Jump to content

HP Pavillion Laptop infected


Recommended Posts

I got a virus on my work laptop a while back and never got rid of it. I changed jobs and stopped using the laptop for over a year now. Now I need it again so I spent the past week studying online trying to get rid of it. I tried the standard Rkill Mbam method with no luck, the mbam.exe icon vanishes upon installation. I ran the TSSkiller and the Rkill variations with no luck. I really need the computer for work so I would appreciate any help getting rid of this virus and some advice how to stay safe going forward. Here are my dds scan notepads. Thanks in advance for your help.

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 8.0.6001.18702

Run by Administrator at 16:21:36 on 2011-11-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.377 [GMT -7:00]

.

AV: Defender Pro Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: Norton Internet Worm Protection *Disabled*

FW: Defender Pro Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\Explorer.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop

mSearchAssistant = hxxp://www.google.com/ie

BHO: c:\windows\system32\o53aznw.dll: {a9ba40a1-74f1-52bd-f434-00b15a2c8953} - c:\windows\system32\o53aznw.dll

BHO: {feda4c39-1ca2-4eef-9f79-794ec0b398c3} - kiyiziwe.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Defender Pro Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\defender pro\defender pro\IEToolbar.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

mRun: [<NO NAME>]

mRun: [DetectorApp] c:\program files\sonic\digitalmedia plus v7\mydvd plus\DetectorApp.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [RecGuard] c:\windows\sminst\RecGuard.exe

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [net] "c:\windows\system32\net.net"

mRun: [ewrgetuj] v6\1i\\\\\m96vm9\m\geurge.exe

mRun: [hovutiyete] Rundll32.exe "gowekazu.dll",s

mRun: [cbfufs] RUNDLL32.EXE c:\windows\system32\msqmoqhu.dll,w

mRun: [reader_s] c:\windows\system32\reader_s.exe

mRun: [blepiqasunu] rundll32.exe "c:\windows\uvoyuruwokuq.dll",Startup

mRun: [zafukibot] Rundll32.exe "c:\windows\system32\gavulowe.dll",a

mRun: [cjjky] c:\windows\system32\cjjky.exe \u

mRun: [Defender Pro Antiphishing Helper] "c:\program files\defender pro\defender pro\IEShow.exe"

mRun: [DPAgent] "c:\program files\defender pro\defender pro\bdagent.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [hsf87efjhdsf87f3jfsdi7fhsujfd] c:\windows\temp\system.exe

dRun: [reader_s] c:\documents and settings\networkservice\reader_s.exe

dRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\chick\application data\antivirus plus\AntiVirus Plus.55532.dll", start 55532

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

dPolicies-explorer: NoFolderOptions = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

TCP: Interfaces\{8EF12106-0372-4C03-95A7-E63DE2A0D091} : NameServer = 217.23.14.75,4.2.2.1

TCP: Interfaces\{D687E98F-6DB5-4C30-A2E6-2960AE3EB0B6} : NameServer = 217.23.14.75,4.2.2.1,4.2.2.1

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\bkctl.dll belonulu.dll c:\windows\system32\gavulowe.dll

SSODL: GootkitSSO - {1EF17BBD-6210-49D4-8C7D-D69F51D2A2D2} - c:\windows\system32\msxsltsso.dll

SSODL: yanurubak - {4694d337-0a55-4bd3-a330-18e5d81f6b5d} - c:\windows\system32\gavulowe.dll

STS: c:\windows\system32\o53aznw.dll: {a9ba40a1-74f1-52bd-f434-00b15a2c8953} - c:\windows\system32\o53aznw.dll

STS: tokatiluy: {4694d337-0a55-4bd3-a330-18e5d81f6b5d} - c:\windows\system32\gavulowe.dll

LSA: Notification Packages = scecli WMDMLRT.dll belonulu.dll

IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\tjmq6upu.default\

.

============= SERVICES / DRIVERS ===============

.

S2 BtwSvc;BtwSvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 135664]

S2 peresvc;peresvc Service;c:\windows\system32\PereSvc.exe [2004-8-4 69120]

S2 seagate;seagate;c:\windows\system32\seagate.sys [2004-8-4 2304]

S3 Arrakis3;Defender Pro Arrakis Server;c:\program files\common files\defender pro\defender pro arrakis server\bin\arrakis3.exe [2009-6-25 200704]

S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-6-29 152328]

S3 bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-7-9 110472]

S3 protect;protect;c:\windows\system32\drivers\protect.sys [2010-3-27 18944]

.

=============== Created Last 30 ================

.

2011-11-07 21:50:19 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla

2011-11-07 21:49:24 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2011-11-07 19:47:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-07 19:34:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

==================== Find3M ====================

.

2011-11-07 18:46:47 874240 ----a-w- c:\windows\system32\drivers\iaStor.sys

1601-01-01 00:03:52 93184 --sha-w- c:\windows\system32\belonulu.dll

1601-01-01 00:03:28 48640 --sha-w- c:\windows\system32\fawedevi.dll

1601-01-01 00:03:28 2048 --sha-w- c:\windows\system32\filokinu.exe

1601-01-01 00:03:28 42496 --sha-w- c:\windows\system32\fimamile.dll

1601-01-01 00:03:28 54272 --sha-w- c:\windows\system32\giletisa.exe

1601-01-01 00:03:52 93184 --sha-w- c:\windows\system32\gowekazu.dll

1601-01-01 00:03:52 93184 --sha-w- c:\windows\system32\kiyiziwe.dll

2010-03-28 09:59:28 149504 --sha-r- c:\windows\system32\grouppolicy\user\scripts\logon\winlogo.exe

.

