Jump to content

google redirect


Recommended Posts

Hello, I'm having major issues with the redirect virus. Can't even get on most support forums to read about removal :lol: hatechu redirection!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:57:44 PM, on 1/20/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\wpcumi.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\PurePlay\Poker\PurePlayPoker.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15119&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O15 - Trusted Zone: http://support.gametap.com

O15 - Trusted Zone: *.gametap.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6247 bytes

Link to post
Share on other sites

Hello chumpstar! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

Thanks, I also followed the instructions pinned in the forum and my MBAM scan came up clean, then I have the Avira one and DDS but when I tried to run GMER Rootkit Scanner I crashed to blue screen.

Avira AntiVir Personal

Report file date: Thursday, January 20, 2011 20:39

Scanning for 2411098 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 2) [6.0.6002]

Boot mode : Normally booted

Username : SYSTEM

Computer name : CHUMPSTARONE

Version information:

BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 04:34:56

VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 04:34:56

VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 04:34:57

VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 04:34:57

VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 04:34:57

VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 04:34:58

VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 04:34:58

VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 04:34:58

VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 04:34:58

VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 04:34:59

VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 04:34:59

VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 04:34:59

VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 04:35:01

VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 04:35:02

VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 04:35:02

VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 04:35:04

VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 04:35:05

VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 04:35:06

VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 04:35:08

VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 04:35:08

VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 04:35:10

VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 04:35:12

VBASE023.VDF : 7.11.1.124 125440 Bytes 1/14/2011 04:35:12

VBASE024.VDF : 7.11.1.155 132096 Bytes 1/17/2011 04:35:13

VBASE025.VDF : 7.11.1.189 451072 Bytes 1/20/2011 04:35:15

VBASE026.VDF : 7.11.1.190 2048 Bytes 1/20/2011 04:35:16

VBASE027.VDF : 7.11.1.191 2048 Bytes 1/20/2011 04:35:16

VBASE028.VDF : 7.11.1.192 2048 Bytes 1/20/2011 04:35:16

VBASE029.VDF : 7.11.1.193 2048 Bytes 1/20/2011 04:35:16

VBASE030.VDF : 7.11.1.194 2048 Bytes 1/20/2011 04:35:17

VBASE031.VDF : 7.11.1.201 19968 Bytes 1/20/2011 04:35:17

Engineversion : 8.2.4.150

AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51

AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/21/2011 04:35:31

AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50

AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50

AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50

AEPACK.DLL : 8.2.4.8 512374 Bytes 1/21/2011 04:35:29

AEOFFICE.DLL : 8.1.1.15 205178 Bytes 1/21/2011 04:35:28

AEHEUR.DLL : 8.1.2.68 3178870 Bytes 1/21/2011 04:35:27

AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 16:39:42

AEGEN.DLL : 8.1.5.2 397683 Bytes 1/21/2011 04:35:21

AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42

AECORE.DLL : 8.1.19.2 196983 Bytes 1/21/2011 04:35:20

AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41

AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56

AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56

AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Thursday, January 20, 2011 20:39

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'vssvc.exe' - '54' Module(s) have been scanned

Scan process 'avscan.exe' - '79' Module(s) have been scanned

Scan process 'avscan.exe' - '35' Module(s) have been scanned

Scan process 'avcenter.exe' - '85' Module(s) have been scanned

Scan process 'avgnt.exe' - '57' Module(s) have been scanned

Scan process 'sched.exe' - '59' Module(s) have been scanned

Scan process 'avshadow.exe' - '41' Module(s) have been scanned

Scan process 'avguard.exe' - '70' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '53' Module(s) have been scanned

Scan process 'javaw.exe' - '60' Module(s) have been scanned

Scan process 'PurePlayPoker.exe' - '109' Module(s) have been scanned

Scan process 'ehmsas.exe' - '29' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '67' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '35' Module(s) have been scanned

