Jump to content

Recommended Posts

A process on my computer called svchost.exe is using all my memory and cpu i do not know what to do. Also the malware keeps blocking sites 206.161.121.100 and 94.63.240.22 and 208.73.210.29 any help would be appreciated! I have done the dds scan and attached both txt files

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19

Run by Owner at 10:15:59 on 2011-11-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.347 [GMT -7:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciServiceHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\System32\HPZipm12.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop

uWindow Title = Windows Internet Explorer provided by Comcast

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html

mWindow Title = Windows Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn7\yt.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: rsion - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn7\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111102175834.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn7\yt.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File

EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger

EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRunOnce: [CheckNetworkConnection] "c:\program files\support.com\providercomcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=0c0b91ab-a85f-4bd7-b749-ec8e1b69bddc

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm231MTUS

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: $talisma_url$

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{774CF7D5-1A30-4EE4-97FB-0535F02C07E7} : DhcpNameServer = 192.168.1.254

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\3rr2hyev.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=16

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\3rr2hyev.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071706000001.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-3-13 459728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-11-2 84200]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-4 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 271480]

R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-7-10 315392]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-11-2 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-11-2 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-11-2 148520]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-2 56064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-4 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-11-2 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-11-2 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-11-2 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-11-2 88736]

S1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\mpfirewall.sys --> c:\windows\system32\drivers\MpFirewall.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-11-2 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-11-2 84488]

S3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\ndiswdm.sys --> c:\windows\system32\drivers\ndiswdm.sys [?]

S4 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

.

=============== Created Last 30 ================

.

2011-11-05 16:47:29 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-05 00:52:25 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-11-05 00:51:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-05 00:51:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-05 00:51:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-04 22:45:28 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-11-04 22:45:28 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-11-03 00:58:34 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2011-11-03 00:58:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-11-03 00:58:24 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-11-03 00:58:24 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-11-03 00:58:24 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-11-03 00:58:24 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-11-03 00:58:24 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-11-03 00:58:24 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-11-03 00:58:24 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-11-03 00:58:17 -------- d-----w- c:\program files\common files\Mcafee

2011-11-03 00:49:29 148520 ----a-w- c:\windows\system32\mfevtps.exe

2011-10-25 16:26:24 -------- d-----w- c:\documents and settings\owner\local settings\application data\Solid State Networks

2011-10-24 22:29:48 398760 ----a-r- c:\windows\system32\cpnprt2.cid

.

==================== Find3M ====================

.

2011-10-11 14:46:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(2).dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2005-07-24 08:10:52 774144 ----a-w- c:\program files\RngInterstitial.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3160021A rev.3.08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86A3C49F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86a43728]; MOV EAX, [0x86a4389c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86B7AAB8]

3 CLASSPNP[0xF7656FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000068[0x86B39F18]

5 ACPI[0xF75CD620] -> nt!IofCallDriver[0x804E37D5] -> [0x86B3BD98]

\Driver\atapi[0x86A90240] -> IRP_MJ_CREATE -> 0x86A3C49F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x86A3C2C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 10:19:02.15 ===============

DDS.txt

Attach.txt

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the log from the TDSSKiller

08:01:45.0968 1236 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49

08:01:47.0968 1236 ============================================================

08:01:47.0968 1236 Current date / time: 2011/11/06 08:01:47.0968

08:01:47.0968 1236 SystemInfo:

08:01:47.0968 1236

08:01:47.0968 1236 OS Version: 5.1.2600 ServicePack: 3.0

08:01:47.0968 1236 Product type: Workstation

08:01:47.0968 1236 ComputerName: ORTAFAMILY

08:01:47.0968 1236 UserName: Owner

08:01:47.0968 1236 Windows directory: C:\WINDOWS

08:01:47.0968 1236 System windows directory: C:\WINDOWS

08:01:47.0968 1236 Processor architecture: Intel x86

08:01:47.0968 1236 Number of processors: 1

08:01:47.0968 1236 Page size: 0x1000

08:01:47.0968 1236 Boot type: Normal boot

08:01:47.0968 1236 ============================================================

08:01:49.0578 1236 Initialize success

08:01:51.0578 3924 ============================================================

08:01:51.0578 3924 Scan started

08:01:51.0578 3924 Mode: Manual;

08:01:51.0578 3924 ============================================================

08:01:53.0031 3924 Abiosdsk - ok

08:01:53.0140 3924 abp480n5 - ok

08:01:53.0296 3924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:01:53.0312 3924 ACPI - ok