============= FINISH: 16:22:21.79 ===============

attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you for your response. I ran the TSSKIller before I came here for help and it found 3 threats here is that log:

11:44:31.0484 1900 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49

11:44:31.0515 1900 ============================================================

11:44:31.0515 1900 Current date / time: 2011/11/07 11:44:31.0515

11:44:31.0515 1900 SystemInfo:

11:44:31.0515 1900

11:44:31.0515 1900 OS Version: 5.1.2600 ServicePack: 3.0

11:44:31.0515 1900 Product type: Workstation

11:44:31.0515 1900 ComputerName: YOUR-4105E587B6

11:44:31.0515 1900 UserName: Administrator

11:44:31.0515 1900 Windows directory: C:\WINDOWS

11:44:31.0515 1900 System windows directory: C:\WINDOWS

11:44:31.0515 1900 Processor architecture: Intel x86

11:44:31.0515 1900 Number of processors: 1

11:44:31.0515 1900 Page size: 0x1000

11:44:31.0515 1900 Boot type: Safe boot

11:44:31.0515 1900 ============================================================

11:44:32.0265 1900 Initialize success

11:44:48.0531 0860 ============================================================

11:44:48.0531 0860 Scan started

11:44:48.0531 0860 Mode: Manual;

11:44:48.0531 0860 ============================================================

11:44:49.0109 0860 Abiosdsk - ok

11:44:49.0140 0860 abp480n5 - ok

11:44:49.0203 0860 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:44:49.0218 0860 ACPI - ok

11:44:49.0234 0860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

11:44:49.0234 0860 ACPIEC - ok

11:44:49.0250 0860 adpu160m - ok

11:44:49.0328 0860 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:44:49.0328 0860 aec - ok

11:44:49.0390 0860 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

11:44:49.0406 0860 AFD - ok

11:44:49.0421 0860 Aha154x - ok

11:44:49.0453 0860 aic78u2 - ok

11:44:49.0484 0860 aic78xx - ok

11:44:49.0546 0860 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

11:44:49.0546 0860 AliIde - ok

11:44:49.0578 0860 amsint - ok

11:44:49.0609 0860 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:44:49.0609 0860 Arp1394 - ok

11:44:49.0640 0860 asc - ok

11:44:49.0671 0860 asc3350p - ok

11:44:49.0703 0860 asc3550 - ok

11:44:49.0765 0860 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

11:44:49.0765 0860 ASCTRM - ok

11:44:49.0843 0860 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:44:49.0843 0860 AsyncMac - ok

11:44:49.0875 0860 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:44:49.0875 0860 atapi - ok

11:44:49.0906 0860 Atdisk - ok

11:44:49.0953 0860 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:44:49.0953 0860 Atmarpc - ok

11:44:50.0015 0860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:44:50.0015 0860 audstub - ok

11:44:50.0109 0860 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

11:44:50.0125 0860 BCM43XX - ok

11:44:50.0546 0860 bdfm (0de9617eaa4ca5587c2f950c73eaba3c) C:\WINDOWS\system32\drivers\bdfm.sys

11:44:50.0546 0860 bdfm - ok

11:44:50.0593 0860 bdfndisf (f06a3ded38c2b0c320d4171a7532eada) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys

11:44:50.0593 0860 bdfndisf - ok

11:44:50.0656 0860 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys

11:44:50.0671 0860 bdfsfltr - ok

11:44:50.0828 0860 bdftdif (efcfc2811e6f3db4034cdabd8115f13b) C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys

11:44:50.0828 0860 bdftdif - ok

11:44:51.0109 0860 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\Defender Pro\Defender Pro\bdselfpr.sys

11:44:51.0109 0860 BDSelfPr - ok

11:44:51.0281 0860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:44:51.0281 0860 Beep - ok

11:44:51.0359 0860 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys

11:44:51.0375 0860 BTWUSB - ok

11:44:51.0390 0860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:44:51.0390 0860 cbidf2k - ok

11:44:51.0468 0860 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:44:51.0468 0860 CCDECODE - ok

11:44:51.0500 0860 cd20xrnt - ok

11:44:51.0531 0860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:44:51.0531 0860 Cdaudio - ok

11:44:51.0562 0860 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:44:51.0578 0860 Cdfs - ok

11:44:51.0609 0860 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:44:51.0609 0860 Cdrom - ok

11:44:51.0625 0860 Changer - ok

11:44:51.0687 0860 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

11:44:51.0687 0860 CmBatt - ok

11:44:51.0703 0860 CmdIde - ok

11:44:51.0750 0860 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

11:44:51.0750 0860 Compbatt - ok

11:44:51.0781 0860 Cpqarray - ok

11:44:51.0828 0860 dac2w2k - ok

11:44:51.0859 0860 dac960nt - ok

11:44:51.0921 0860 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:44:51.0921 0860 Disk - ok

11:44:52.0000 0860 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:44:52.0031 0860 dmboot - ok

11:44:52.0125 0860 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:44:52.0125 0860 dmio - ok

11:44:52.0187 0860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:44:52.0187 0860 dmload - ok

11:44:52.0328 0860 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:44:52.0328 0860 DMusic - ok

11:44:52.0375 0860 dpti2o - ok

11:44:52.0406 0860 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:44:52.0406 0860 drmkaud - ok

11:44:52.0453 0860 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

11:44:52.0453 0860 E100B - ok

11:44:52.0484 0860 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys

11:44:52.0484 0860 eabfiltr - ok

11:44:52.0531 0860 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys

11:44:52.0531 0860 eabusb - ok

11:44:52.0640 0860 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:44:52.0640 0860 Fastfat - ok

11:44:52.0703 0860 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:44:52.0703 0860 Fdc - ok

11:44:52.0734 0860 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:44:52.0734 0860 Fips - ok

11:44:52.0796 0860 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:44:52.0796 0860 Flpydisk - ok

11:44:52.0828 0860 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:44:52.0828 0860 FltMgr - ok

11:44:52.0875 0860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:44:52.0875 0860 Fs_Rec - ok

11:44:52.0906 0860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:44:52.0906 0860 Ftdisk - ok

11:44:52.0937 0860 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:44:52.0937 0860 Gpc - ok

11:44:53.0015 0860 HdAudAddService (a8bccb6ab8e43c39f4ef1bc4db8d6165) C:\WINDOWS\system32\drivers\CHDAud.sys

11:44:53.0015 0860 HdAudAddService - ok

11:44:53.0093 0860 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:44:53.0093 0860 HDAudBus - ok

11:44:53.0218 0860 hpn - ok

11:44:53.0265 0860 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

11:44:53.0265 0860 HSFHWAZL - ok

11:44:53.0343 0860 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

11:44:53.0359 0860 HSF_DPV - ok

11:44:53.0453 0860 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:44:53.0453 0860 HTTP - ok

11:44:53.0500 0860 i2omgmt - ok

11:44:53.0515 0860 i2omp - ok

11:44:53.0593 0860 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:44:53.0593 0860 i8042prt - ok

11:44:53.0703 0860 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

11:44:53.0765 0860 ialm - ok

11:44:54.0000 0860 iaStor (5b603fc74d24cc616dacaf29927e1563) C:\WINDOWS\system32\DRIVERS\iaStor.sys

11:44:54.0015 0860 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\iaStor.sys. Real md5: 5b603fc74d24cc616dacaf29927e1563, Fake md5: 309c4d86d989fb1fcf64bd30dc81c51b

11:44:54.0015 0860 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - infected