Scan process 'ehtray.exe' - '34' Module(s) have been scanned

Scan process 'rundll32.exe' - '56' Module(s) have been scanned

Scan process 'jusched.exe' - '29' Module(s) have been scanned

Scan process 'wpcumi.exe' - '47' Module(s) have been scanned

Scan process 'Explorer.EXE' - '132' Module(s) have been scanned

Scan process 'Dwm.exe' - '37' Module(s) have been scanned

Scan process 'taskeng.exe' - '82' Module(s) have been scanned

Scan process 'SDWinSec.exe' - '51' Module(s) have been scanned

Scan process 'xaudio.exe' - '25' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '43' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '69' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'nvSCPAPISvr.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'taskeng.exe' - '53' Module(s) have been scanned

Scan process 'svchost.exe' - '66' Module(s) have been scanned

Scan process 'spoolsv.exe' - '95' Module(s) have been scanned

Scan process 'svchost.exe' - '94' Module(s) have been scanned

Scan process 'svchost.exe' - '86' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '48' Module(s) have been scanned

Scan process 'SLsvc.exe' - '29' Module(s) have been scanned

Scan process 'svchost.exe' - '43' Module(s) have been scanned

Scan process 'CTAudSvc.exe' - '32' Module(s) have been scanned

Scan process 'AUDIODG.EXE' - '51' Module(s) have been scanned

Scan process 'svchost.exe' - '149' Module(s) have been scanned

Scan process 'svchost.exe' - '81' Module(s) have been scanned

Scan process 'svchost.exe' - '70' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'lsm.exe' - '34' Module(s) have been scanned

Scan process 'lsass.exe' - '65' Module(s) have been scanned

Scan process 'services.exe' - '43' Module(s) have been scanned

Scan process 'winlogon.exe' - '38' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'wininit.exe' - '34' Module(s) have been scanned

Scan process 'csrss.exe' - '14' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1726' files ).

Starting the file scan:

Begin scan in 'C:\' <COMPAQ>

C:\GameTap\Games\aompuppeteer\player\CustomPlayer.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\GameTap\Games\aompuppeteer\player\Player.exe

[DETECTION] Is the TR/Spy.630908 Trojan

C:\GameTap\Games\avsuk\game\main.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\GameTap\Games\avsuk\game\main_safe.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

C:\hp\bin\Python\Lib\test\testtar.tar

[0] Archive type: TAR (tape archiver)

--> 0-REGTYPE-TEXT

[WARNING] Internal error!

[WARNING] Internal error!

C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar

[0] Archive type: TAR (tape archiver)

--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname

[WARNING] Internal error!

[WARNING] Internal error!

C:\ProgramData\GameTap Web Player\games\150009250\rollercoaster3deluxe\RCT3.EXE

[DETECTION] Is the TR/Spy.22140 Trojan

C:\ProgramData\GameTap Web Player\games\151000950\trackmaniaunitedforever\TmForeverLauncher.exe

[DETECTION] Is the TR/Spy.1647863 Trojan

C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6eada70a-47fc9f5c

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

--> bpac/a.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6486e391-53b4fe7e

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.DR exploit

--> GoogleCode.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.DR exploit

--> GoogleUploader.class

[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.AJ exploit

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6b2b9ddd-3a7efdda

[0] Archive type: ZIP

[DETECTION] Is the TR/Horse.CSU Trojan

--> quote/Gmerrews.class

[DETECTION] Is the TR/Horse.CSU Trojan

--> quote/GReader.class

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3c935363-37ba651d

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

--> bpac/a.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7f7653fb-2b16c964

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus

--> bpac/purok.class

[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7f1ee8c9-2806099a

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

--> bpac/a.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

Begin scan in 'D:\' <FACTORY_IMAGE>

Beginning disinfection:

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7f1ee8c9-2806099a

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

[NOTE] The file was moved to the quarantine directory under the name '4e9599eb.qua'.

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7f7653fb-2b16c964

[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AI Java virus

[NOTE] The file was moved to the quarantine directory under the name '5618b64c.qua'.

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3c935363-37ba651d

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

[NOTE] The file was moved to the quarantine directory under the name '0445ecd9.qua'.

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\6b2b9ddd-3a7efdda

[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit

[NOTE] The file was moved to the quarantine directory under the name '626ba31a.qua'.

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6486e391-53b4fe7e

[DETECTION] Contains recognition pattern of the EXP/CVE-2009-3867.AJ exploit

[NOTE] The file was moved to the quarantine directory under the name '27f58e16.qua'.