08:01:53.0468 3924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:01:53.0484 3924 ACPIEC - ok

08:01:53.0625 3924 adpu160m - ok

08:01:53.0828 3924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:01:53.0843 3924 aec - ok

08:01:54.0000 3924 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

08:01:54.0140 3924 Afc - ok

08:01:54.0265 3924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:01:54.0281 3924 AFD - ok

08:01:54.0500 3924 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

08:01:54.0703 3924 AgereSoftModem - ok

08:01:54.0812 3924 Aha154x - ok

08:01:54.0921 3924 aic78u2 - ok

08:01:55.0046 3924 aic78xx - ok

08:01:55.0218 3924 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

08:01:55.0375 3924 ALCXSENS - ok

08:01:55.0593 3924 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

08:01:55.0718 3924 ALCXWDM - ok

08:01:55.0843 3924 AliIde - ok

08:01:56.0015 3924 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

08:01:56.0078 3924 AmdK7 - ok

08:01:56.0187 3924 amsint - ok

08:01:56.0343 3924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:01:56.0359 3924 Arp1394 - ok

08:01:56.0531 3924 asc - ok

08:01:56.0593 3924 asc3350p - ok

08:01:56.0703 3924 asc3550 - ok

08:01:56.0890 3924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:01:56.0906 3924 AsyncMac - ok

08:01:57.0062 3924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:01:57.0062 3924 atapi - ok

08:01:57.0187 3924 Atdisk - ok

08:01:57.0375 3924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:01:57.0375 3924 Atmarpc - ok

08:01:57.0515 3924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:01:57.0515 3924 audstub - ok

08:01:57.0687 3924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:01:57.0687 3924 Beep - ok

08:01:57.0875 3924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:01:57.0890 3924 cbidf2k - ok

08:01:57.0984 3924 cd20xrnt - ok

08:01:58.0140 3924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:01:58.0156 3924 Cdaudio - ok

08:01:58.0296 3924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:01:58.0312 3924 Cdfs - ok

08:01:58.0484 3924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:01:58.0500 3924 Cdrom - ok

08:01:58.0656 3924 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys

08:01:58.0828 3924 cfwids - ok

08:01:58.0921 3924 Changer - ok

08:01:59.0046 3924 CmdIde - ok

08:01:59.0156 3924 Cpqarray - ok

08:01:59.0281 3924 dac2w2k - ok

08:01:59.0390 3924 dac960nt - ok

08:01:59.0578 3924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:01:59.0578 3924 Disk - ok

08:01:59.0765 3924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:01:59.0812 3924 dmboot - ok

08:01:59.0968 3924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:02:00.0000 3924 dmio - ok

08:02:00.0140 3924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:02:00.0156 3924 dmload - ok

08:02:00.0343 3924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:02:00.0343 3924 DMusic - ok

08:02:00.0484 3924 dpti2o - ok

08:02:00.0609 3924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:02:00.0625 3924 drmkaud - ok

08:02:00.0828 3924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:02:00.0843 3924 Fastfat - ok

08:02:00.0984 3924 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

08:02:01.0156 3924 fasttx2k - ok

08:02:01.0359 3924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:02:01.0359 3924 Fdc - ok

08:02:01.0531 3924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:02:01.0546 3924 Fips - ok

08:02:01.0687 3924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:02:01.0687 3924 Flpydisk - ok

08:02:01.0843 3924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:02:01.0859 3924 FltMgr - ok

08:02:02.0015 3924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:02:02.0015 3924 Fs_Rec - ok

08:02:02.0171 3924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:02:02.0171 3924 Ftdisk - ok

08:02:02.0328 3924 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:02:02.0468 3924 GEARAspiWDM - ok

08:02:02.0593 3924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:02:02.0609 3924 Gpc - ok

08:02:02.0781 3924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:02:02.0796 3924 HidUsb - ok

08:02:02.0921 3924 hpn - ok

08:02:03.0062 3924 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

08:02:03.0171 3924 HPZid412 - ok

08:02:03.0312 3924 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

08:02:03.0437 3924 HPZipr12 - ok

08:02:03.0578 3924 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

08:02:03.0656 3924 HPZius12 - ok

08:02:03.0843 3924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:02:03.0859 3924 HTTP - ok