11:44:54.0015 0860 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)

11:44:54.0109 0860 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:44:54.0109 0860 Imapi - ok

11:44:54.0156 0860 ini910u - ok

11:44:54.0187 0860 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:44:54.0187 0860 IntelIde - ok

11:44:54.0234 0860 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:44:54.0234 0860 intelppm - ok

11:44:54.0265 0860 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:44:54.0265 0860 Ip6Fw - ok

11:44:54.0312 0860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:44:54.0312 0860 IpFilterDriver - ok

11:44:54.0359 0860 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:44:54.0375 0860 IpInIp - ok

11:44:54.0406 0860 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:44:54.0406 0860 IpNat - ok

11:44:54.0453 0860 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:44:54.0453 0860 IPSec - ok

11:44:54.0593 0860 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:44:54.0593 0860 IRENUM - ok

11:44:54.0656 0860 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:44:54.0671 0860 isapnp - ok

11:44:54.0671 0860 Suspicious service (NoAccess): jvezzqnn

11:44:54.0765 0860 jvezzqnn (80c6af4f948d4168fc90da1a6f4b6924) C:\WINDOWS\system32\drivers\jvezzqnn.sys

11:44:54.0765 0860 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\jvezzqnn.sys. md5: 80c6af4f948d4168fc90da1a6f4b6924

11:44:54.0765 0860 jvezzqnn ( LockedService.Multi.Generic ) - warning

11:44:54.0765 0860 jvezzqnn - detected LockedService.Multi.Generic (1)

11:44:54.0953 0860 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:44:54.0953 0860 Kbdclass - ok

11:44:55.0046 0860 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:44:55.0046 0860 kmixer - ok

11:44:55.0093 0860 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:44:55.0093 0860 KSecDD - ok

11:44:55.0156 0860 lbrtfdc - ok

11:44:55.0265 0860 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:44:55.0265 0860 mdmxsdk - ok

11:44:55.0296 0860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:44:55.0296 0860 mnmdd - ok

11:44:55.0343 0860 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:44:55.0343 0860 Modem - ok

11:44:55.0390 0860 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:44:55.0390 0860 Mouclass - ok

11:44:55.0421 0860 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:44:55.0421 0860 MountMgr - ok

11:44:55.0453 0860 mraid35x - ok

11:44:55.0484 0860 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:44:55.0484 0860 MRxDAV - ok

11:44:55.0625 0860 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:44:55.0640 0860 MRxSmb - ok

11:44:55.0968 0860 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:44:55.0984 0860 Msfs - ok

11:44:56.0015 0860 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:44:56.0015 0860 MSKSSRV - ok

11:44:56.0046 0860 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:44:56.0046 0860 MSPCLOCK - ok

11:44:56.0078 0860 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:44:56.0078 0860 MSPQM - ok

11:44:56.0140 0860 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:44:56.0140 0860 mssmbios - ok

11:44:56.0187 0860 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:44:56.0187 0860 MSTEE - ok

11:44:56.0234 0860 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

11:44:56.0234 0860 Mup - ok

11:44:56.0296 0860 Mvc25U870_VID_1262&PID_25FD (924d3bdced397ec75c162579436ce696) C:\WINDOWS\system32\Drivers\Mvc25U870.sys

11:44:56.0296 0860 Mvc25U870_VID_1262&PID_25FD - ok

11:44:56.0406 0860 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:44:56.0406 0860 NABTSFEC - ok

11:44:56.0515 0860 NDIS (2adb33121c7e6a7cfdf986262be02d46) C:\WINDOWS\system32\drivers\NDIS.sys

11:44:56.0531 0860 Suspicious file (Forged): C:\WINDOWS\system32\drivers\NDIS.sys. Real md5: 2adb33121c7e6a7cfdf986262be02d46, Fake md5: 63f9fde7279d099e64eea9cccbff4fe6

11:44:56.0531 0860 NDIS ( ForgedFile.Multi.Generic ) - warning

11:44:56.0531 0860 NDIS - detected ForgedFile.Multi.Generic (1)

11:44:56.0562 0860 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:44:56.0562 0860 NdisIP - ok

11:44:56.0625 0860 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:44:56.0625 0860 NdisTapi - ok

11:44:56.0703 0860 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:44:56.0703 0860 Ndisuio - ok

11:44:56.0734 0860 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:44:56.0734 0860 NdisWan - ok

11:44:56.0765 0860 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

11:44:56.0765 0860 NDProxy - ok

11:44:56.0796 0860 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:44:56.0796 0860 NetBIOS - ok

11:44:56.0843 0860 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:44:56.0859 0860 NetBT - ok

11:44:56.0937 0860 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:44:56.0937 0860 NIC1394 - ok

11:44:57.0000 0860 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:44:57.0000 0860 Npfs - ok

11:44:57.0031 0860 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:44:57.0078 0860 Ntfs - ok

11:44:57.0296 0860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:44:57.0296 0860 Null - ok

11:44:57.0343 0860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:44:57.0343 0860 NwlnkFlt - ok

11:44:57.0375 0860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:44:57.0375 0860 NwlnkFwd - ok

11:44:57.0453 0860 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

11:44:57.0453 0860 NwlnkIpx - ok

11:44:57.0484 0860 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

11:44:57.0484 0860 NwlnkNb - ok

11:44:57.0515 0860 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

11:44:57.0515 0860 NwlnkSpx - ok

11:44:57.0562 0860 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:44:57.0562 0860 ohci1394 - ok

11:44:57.0609 0860 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

11:44:57.0609 0860 Parport - ok

11:44:57.0656 0860 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:44:57.0656 0860 PartMgr - ok

11:44:57.0687 0860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:44:57.0703 0860 ParVdm - ok

11:44:57.0734 0860 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:44:57.0734 0860 PCI - ok

11:44:57.0750 0860 PCIDump - ok

11:44:57.0781 0860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:44:57.0781 0860 PCIIde - ok

11:44:57.0828 0860 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

11:44:57.0828 0860 Pcmcia - ok

11:44:57.0843 0860 PDCOMP - ok

11:44:57.0875 0860 PDFRAME - ok

11:44:57.0906 0860 PDRELI - ok

11:44:57.0921 0860 PDRFRAME - ok

11:44:57.0953 0860 perc2 - ok

11:44:57.0984 0860 perc2hib - ok

11:44:58.0093 0860 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:44:58.0093 0860 PptpMiniport - ok

11:44:58.0234 0860 Profos (de11f5c3e9bda993b65e1518d46bc438) C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\profos.sys