C:\Users\silvanamama\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6eada70a-47fc9f5c

[DETECTION] Contains recognition pattern of the JAVA/Agent.2212 Java virus

[NOTE] The file was moved to the quarantine directory under the name '5805bc46.qua'.

C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '14809070.qua'.

C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir

[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '6896d031.qua'.

C:\ProgramData\GameTap Web Player\games\151000950\trackmaniaunitedforever\TmForeverLauncher.exe

[DETECTION] Is the TR/Spy.1647863 Trojan

[NOTE] The file was moved to the quarantine directory under the name '451aff69.qua'.

C:\ProgramData\GameTap Web Player\games\150009250\rollercoaster3deluxe\RCT3.EXE

[DETECTION] Is the TR/Spy.22140 Trojan

[NOTE] The file was moved to the quarantine directory under the name '5c80c4aa.qua'.

C:\GameTap\Games\avsuk\game\main_safe.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '30f3e8b9.qua'.

C:\GameTap\Games\avsuk\game\main.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '414ad12c.qua'.

C:\GameTap\Games\aompuppeteer\player\Player.exe

[DETECTION] Is the TR/Spy.630908 Trojan

[NOTE] The file was moved to the quarantine directory under the name '4f68e19f.qua'.

C:\GameTap\Games\aompuppeteer\player\CustomPlayer.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to the quarantine directory under the name '0a7798c6.qua'.

End of the scan: Thursday, January 20, 2011 23:59

Used time: 3:08:12 Hour(s)

The scan has been done completely.

35087 Scanned directories

745165 Files were scanned

16 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

14 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

745149 Files not concerned

8533 Archives were scanned

4 Warnings

14 Notes

1079437 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites

Step 1

Please, uninstall the following applications:

  1. Uniblue RegistryBooster 2010
  2. Uniblue SpeedUpMyPC 3
  3. Uniblue System Tweaker

You can read, how to this here:

Step 2

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

In your next reply, please include these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

21:38:10:891 1840 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

21:38:10:891 1840 ================================================================================

21:38:10:891 1840 SystemInfo:

21:38:10:891 1840 OS Version: 6.0.6002 ServicePack: 2.0

21:38:10:891 1840 Product type: Workstation

21:38:10:891 1840 ComputerName: CHUMPSTARONE

21:38:10:891 1840 UserName: silvanamama

21:38:10:891 1840 Windows directory: C:\Windows

21:38:10:891 1840 Processor architecture: Intel x86

21:38:10:891 1840 Number of processors: 2

21:38:10:891 1840 Page size: 0x1000

21:38:10:891 1840 Boot type: Normal boot

21:38:10:891 1840 ================================================================================

21:38:10:907 1840 UnloadDriverW: NtUnloadDriver error 2

21:38:10:907 1840 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

21:38:23:028 1840 wfopen_ex: Trying to open file C:\Windows\system32\config\system

21:38:23:028 1840 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

21:38:23:028 1840 wfopen_ex: Trying to KLMD file open

21:38:23:028 1840 wfopen_ex: File opened ok (Flags 2)

21:38:23:059 1840 wfopen_ex: Trying to open file C:\Windows\system32\config\software

21:38:23:059 1840 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

21:38:23:059 1840 wfopen_ex: Trying to KLMD file open

21:38:23:059 1840 wfopen_ex: File opened ok (Flags 2)

21:38:23:059 1840 Initialize success

21:38:23:059 1840

21:38:23:059 1840 Scanning Services ...

21:38:23:792 1840 Raw services enum returned 433 services

21:38:23:808 1840

21:38:23:808 1840 Scanning Kernel memory ...