08:02:03.0984 3924 i2omgmt - ok

08:02:04.0093 3924 i2omp - ok

08:02:04.0234 3924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:02:04.0250 3924 i8042prt - ok

08:02:04.0406 3924 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

08:02:04.0546 3924 ialm - ok

08:02:04.0687 3924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:02:04.0703 3924 Imapi - ok

08:02:04.0859 3924 ini910u - ok

08:02:05.0000 3924 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:02:05.0015 3924 IntelIde - ok

08:02:05.0171 3924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:02:05.0187 3924 intelppm - ok

08:02:05.0328 3924 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:02:05.0328 3924 ip6fw - ok

08:02:05.0453 3924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:02:05.0468 3924 IpFilterDriver - ok

08:02:05.0625 3924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:02:05.0625 3924 IpInIp - ok

08:02:05.0781 3924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:02:05.0781 3924 IpNat - ok

08:02:05.0937 3924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:02:05.0953 3924 IPSec - ok

08:02:06.0078 3924 IPVNMon (f60af0f89204a9177d110e3b2bd9fa0b) C:\WINDOWS\system32\drivers\IPVNMon.sys

08:02:06.0203 3924 IPVNMon - ok

08:02:06.0343 3924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:02:06.0343 3924 IRENUM - ok

08:02:06.0484 3924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:02:06.0500 3924 isapnp - ok

08:02:06.0843 3924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:02:06.0859 3924 Kbdclass - ok

08:02:07.0000 3924 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:02:07.0015 3924 kbdhid - ok

08:02:07.0171 3924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:02:07.0187 3924 kmixer - ok

08:02:07.0328 3924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:02:07.0343 3924 KSecDD - ok

08:02:07.0468 3924 lbrtfdc - ok

08:02:07.0578 3924 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

08:02:07.0828 3924 MBAMProtector - ok

08:02:07.0953 3924 MBAMSwissArmy - ok

08:02:08.0171 3924 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

08:02:08.0328 3924 MCSTRM - ok

08:02:08.0468 3924 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys

08:02:08.0609 3924 mfeapfk - ok

08:02:08.0765 3924 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys

08:02:08.0937 3924 mfeavfk - ok

08:02:09.0062 3924 mfeavfk01 - ok

08:02:09.0187 3924 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys

08:02:09.0312 3924 mfebopk - ok

08:02:09.0468 3924 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys

08:02:09.0656 3924 mfefirek - ok

08:02:09.0796 3924 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys

08:02:10.0046 3924 mfehidk - ok

08:02:10.0234 3924 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

08:02:10.0390 3924 mfendisk - ok

08:02:10.0437 3924 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

08:02:10.0437 3924 mfendiskmp - ok

08:02:10.0578 3924 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys

08:02:10.0703 3924 mferkdet - ok

08:02:10.0859 3924 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys

08:02:11.0000 3924 mfetdi2k - ok

08:02:11.0171 3924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:02:11.0171 3924 mnmdd - ok

08:02:11.0343 3924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:02:11.0343 3924 Modem - ok

08:02:11.0484 3924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:02:11.0484 3924 Mouclass - ok

08:02:11.0593 3924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:02:11.0609 3924 mouhid - ok

08:02:11.0765 3924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:02:11.0781 3924 MountMgr - ok

08:02:11.0859 3924 MPFIREWL - ok

08:02:11.0968 3924 mraid35x - ok

08:02:12.0078 3924 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

08:02:12.0218 3924 MREMP50 - ok

08:02:12.0312 3924 MREMPR5 - ok

08:02:12.0328 3924 MRENDIS5 - ok

08:02:12.0390 3924 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

08:02:12.0500 3924 MRESP50 - ok

08:02:12.0640 3924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:02:12.0656 3924 MRxDAV - ok

08:02:12.0828 3924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:02:12.0843 3924 MRxSmb - ok

08:02:13.0015 3924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:02:13.0031 3924 Msfs - ok

08:02:13.0156 3924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:02:13.0171 3924 MSKSSRV - ok

08:02:13.0296 3924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:02:13.0296 3924 MSPCLOCK - ok

08:02:13.0437 3924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:02:13.0453 3924 MSPQM - ok

08:02:13.0609 3924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:02:13.0609 3924 mssmbios - ok

08:02:13.0765 3924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:02:13.0765 3924 Mup - ok

08:02:13.0921 3924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:02:13.0937 3924 NDIS - ok

08:02:14.0109 3924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:02:14.0109 3924 NdisTapi - ok