11:44:58.0234 0860 Profos - ok

11:44:58.0281 0860 protect (2474f6359b2686ebcc034214ecda6253) C:\WINDOWS\system32\drivers\protect.sys

11:44:58.0281 0860 protect - ok

11:44:58.0453 0860 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:44:58.0453 0860 PSched - ok

11:44:58.0500 0860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:44:58.0500 0860 Ptilink - ok

11:44:58.0531 0860 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:44:58.0546 0860 PxHelp20 - ok

11:44:58.0562 0860 ql1080 - ok

11:44:58.0593 0860 Ql10wnt - ok

11:44:58.0625 0860 ql12160 - ok

11:44:58.0656 0860 ql1240 - ok

11:44:58.0687 0860 ql1280 - ok

11:44:58.0718 0860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:44:58.0718 0860 RasAcd - ok

11:44:58.0796 0860 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

11:44:58.0796 0860 Rasirda - ok

11:44:58.0843 0860 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:44:58.0843 0860 Rasl2tp - ok

11:44:58.0875 0860 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:44:58.0890 0860 RasPppoe - ok

11:44:58.0921 0860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:44:58.0921 0860 Raspti - ok

11:44:58.0968 0860 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:44:58.0968 0860 Rdbss - ok

11:44:59.0000 0860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:44:59.0000 0860 RDPCDD - ok

11:44:59.0062 0860 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

11:44:59.0062 0860 RDPWD - ok

11:44:59.0109 0860 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:44:59.0109 0860 redbook - ok

11:44:59.0171 0860 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

11:44:59.0171 0860 rimmptsk - ok

11:44:59.0187 0860 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

11:44:59.0187 0860 rimsptsk - ok

11:44:59.0234 0860 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

11:44:59.0234 0860 rismxdp - ok

11:44:59.0328 0860 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

11:44:59.0328 0860 sdbus - ok

11:44:59.0390 0860 seagate (5b5e7e2cc3e26e1211c276a6d8b98672) C:\WINDOWS\system32\seagate.sys

11:44:59.0406 0860 seagate - ok

11:44:59.0453 0860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:44:59.0453 0860 Secdrv - ok

11:44:59.0671 0860 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:44:59.0671 0860 serenum - ok

11:44:59.0718 0860 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:44:59.0718 0860 Serial - ok

11:44:59.0750 0860 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

11:44:59.0750 0860 sffdisk - ok

11:44:59.0781 0860 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

11:44:59.0781 0860 sffp_sd - ok

11:44:59.0843 0860 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:44:59.0843 0860 Sfloppy - ok

11:44:59.0890 0860 Simbad - ok

11:44:59.0937 0860 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:44:59.0937 0860 SLIP - ok

11:45:00.0000 0860 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

11:45:00.0000 0860 SMCIRDA - ok

11:45:00.0031 0860 Sparrow - ok

11:45:00.0078 0860 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:45:00.0078 0860 splitter - ok

11:45:00.0125 0860 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:45:00.0140 0860 sr - ok

11:45:00.0218 0860 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

11:45:00.0234 0860 Srv - ok

11:45:00.0296 0860 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:45:00.0296 0860 streamip - ok

11:45:00.0343 0860 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:45:00.0343 0860 swenum - ok

11:45:00.0515 0860 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:45:00.0515 0860 swmidi - ok

11:45:00.0546 0860 symc810 - ok

11:45:00.0593 0860 symc8xx - ok

11:45:00.0609 0860 sym_hi - ok

11:45:00.0656 0860 sym_u3 - ok

11:45:00.0703 0860 SynTP (fd5010a627d2a7bbd1c44a488e3a8fe5) C:\WINDOWS\system32\DRIVERS\SynTP.sys

11:45:00.0718 0860 SynTP - ok

11:45:00.0750 0860 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:45:00.0750 0860 sysaudio - ok

11:45:00.0843 0860 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:45:00.0859 0860 Tcpip - ok

11:45:00.0921 0860 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:45:00.0921 0860 TDPIPE - ok

11:45:01.0015 0860 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:45:01.0015 0860 TDTCP - ok

11:45:01.0046 0860 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:45:01.0046 0860 TermDD - ok

11:45:01.0093 0860 TosIde - ok

11:45:01.0265 0860 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\trufos.sys

11:45:01.0265 0860 Trufos - ok

11:45:01.0484 0860 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:45:01.0484 0860 Udfs - ok

11:45:01.0515 0860 ultra - ok

11:45:01.0562 0860 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:45:01.0578 0860 Update - ok

11:45:01.0671 0860 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:45:01.0671 0860 usbehci - ok

11:45:01.0718 0860 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:45:01.0718 0860 usbhub - ok

11:45:01.0765 0860 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:45:01.0765 0860 USBSTOR - ok

11:45:01.0812 0860 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:45:01.0812 0860 usbuhci - ok

11:45:01.0843 0860 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:45:01.0843 0860 VgaSave - ok

11:45:01.0875 0860 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:45:01.0875 0860 ViaIde - ok

11:45:01.0906 0860 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:45:01.0906 0860 VolSnap - ok

11:45:02.0062 0860 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

11:45:02.0093 0860 w39n51 - ok

11:45:02.0296 0860 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:45:02.0296 0860 Wanarp - ok

11:45:02.0359 0860 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

11:45:02.0359 0860 wanatw - ok

11:45:02.0390 0860 WDICA - ok

11:45:02.0437 0860 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:45:02.0453 0860 wdmaud - ok

11:45:02.0562 0860 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:45:02.0578 0860 winachsf - ok

11:45:02.0687 0860 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

11:45:02.0687 0860 WmiAcpi - ok

11:45:02.0796 0860 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:45:02.0796 0860 WSTCODEC - ok

11:45:02.0890 0860 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0

11:45:02.0906 0860 \Device\Harddisk0\DR0 - ok

11:45:02.0937 0860 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR12

11:45:02.0937 0860 \Device\Harddisk1\DR12 - ok

11:45:02.0968 0860 Boot (0x1200) (446e48a9a5e7cd41b99cee48adaeca60) \Device\Harddisk0\DR0\Partition0

11:45:02.0968 0860 \Device\Harddisk0\DR0\Partition0 - ok

11:45:03.0015 0860 Boot (0x1200) (0f1810eeac1a585d14887096010ba47f) \Device\Harddisk0\DR0\Partition1

11:45:03.0015 0860 \Device\Harddisk0\DR0\Partition1 - ok

11:45:03.0031 0860 Boot (0x1200) (08e4fc9aa8d477b7c721a4907b07ed9f) \Device\Harddisk1\DR12\Partition0

11:45:03.0031 0860 \Device\Harddisk1\DR12\Partition0 - ok

11:45:03.0046 0860 ============================================================

11:45:03.0046 0860 Scan finished

11:45:03.0046 0860 ============================================================

11:45:03.0078 0704 Detected object count: 3

11:45:03.0078 0704 Actual detected object count: 3

11:45:53.0421 0704 Backup copy found, using it..