21:38:23:808 1840 Devices to scan: 1

21:38:23:808 1840

21:38:23:808 1840 Driver Name: atapi

21:38:23:808 1840 IRP_MJ_CREATE : 807B5140

21:38:23:808 1840 IRP_MJ_CREATE_NAMED_PIPE : 81C5C9D2

21:38:23:808 1840 IRP_MJ_CLOSE : 807B5140

21:38:23:808 1840 IRP_MJ_READ : 81C5C9D2

21:38:23:808 1840 IRP_MJ_WRITE : 81C5C9D2

21:38:23:808 1840 IRP_MJ_QUERY_INFORMATION : 81C5C9D2

21:38:23:808 1840 IRP_MJ_SET_INFORMATION : 81C5C9D2

21:38:23:808 1840 IRP_MJ_QUERY_EA : 81C5C9D2

21:38:23:808 1840 IRP_MJ_SET_EA : 81C5C9D2

21:38:23:808 1840 IRP_MJ_FLUSH_BUFFERS : 81C5C9D2

21:38:23:808 1840 IRP_MJ_QUERY_VOLUME_INFORMATION : 81C5C9D2

21:38:23:808 1840 IRP_MJ_SET_VOLUME_INFORMATION : 81C5C9D2

21:38:23:808 1840 IRP_MJ_DIRECTORY_CONTROL : 81C5C9D2

21:38:23:808 1840 IRP_MJ_FILE_SYSTEM_CONTROL : 81C5C9D2

21:38:23:808 1840 IRP_MJ_DEVICE_CONTROL : 807A3A5A

21:38:23:808 1840 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807A3A2C

21:38:23:808 1840 IRP_MJ_SHUTDOWN : 81C5C9D2

21:38:23:808 1840 IRP_MJ_LOCK_CONTROL : 81C5C9D2

21:38:23:808 1840 IRP_MJ_CLEANUP : 81C5C9D2

21:38:23:808 1840 IRP_MJ_CREATE_MAILSLOT : 81C5C9D2

21:38:23:808 1840 IRP_MJ_QUERY_SECURITY : 81C5C9D2

21:38:23:808 1840 IRP_MJ_SET_SECURITY : 81C5C9D2

21:38:23:808 1840 IRP_MJ_POWER : 807A3A88

21:38:23:808 1840 IRP_MJ_SYSTEM_CONTROL : 807B0B70

21:38:23:808 1840 IRP_MJ_DEVICE_CHANGE : 81C5C9D2

21:38:23:808 1840 IRP_MJ_QUERY_QUOTA : 81C5C9D2

21:38:23:808 1840 IRP_MJ_SET_QUOTA : 81C5C9D2

21:38:23:839 1840 C:\Windows\system32\drivers\atapi.sys - Verdict: 1

21:38:23:839 1840

21:38:23:839 1840 Completed

21:38:23:839 1840

21:38:23:839 1840 Results:

21:38:23:839 1840 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

21:38:23:839 1840 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

21:38:23:839 1840 File objects infected / cured / cured on reboot: 0 / 0 / 0

21:38:23:839 1840

21:38:23:839 1840 fclose_ex: Trying to close file C:\Windows\system32\config\system

21:38:23:839 1840 fclose_ex: Trying to close file C:\Windows\system32\config\software

21:38:23:995 1840 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

Oops.. accidentally selected an old one, disregard above, here is the correct scan it cured one file although at the top of the scan it says Jan 18th 9:33?? Was that the last time the program was updated or something?

2011/01/21 20:04:21.0320 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51

2011/01/21 20:04:21.0320 ================================================================================

2011/01/21 20:04:21.0320 SystemInfo:

2011/01/21 20:04:21.0320

2011/01/21 20:04:21.0320 OS Version: 6.0.6002 ServicePack: 2.0

2011/01/21 20:04:21.0320 Product type: Workstation

2011/01/21 20:04:21.0320 ComputerName: CHUMPSTARONE

2011/01/21 20:04:21.0321 UserName: silvanamama

2011/01/21 20:04:21.0321 Windows directory: C:\Windows

2011/01/21 20:04:21.0321 System windows directory: C:\Windows

2011/01/21 20:04:21.0321 Processor architecture: Intel x86

2011/01/21 20:04:21.0321 Number of processors: 2

2011/01/21 20:04:21.0321 Page size: 0x1000

2011/01/21 20:04:21.0321 Boot type: Normal boot

2011/01/21 20:04:21.0321 ================================================================================

2011/01/21 20:04:22.0463 Initialize success

2011/01/21 20:04:35.0795 ================================================================================

2011/01/21 20:04:35.0795 Scan started

2011/01/21 20:04:35.0795 Mode: Manual;