08:02:14.0265 3924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:02:14.0281 3924 Ndisuio - ok

08:02:14.0437 3924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:02:14.0453 3924 NdisWan - ok

08:02:14.0562 3924 NdisWDM - ok

08:02:14.0703 3924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:02:14.0703 3924 NDProxy - ok

08:02:14.0859 3924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:02:14.0859 3924 NetBIOS - ok

08:02:15.0078 3924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:02:15.0125 3924 NetBT - ok

08:02:15.0312 3924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:02:15.0312 3924 NIC1394 - ok

08:02:15.0453 3924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:02:15.0468 3924 Npfs - ok

08:02:15.0640 3924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:02:15.0703 3924 Ntfs - ok

08:02:15.0859 3924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:02:15.0875 3924 Null - ok

08:02:16.0031 3924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:02:16.0031 3924 NwlnkFlt - ok

08:02:16.0156 3924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:02:16.0156 3924 NwlnkFwd - ok

08:02:16.0312 3924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:02:16.0328 3924 ohci1394 - ok

08:02:16.0484 3924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:02:16.0500 3924 Parport - ok

08:02:16.0656 3924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:02:16.0656 3924 PartMgr - ok

08:02:16.0796 3924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:02:16.0812 3924 ParVdm - ok

08:02:16.0953 3924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:02:16.0968 3924 PCI - ok

08:02:17.0078 3924 PCIDump - ok

08:02:17.0234 3924 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:02:17.0234 3924 PCIIde - ok

08:02:17.0406 3924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:02:17.0421 3924 Pcmcia - ok

08:02:17.0531 3924 PDCOMP - ok

08:02:17.0625 3924 PDFRAME - ok

08:02:17.0734 3924 PDRELI - ok

08:02:17.0859 3924 PDRFRAME - ok

08:02:17.0968 3924 perc2 - ok

08:02:18.0078 3924 perc2hib - ok

08:02:18.0234 3924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:02:18.0250 3924 PptpMiniport - ok

08:02:18.0390 3924 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:02:18.0406 3924 Processor - ok

08:02:18.0546 3924 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

08:02:18.0640 3924 Ps2 - ok

08:02:18.0781 3924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:02:18.0796 3924 PSched - ok

08:02:18.0968 3924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:02:18.0968 3924 Ptilink - ok

08:02:19.0109 3924 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

08:02:19.0125 3924 PxHelp20 - ok

08:02:19.0250 3924 ql1080 - ok

08:02:19.0343 3924 Ql10wnt - ok

08:02:19.0468 3924 ql12160 - ok

08:02:19.0593 3924 ql1240 - ok

08:02:19.0718 3924 ql1280 - ok

08:02:19.0843 3924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:02:19.0859 3924 RasAcd - ok

08:02:20.0000 3924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:02:20.0000 3924 Rasl2tp - ok

08:02:20.0125 3924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:02:20.0140 3924 RasPppoe - ok

08:02:20.0296 3924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:02:20.0312 3924 Raspti - ok

08:02:20.0437 3924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:02:20.0453 3924 Rdbss - ok

08:02:20.0625 3924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:02:20.0625 3924 RDPCDD - ok

08:02:20.0796 3924 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

08:02:20.0796 3924 RDPWD - ok

08:02:20.0937 3924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:02:20.0953 3924 redbook - ok

08:02:21.0156 3924 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

08:02:21.0265 3924 rtl8139 - ok

08:02:21.0437 3924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:02:21.0437 3924 Secdrv - ok

08:02:21.0578 3924 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:02:21.0593 3924 Serenum - ok

08:02:21.0734 3924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:02:21.0734 3924 Serial - ok

08:02:21.0906 3924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:02:21.0906 3924 Sfloppy - ok

08:02:22.0031 3924 Simbad - ok

08:02:22.0203 3924 SiS315 (94f6eea8a688a37f71bf9c9aeaa42666) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

08:02:22.0359 3924 SiS315 - ok

08:02:22.0500 3924 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

08:02:22.0656 3924 SISAGP - ok

08:02:22.0796 3924 SiSkp (837d26f79a1647066d75c5c811887475) C:\WINDOWS\system32\DRIVERS\srvkp.sys

08:02:22.0953 3924 SiSkp - ok

08:02:23.0078 3924 Sparrow - ok

08:02:23.0187 3924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:02:23.0203 3924 splitter - ok