11:45:53.0468 0704 C:\WINDOWS\system32\DRIVERS\iaStor.sys - will be cured on reboot

11:45:53.0468 0704 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure

11:45:53.0562 0704 HKLM\SYSTEM\ControlSet001\services\jvezzqnn - will be deleted on reboot

11:45:53.0593 0704 HKLM\SYSTEM\ControlSet002\services\jvezzqnn - will be deleted on reboot

11:45:53.0609 0704 HKLM\SYSTEM\ControlSet003\services\jvezzqnn - will be deleted on reboot

11:45:53.0609 0704 C:\WINDOWS\system32\drivers\jvezzqnn.sys - will be deleted on reboot

11:45:53.0609 0704 jvezzqnn ( LockedService.Multi.Generic ) - User select action: Delete

11:45:53.0625 0704 HKLM\SYSTEM\ControlSet001\services\NDIS - will be deleted on reboot

11:45:53.0625 0704 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\NDIS - will be deleted on reboot

11:45:53.0625 0704 HKLM\SYSTEM\ControlSet002\services\NDIS - will be deleted on reboot

11:45:53.0640 0704 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\NDIS - will be deleted on reboot

11:45:53.0640 0704 HKLM\SYSTEM\ControlSet003\services\NDIS - will be deleted on reboot

11:45:53.0640 0704 HKLM\SYSTEM\ControlSet003\control\safeboot\Network\NDIS - will be deleted on reboot

11:45:53.0640 0704 C:\WINDOWS\system32\drivers\NDIS.sys - will be deleted on reboot

11:45:53.0640 0704 NDIS ( ForgedFile.Multi.Generic ) - User select action: Delete

11:46:18.0750 1864 Deinitialize success

Link to post
Share on other sites

Now I ran it again and it found nothing. Here is that log:

15:42:04.0843 1984 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49

15:42:04.0875 1984 ============================================================

15:42:04.0875 1984 Current date / time: 2011/11/16 15:42:04.0875

15:42:04.0875 1984 SystemInfo:

15:42:04.0875 1984

15:42:04.0875 1984 OS Version: 5.1.2600 ServicePack: 3.0

15:42:04.0875 1984 Product type: Workstation

15:42:04.0875 1984 ComputerName: YOUR-4105E587B6

15:42:04.0875 1984 UserName: Administrator

15:42:04.0875 1984 Windows directory: C:\WINDOWS

15:42:04.0875 1984 System windows directory: C:\WINDOWS

15:42:04.0875 1984 Processor architecture: Intel x86

15:42:04.0875 1984 Number of processors: 1

15:42:04.0875 1984 Page size: 0x1000

15:42:04.0875 1984 Boot type: Safe boot with network

15:42:04.0875 1984 ============================================================

15:42:06.0281 1984 Initialize success

15:42:09.0734 2008 ============================================================

15:42:09.0734 2008 Scan started

15:42:09.0734 2008 Mode: Manual;

15:42:09.0734 2008 ============================================================

15:42:10.0656 2008 79459828 - ok

15:42:10.0687 2008 Abiosdsk - ok

15:42:10.0703 2008 abp480n5 - ok

15:42:10.0796 2008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:42:10.0796 2008 ACPI - ok

15:42:10.0828 2008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:42:10.0828 2008 ACPIEC - ok

15:42:10.0859 2008 adpu160m - ok

15:42:10.0921 2008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:42:10.0921 2008 aec - ok

15:42:10.0953 2008 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

15:42:10.0968 2008 AFD - ok

15:42:10.0984 2008 Aha154x - ok

15:42:11.0015 2008 aic78u2 - ok

15:42:11.0031 2008 aic78xx - ok

15:42:11.0078 2008 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

15:42:11.0078 2008 AliIde - ok

15:42:11.0093 2008 amsint - ok

15:42:11.0156 2008 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:42:11.0156 2008 Arp1394 - ok

15:42:11.0203 2008 asc - ok

15:42:11.0218 2008 asc3350p - ok

15:42:11.0265 2008 asc3550 - ok

15:42:11.0328 2008 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

15:42:11.0328 2008 ASCTRM - ok

15:42:11.0406 2008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:42:11.0406 2008 AsyncMac - ok

15:42:11.0437 2008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:42:11.0437 2008 atapi - ok

15:42:11.0484 2008 Atdisk - ok

15:42:11.0546 2008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:42:11.0546 2008 Atmarpc - ok

15:42:11.0687 2008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:42:11.0687 2008 audstub - ok

15:42:11.0828 2008 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

15:42:11.0828 2008 BCM43XX - ok

15:42:11.0937 2008 bdfm (0de9617eaa4ca5587c2f950c73eaba3c) C:\WINDOWS\system32\drivers\bdfm.sys

15:42:11.0937 2008 bdfm - ok

15:42:12.0000 2008 bdfndisf (f06a3ded38c2b0c320d4171a7532eada) C:\WINDOWS\system32\DRIVERS\bdfndisf.sys

15:42:12.0000 2008 bdfndisf - ok

15:42:12.0062 2008 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys

15:42:12.0078 2008 bdfsfltr - ok

15:42:12.0203 2008 bdftdif (efcfc2811e6f3db4034cdabd8115f13b) C:\Program Files\Common Files\Defender Pro\Defender Pro Firewall\bdftdif.sys

15:42:12.0203 2008 bdftdif - ok

15:42:12.0500 2008 BDSelfPr (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\Defender Pro\Defender Pro\bdselfpr.sys

15:42:12.0500 2008 BDSelfPr - ok

15:42:12.0671 2008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:42:12.0671 2008 Beep - ok

15:42:12.0781 2008 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys

15:42:12.0781 2008 BTWUSB - ok

15:42:12.0812 2008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:42:12.0812 2008 cbidf2k - ok

15:42:12.0859 2008 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:42:12.0859 2008 CCDECODE - ok

15:42:12.0890 2008 cd20xrnt - ok

15:42:12.0937 2008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:42:12.0937 2008 Cdaudio - ok

15:42:12.0984 2008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:42:12.0984 2008 Cdfs - ok

15:42:13.0031 2008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:42:13.0031 2008 Cdrom - ok

