18:53:13.0434 6584 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/09/09 18:53:13.0465 6584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/09/09 18:53:13.0496 6584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/09/09 18:53:13.0559 6584 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/09 18:53:13.0621 6584 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

2011/09/09 18:53:13.0730 6584 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/09 18:53:13.0777 6584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/09/09 18:53:13.0824 6584 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/09 18:53:13.0886 6584 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/09 18:53:13.0949 6584 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/09/09 18:53:13.0980 6584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/09 18:53:14.0027 6584 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/09 18:53:14.0089 6584 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/09 18:53:14.0151 6584 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/09 18:53:14.0198 6584 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

2011/09/09 18:53:14.0261 6584 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/09 18:53:14.0323 6584 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/09/09 18:53:14.0354 6584 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/09/09 18:53:14.0401 6584 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/09/09 18:53:14.0432 6584 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/09/09 18:53:14.0463 6584 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

2011/09/09 18:53:14.0495 6584 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/09/09 18:53:14.0541 6584 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/09/09 18:53:14.0588 6584 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/09/09 18:53:14.0651 6584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/09/09 18:53:14.0729 6584 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/09 18:53:14.0744 6584 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/09 18:53:14.0807 6584 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/09/09 18:53:14.0869 6584 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/09 18:53:15.0041 6584 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/09 18:53:15.0119 6584 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/09/09 18:53:15.0181 6584 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/09 18:53:15.0259 6584 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/09 18:53:15.0353 6584 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys

2011/09/09 18:53:15.0399 6584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/09/09 18:53:15.0415 6584 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1

2011/09/09 18:53:15.0633 6584 Boot (0x1200) (34474db1b1e69f2eccfe03281a63e67f) \Device\Harddisk0\DR0\Partition0

2011/09/09 18:53:15.0649 6584 Boot (0x1200) (ee950ba9f5d074d2fe703bc7d164e15b) \Device\Harddisk1\DR1\Partition0

2011/09/09 18:53:15.0665 6584 ================================================================================

2011/09/09 18:53:15.0665 6584 Scan finished

2011/09/09 18:53:15.0665 6584 ================================================================================

2011/09/09 18:53:15.0680 4484 Detected object count: 0

2011/09/09 18:53:15.0680 4484 Actual detected object count: 0

Please let me know if I should go ahead with the Combofix, or something else.

Thank You.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Close all browsers before running ATF: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.