08:02:23.0343 3924 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:02:23.0343 3924 sr - ok

08:02:23.0515 3924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:02:23.0531 3924 Srv - ok

08:02:23.0671 3924 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

08:02:23.0812 3924 sscdbus - ok

08:02:23.0953 3924 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

08:02:24.0046 3924 sscdmdfl - ok

08:02:24.0203 3924 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

08:02:24.0343 3924 sscdmdm - ok

08:02:24.0546 3924 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys

08:02:24.0656 3924 ss_bus - ok

08:02:24.0796 3924 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys

08:02:24.0937 3924 ss_mdfl - ok

08:02:25.0062 3924 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

08:02:25.0218 3924 ss_mdm - ok

08:02:25.0359 3924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:02:25.0375 3924 swenum - ok

08:02:25.0515 3924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:02:25.0531 3924 swmidi - ok

08:02:25.0656 3924 symc810 - ok

08:02:25.0796 3924 symc8xx - ok

08:02:25.0875 3924 sym_hi - ok

08:02:26.0015 3924 sym_u3 - ok

08:02:26.0125 3924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:02:26.0140 3924 sysaudio - ok

08:02:26.0312 3924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:02:26.0328 3924 Tcpip - ok

08:02:26.0453 3924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:02:26.0453 3924 TDPIPE - ok

08:02:26.0578 3924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:02:26.0593 3924 TDTCP - ok

08:02:26.0703 3924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:02:26.0718 3924 TermDD - ok

08:02:26.0843 3924 TosIde - ok

08:02:26.0937 3924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:02:26.0953 3924 Udfs - ok

08:02:27.0062 3924 ultra - ok

08:02:27.0234 3924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:02:27.0265 3924 Update - ok

08:02:27.0437 3924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:02:27.0437 3924 usbccgp - ok

08:02:27.0578 3924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:02:27.0593 3924 usbehci - ok

08:02:27.0718 3924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:02:27.0734 3924 usbhub - ok

08:02:27.0875 3924 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

08:02:27.0875 3924 usbohci - ok

08:02:28.0000 3924 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:02:28.0015 3924 usbprint - ok

08:02:28.0218 3924 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:02:28.0218 3924 usbscan - ok

08:02:28.0406 3924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:02:28.0406 3924 USBSTOR - ok

08:02:28.0578 3924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:02:28.0593 3924 usbuhci - ok

08:02:28.0859 3924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:02:28.0859 3924 VgaSave - ok

08:02:29.0015 3924 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

08:02:29.0046 3924 viaagp1 - ok

08:02:29.0171 3924 viagfx (0cc705db634a3bc355887e3d478dd386) C:\WINDOWS\system32\DRIVERS\vtmini.sys

08:02:29.0328 3924 viagfx - ok

08:02:29.0468 3924 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:02:29.0468 3924 ViaIde - ok

08:02:29.0640 3924 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:02:29.0656 3924 VolSnap - ok

08:02:29.0812 3924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:02:29.0812 3924 Wanarp - ok

08:02:29.0937 3924 WDICA - ok

08:02:30.0109 3924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:02:30.0109 3924 wdmaud - ok

08:02:30.0343 3924 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

08:02:30.0343 3924 WpdUsb - ok

08:02:30.0484 3924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:02:30.0484 3924 WS2IFSL - ok

08:02:30.0640 3924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:02:30.0656 3924 WudfPf - ok

08:02:30.0796 3924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:02:30.0812 3924 WudfRd - ok

08:02:30.0890 3924 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk0\DR0

08:02:30.0890 3924 \Device\Harddisk0\DR0 - ok

08:02:30.0906 3924 Boot (0x1200) (79dada12e0a43d62a179e031f92d12e7) \Device\Harddisk0\DR0\Partition0

08:02:30.0906 3924 \Device\Harddisk0\DR0\Partition0 - ok

08:02:30.0921 3924 Boot (0x1200) (8739495bc4525eac1acb172c681769e7) \Device\Harddisk0\DR0\Partition1

08:02:30.0921 3924 \Device\Harddisk0\DR0\Partition1 - ok

08:02:30.0921 3924 ============================================================

08:02:30.0921 3924 Scan finished

08:02:30.0921 3924 ============================================================

08:02:30.0968 3496 Detected object count: 0

08:02:30.0968 3496 Actual detected object count: 0

So far the computer is doing good. The scvhost process is not using up all the memory anymore.

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.