15:42:13.0062 2008 Changer - ok

15:42:13.0109 2008 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:42:13.0109 2008 CmBatt - ok

15:42:13.0125 2008 CmdIde - ok

15:42:13.0156 2008 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:42:13.0156 2008 Compbatt - ok

15:42:13.0218 2008 Cpqarray - ok

15:42:13.0250 2008 dac2w2k - ok

15:42:13.0296 2008 dac960nt - ok

15:42:13.0343 2008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:42:13.0343 2008 Disk - ok

15:42:13.0406 2008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:42:13.0421 2008 dmboot - ok

15:42:13.0609 2008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:42:13.0609 2008 dmio - ok

15:42:13.0671 2008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:42:13.0671 2008 dmload - ok

15:42:13.0718 2008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:42:13.0718 2008 DMusic - ok

15:42:13.0781 2008 dpti2o - ok

15:42:13.0828 2008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:42:13.0828 2008 drmkaud - ok

15:42:13.0875 2008 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:42:13.0875 2008 E100B - ok

15:42:13.0906 2008 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys

15:42:13.0906 2008 eabfiltr - ok

15:42:13.0937 2008 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys

15:42:13.0937 2008 eabusb - ok

15:42:14.0046 2008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:42:14.0046 2008 Fastfat - ok

15:42:14.0109 2008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:42:14.0109 2008 Fdc - ok

15:42:14.0140 2008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:42:14.0156 2008 Fips - ok

15:42:14.0328 2008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:42:14.0328 2008 Flpydisk - ok

15:42:14.0359 2008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:42:14.0359 2008 FltMgr - ok

15:42:14.0421 2008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:42:14.0421 2008 Fs_Rec - ok

15:42:14.0453 2008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:42:14.0453 2008 Ftdisk - ok

15:42:14.0500 2008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:42:14.0500 2008 Gpc - ok

15:42:14.0640 2008 HdAudAddService (a8bccb6ab8e43c39f4ef1bc4db8d6165) C:\WINDOWS\system32\drivers\CHDAud.sys

15:42:14.0656 2008 HdAudAddService - ok

15:42:14.0718 2008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:42:14.0718 2008 HDAudBus - ok

15:42:14.0781 2008 hpn - ok

15:42:14.0843 2008 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

15:42:14.0843 2008 HSFHWAZL - ok

15:42:14.0921 2008 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

15:42:14.0937 2008 HSF_DPV - ok

15:42:15.0156 2008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:42:15.0156 2008 HTTP - ok

15:42:15.0203 2008 i2omgmt - ok

15:42:15.0234 2008 i2omp - ok

15:42:15.0265 2008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:42:15.0265 2008 i8042prt - ok

15:42:15.0406 2008 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

15:42:15.0437 2008 ialm - ok

15:42:15.0640 2008 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

15:42:15.0656 2008 iaStor - ok

15:42:15.0718 2008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:42:15.0718 2008 Imapi - ok

15:42:15.0828 2008 ini910u - ok

15:42:15.0859 2008 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:42:15.0875 2008 IntelIde - ok

15:42:15.0937 2008 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:42:15.0937 2008 intelppm - ok

15:42:15.0984 2008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:42:15.0984 2008 Ip6Fw - ok

15:42:16.0046 2008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:42:16.0046 2008 IpFilterDriver - ok

15:42:16.0093 2008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:42:16.0093 2008 IpInIp - ok

15:42:16.0250 2008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:42:16.0250 2008 IpNat - ok

15:42:16.0296 2008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:42:16.0296 2008 IPSec - ok

15:42:16.0328 2008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:42:16.0328 2008 IRENUM - ok

15:42:16.0375 2008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:42:16.0375 2008 isapnp - ok

15:42:16.0421 2008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:42:16.0421 2008 Kbdclass - ok

15:42:16.0468 2008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:42:16.0468 2008 kmixer - ok

15:42:16.0531 2008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:42:16.0531 2008 KSecDD - ok

15:42:16.0593 2008 lbrtfdc - ok

15:42:16.0687 2008 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:42:16.0687 2008 mdmxsdk - ok

15:42:16.0718 2008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:42:16.0718 2008 mnmdd - ok

15:42:16.0796 2008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:42:16.0796 2008 Modem - ok

15:42:16.0828 2008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:42:16.0828 2008 Mouclass - ok

15:42:16.0859 2008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:42:16.0859 2008 MountMgr - ok

15:42:16.0890 2008 mraid35x - ok

15:42:16.0937 2008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:42:16.0937 2008 MRxDAV - ok

15:42:17.0000 2008 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:42:17.0015 2008 MRxSmb - ok

15:42:17.0156 2008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:42:17.0156 2008 Msfs - ok

15:42:17.0203 2008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:42:17.0203 2008 MSKSSRV - ok

15:42:17.0234 2008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:42:17.0234 2008 MSPCLOCK - ok

15:42:17.0265 2008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:42:17.0265 2008 MSPQM - ok

15:42:17.0328 2008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:42:17.0328 2008 mssmbios - ok

15:42:17.0375 2008 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:42:17.0375 2008 MSTEE - ok

15:42:17.0390 2008 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

15:42:17.0406 2008 Mup - ok

15:42:17.0468 2008 Mvc25U870_VID_1262&PID_25FD (924d3bdced397ec75c162579436ce696) C:\WINDOWS\system32\Drivers\Mvc25U870.sys

15:42:17.0468 2008 Mvc25U870_VID_1262&PID_25FD - ok

15:42:17.0515 2008 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:42:17.0515 2008 NABTSFEC - ok

15:42:17.0609 2008 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:42:17.0609 2008 NdisIP - ok

15:42:17.0656 2008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:42:17.0656 2008 NdisTapi - ok

15:42:17.0703 2008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:42:17.0703 2008 Ndisuio - ok

15:42:17.0718 2008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:42:17.0718 2008 NdisWan - ok

15:42:17.0781 2008 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

15:42:17.0781 2008 NDProxy - ok

15:42:17.0828 2008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:42:17.0828 2008 NetBIOS - ok

15:42:18.0000 2008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:42:18.0000 2008 NetBT - ok

15:42:18.0078 2008 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:42:18.0093 2008 NIC1394 - ok

15:42:18.0140 2008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:42:18.0140 2008 Npfs - ok

15:42:18.0187 2008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:42:18.0203 2008 Ntfs - ok

15:42:18.0265 2008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:42:18.0265 2008 Null - ok

15:42:18.0312 2008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:42:18.0312 2008 NwlnkFlt - ok

15:42:18.0343 2008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:42:18.0359 2008 NwlnkFwd - ok

15:42:18.0406 2008 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

15:42:18.0421 2008 NwlnkIpx - ok

15:42:18.0453 2008 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

15:42:18.0453 2008 NwlnkNb - ok

15:42:18.0484 2008 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

15:42:18.0484 2008 NwlnkSpx - ok

15:42:18.0531 2008 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:42:18.0531 2008 ohci1394 - ok

15:42:18.0593 2008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:42:18.0609 2008 Parport - ok

15:42:18.0750 2008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:42:18.0750 2008 PartMgr - ok

15:42:18.0796 2008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:42:18.0812 2008 ParVdm - ok

15:42:18.0812 2008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:42:18.0828 2008 PCI - ok

15:42:18.0843 2008 PCIDump - ok

15:42:18.0859 2008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:42:18.0859 2008 PCIIde - ok

15:42:18.0890 2008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

15:42:18.0890 2008 Pcmcia - ok

15:42:18.0921 2008 PDCOMP - ok

15:42:18.0953 2008 PDFRAME - ok

15:42:18.0984 2008 PDRELI - ok

15:42:19.0015 2008 PDRFRAME - ok

15:42:19.0046 2008 perc2 - ok

15:42:19.0062 2008 perc2hib - ok

15:42:19.0187 2008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:42:19.0203 2008 PptpMiniport - ok

15:42:19.0343 2008 Profos (de11f5c3e9bda993b65e1518d46bc438) C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\profos.sys

15:42:19.0343 2008 Profos - ok

15:42:19.0406 2008 protect (2474f6359b2686ebcc034214ecda6253) C:\WINDOWS\system32\drivers\protect.sys

15:42:19.0406 2008 protect - ok

15:42:19.0468 2008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:42:19.0484 2008 PSched - ok

15:42:19.0500 2008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:42:19.0500 2008 Ptilink - ok

15:42:19.0546 2008 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:42:19.0546 2008 PxHelp20 - ok

15:42:19.0578 2008 ql1080 - ok

15:42:19.0593 2008 Ql10wnt - ok

15:42:19.0625 2008 ql12160 - ok

15:42:19.0656 2008 ql1240 - ok

15:42:19.0687 2008 ql1280 - ok

15:42:19.0750 2008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:42:19.0750 2008 RasAcd - ok

15:42:19.0937 2008 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

15:42:19.0937 2008 Rasirda - ok

15:42:20.0000 2008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:42:20.0000 2008 Rasl2tp - ok

15:42:20.0031 2008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:42:20.0031 2008 RasPppoe - ok

15:42:20.0078 2008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:42:20.0078 2008 Raspti - ok

15:42:20.0125 2008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:42:20.0125 2008 Rdbss - ok

15:42:20.0156 2008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:42:20.0156 2008 RDPCDD - ok

15:42:20.0218 2008 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

15:42:20.0218 2008 RDPWD - ok

15:42:20.0265 2008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:42:20.0265 2008 redbook - ok

15:42:20.0312 2008 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

15:42:20.0312 2008 rimmptsk - ok

15:42:20.0343 2008 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

15:42:20.0359 2008 rimsptsk - ok

15:42:20.0421 2008 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

15:42:20.0421 2008 rismxdp - ok

15:42:20.0546 2008 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

15:42:20.0546 2008 sdbus - ok

15:42:20.0703 2008 seagate (5b5e7e2cc3e26e1211c276a6d8b98672) C:\WINDOWS\system32\seagate.sys

15:42:20.0734 2008 seagate - ok

15:42:20.0828 2008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:42:20.0828 2008 Secdrv - ok

15:42:20.0921 2008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:42:20.0921 2008 serenum - ok

15:42:20.0968 2008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:42:20.0968 2008 Serial - ok

15:42:21.0000 2008 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

15:42:21.0000 2008 sffdisk - ok

15:42:21.0062 2008 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

15:42:21.0062 2008 sffp_sd - ok

15:42:21.0093 2008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:42:21.0093 2008 Sfloppy - ok

15:42:21.0156 2008 Simbad - ok

15:42:21.0187 2008 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:42:21.0203 2008 SLIP - ok

15:42:21.0234 2008 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

15:42:21.0250 2008 SMCIRDA - ok

15:42:21.0265 2008 Sparrow - ok

15:42:21.0312 2008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:42:21.0343 2008 splitter - ok

15:42:21.0406 2008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:42:21.0406 2008 sr - ok

15:42:21.0593 2008 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

15:42:21.0593 2008 Srv - ok

15:42:21.0656 2008 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:42:21.0656 2008 streamip - ok

15:42:21.0703 2008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:42:21.0703 2008 swenum - ok

15:42:21.0750 2008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:42:21.0750 2008 swmidi - ok

15:42:21.0812 2008 symc810 - ok

15:42:21.0843 2008 symc8xx - ok

15:42:21.0875 2008 sym_hi - ok

15:42:21.0906 2008 sym_u3 - ok

15:42:21.0968 2008 SynTP (fd5010a627d2a7bbd1c44a488e3a8fe5) C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:42:21.0968 2008 SynTP - ok

15:42:22.0015 2008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:42:22.0046 2008 sysaudio - ok

15:42:22.0171 2008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:42:22.0171 2008 Tcpip - ok

15:42:22.0328 2008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:42:22.0328 2008 TDPIPE - ok

15:42:22.0375 2008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:42:22.0375 2008 TDTCP - ok

15:42:22.0421 2008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:42:22.0421 2008 TermDD - ok

15:42:22.0453 2008 TosIde - ok

15:42:22.0609 2008 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\Defender Pro\Defender Pro Threat Scanner\trufos.sys

15:42:22.0625 2008 Trufos - ok

15:42:22.0687 2008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:42:22.0703 2008 Udfs - ok

15:42:22.0734 2008 ultra - ok

15:42:22.0828 2008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:42:22.0828 2008 Update - ok

15:42:22.0968 2008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:42:22.0984 2008 usbehci - ok

15:42:23.0125 2008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:42:23.0125 2008 usbhub - ok

15:42:23.0187 2008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:42:23.0187 2008 USBSTOR - ok

15:42:23.0234 2008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:42:23.0234 2008 usbuhci - ok

15:42:23.0265 2008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:42:23.0265 2008 VgaSave - ok

15:42:23.0296 2008 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

15:42:23.0296 2008 ViaIde - ok

15:42:23.0328 2008 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:42:23.0328 2008 VolSnap - ok

15:42:23.0437 2008 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

15:42:23.0484 2008 w39n51 - ok

15:42:23.0562 2008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:42:23.0562 2008 Wanarp - ok

15:42:23.0609 2008 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

15:42:23.0609 2008 wanatw - ok

15:42:23.0625 2008 WDICA - ok

15:42:23.0687 2008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:42:23.0687 2008 wdmaud - ok

15:42:23.0921 2008 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

15:42:23.0937 2008 winachsf - ok

15:42:24.0046 2008 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

15:42:24.0046 2008 WmiAcpi - ok

15:42:24.0140 2008 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:42:24.0140 2008 WSTCODEC - ok

15:42:24.0250 2008 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0

15:42:24.0250 2008 \Device\Harddisk0\DR0 - ok

15:42:24.0281 2008 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4

15:42:24.0281 2008 \Device\Harddisk1\DR4 - ok

15:42:24.0312 2008 Boot (0x1200) (446e48a9a5e7cd41b99cee48adaeca60) \Device\Harddisk0\DR0\Partition0

15:42:24.0312 2008 \Device\Harddisk0\DR0\Partition0 - ok

15:42:24.0343 2008 Boot (0x1200) (0f1810eeac1a585d14887096010ba47f) \Device\Harddisk0\DR0\Partition1

15:42:24.0343 2008 \Device\Harddisk0\DR0\Partition1 - ok

15:42:24.0375 2008 Boot (0x1200) (f123c4db8d5f382a3f99155154ebcd31) \Device\Harddisk1\DR4\Partition0

15:42:24.0375 2008 \Device\Harddisk1\DR4\Partition0 - ok

15:42:24.0390 2008 ============================================================

15:42:24.0390 2008 Scan finished

15:42:24.0390 2008 ============================================================

15:42:24.0421 2000 Detected object count: 0

15:42:24.0421 2000 Actual detected object count: 0

15:43:56.0296 1976 Deinitialize success

Link to post
Share on other sites

Now the fun begins. I could not install or update MBAM. The mbam.exe keeps disappearing. I tried to connect to the internet and nothing. So I pulled up my network places and it is blank with no hardware detected even with a modem ethernet connection plugged in. So I tried to skip ahead to the combofix step. Upon installion of the combofix I get an error message that tells me that the combofix is compromised with a virut virus and too download a fresh one and it promptly closes and deletes the icon from my desktop. Wow this thing is kicking my butt. Thanks in advance for your help.

Link to post
Share on other sites

  • Staff

Hi,

I'm afraid I have some very bad news...

The infection that you can see, Virut, is what we call a file-infector.

These are particularly malicious, in that they infect all of your legitimate programs.

The problem is... the virus is very buggy, so it does not do a good job of infecting your files, so any attempt to disinfect and possibly save your files would be futile, in that, due to the buggy virus, we cannot properly disinfect your files.

What I highly recommend now is a reformat and a reinstallation of Windows XP.

Please let me know if you are prepared to do so.

You may backup and save all files except programs (meaning pictures and documents are okay), because if you backup any applications, they will transfer to your clean system, and you will be reinfected.

So, with that said, do you have your Windows XP CD?

Link to post
Share on other sites

Can you borrow an XP Home disk from someone? At this point it appears to be the only option.

OK so I did some reading up HP System recovery disks. Found out that HP has recovery files in the hard drive all you have to do is hit F11 @ start up to access. Did that and it seemed better but installed MBAM and ran a quick scan to be sure. BAAAAMM 95 items infected. Check out this log, been waiting for this for a while:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

11/28/2011 5:35:59 PM

mbam-log-2011-11-28 (17-35-59).txt

Scan type: Quick scan

Objects scanned: 189047

Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 3

Files Infected: 90

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALL.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

c:\documents and settings\chick\application data\antivirus plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

c:\program files\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

c:\documents and settings\chick\start menu\Programs\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\chick\local settings\Temp\1757197002.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\1821728252.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\2758883048.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\3236383048.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\4082008048.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\4f98e655.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\install.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\j6zc83qns .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\services.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\svchost .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\system .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\ovjphbnt.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\oxenmwcsar.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\taskmgr .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\TMP11BC.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\v2r0kotv28b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\wcnsaemxro.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\login.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\mki52E.tmp (Rogue.MultipleAV) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\mki52F.tmp (Virus.Virut) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\mocawsxnre.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\cop72d.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\count.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\drweb .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\evom.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\win .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\win16 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\winamp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\wsxeanormc.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\xrmsoawcen.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\xweosnmcra.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\ysdotp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\avp32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\3014540752.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\system .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\taskmgr .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\tmp0_739633112212.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\VRT22.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\VRT9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\VRTA.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\VRTC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\notepad .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN25.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN36.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\BN8.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\setup .exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\reader_s .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\wuaucldt.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\reader_s .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\reader_s.ex_ (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\local settings\application data\ave.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\0N7VQOPX\admwk[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\0N7VQOPX\tfllijwxgu[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\BBK88U3U\admwk[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\CX07S3W7\etqrnbbym[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\CX07S3W7\ybxliiv[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\QFAF252Z\etqrnbbym[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\SPCTU349\tfllijwxgu[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\SPCTU349\gmvsjkh[1].htm (Trojan.Unruy) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\WHQZW1A3\iolylzjjg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\temporary internet files\Content.IE5\WHQZW1A3\ybxliiv[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\PBXDT6SH\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\PBXDT6SH\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\SC.INS (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\WMDMLRT.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\application data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

c:\documents and settings\all users\favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\Temp\win16.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\chick\local settings\application data\windows server\hmwnny.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\local settings\application data\windows server\hmwnny.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\chick\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.

c:\WINDOWS\irc.txt (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\chick\application data\antivirus plus\antivirus plus.55532.dll (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

c:\documents and settings\chick\start menu\Programs\protection system\live support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

c:\documents and settings\chick\start menu\Programs\protection system\protection system.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

c:\documents and settings\chick\start menu\Programs\protection system\uninstall.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Link to post
Share on other sites

So yeah the laptop is running fine now. Thanks for all your help. I just have a couple of questions:

The virus seemed to mostly be infected in a certain users login(CHICK a friend).I was meaning to delete her whole login profile anyways, but now I wan it removed for sure. How can this be done?

With all the trojan / worm / backdoor viruses can this laptop ever be fully secure online again?

And how can I secure both this laptop and my home PC for internet browsing, a mediafire / megaupload download or too and other general uses.

Thanks again for everything.

Link to post
Share on other sites

  • Staff

Hi,

Let's make sure all of the malware is gone before we move to preventive measures.

Update MBAM, run a Quick Scan, and post its log.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.