2011/01/21 20:04:35.0795 ================================================================================

2011/01/21 20:04:37.0633 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/01/21 20:04:37.0697 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/01/21 20:04:37.0833 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/01/21 20:04:37.0888 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/01/21 20:04:37.0967 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/01/21 20:04:38.0148 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2011/01/21 20:04:38.0256 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/01/21 20:04:38.0380 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/01/21 20:04:38.0461 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/01/21 20:04:38.0546 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/01/21 20:04:38.0655 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/01/21 20:04:38.0724 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/01/21 20:04:38.0821 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/01/21 20:04:39.0083 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/01/21 20:04:39.0205 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/01/21 20:04:39.0352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/01/21 20:04:39.0412 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/01/21 20:04:39.0453 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

2011/01/21 20:04:39.0636 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/01/21 20:04:39.0737 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/01/21 20:04:39.0805 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/01/21 20:04:39.0975 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/01/21 20:04:40.0079 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/01/21 20:04:40.0179 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/01/21 20:04:40.0282 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/01/21 20:04:40.0398 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/01/21 20:04:40.0438 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/01/21 20:04:40.0521 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/01/21 20:04:40.0633 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/01/21 20:04:40.0805 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/01/21 20:04:40.0905 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/01/21 20:04:41.0002 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/01/21 20:04:41.0192 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/01/21 20:04:41.0304 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/01/21 20:04:41.0370 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/01/21 20:04:41.0487 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/01/21 20:04:41.0580 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/01/21 20:04:41.0691 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2011/01/21 20:04:41.0757 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/01/21 20:04:41.0906 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/01/21 20:04:42.0051 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2011/01/21 20:04:42.0145 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/01/21 20:04:42.0245 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/01/21 20:04:42.0424 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/01/21 20:04:42.0563 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/01/21 20:04:42.0709 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/01/21 20:04:42.0800 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/01/21 20:04:42.0952 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/01/21 20:04:43.0072 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/01/21 20:04:43.0150 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/01/21 20:04:43.0299 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/01/21 20:04:43.0411 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/01/21 20:04:43.0495 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/01/21 20:04:43.0655 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/01/21 20:04:43.0762 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

2011/01/21 20:04:43.0933 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/01/21 20:04:43.0983 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/01/21 20:04:44.0069 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/01/21 20:04:44.0191 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/01/21 20:04:44.0293 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/01/21 20:04:44.0405 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys

2011/01/21 20:04:44.0563 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

2011/01/21 20:04:44.0669 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys

2011/01/21 20:04:44.0753 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/01/21 20:04:44.0835 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/01/21 20:04:45.0012 ialm (074c20f1bd3170ce34ff02c1e2424805) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/01/21 20:04:45.0159 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/01/21 20:04:45.0303 igfx (074c20f1bd3170ce34ff02c1e2424805) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/01/21 20:04:45.0399 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/01/21 20:04:45.0583 IntcAzAudAddService (aee99ecf06cd1cea95816ccb5bf73ec8) C:\Windows\system32\drivers\RTKVHDA.sys

2011/01/21 20:04:45.0787 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/01/21 20:04:45.0888 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/01/21 20:04:45.0953 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/01/21 20:04:46.0227 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/01/21 20:04:46.0304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/01/21 20:04:46.0413 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/01/21 20:04:46.0544 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/01/21 20:04:46.0630 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/01/21 20:04:46.0663 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/01/21 20:04:46.0787 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/01/21 20:04:46.0866 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/01/21 20:04:46.0939 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/01/21 20:04:47.0113 ksaud (d9180907288da17618d87030b579dc56) C:\Windows\system32\drivers\ksaud.sys

2011/01/21 20:04:47.0238 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/01/21 20:04:47.0417 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/01/21 20:04:47.0504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/01/21 20:04:47.0665 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/01/21 20:04:47.0705 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/01/21 20:04:47.0738 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/01/21 20:04:47.0829 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/01/21 20:04:47.0915 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/01/21 20:04:47.0995 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/01/21 20:04:48.0085 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/01/21 20:04:48.0190 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/01/21 20:04:48.0234 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/01/21 20:04:48.0308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/01/21 20:04:48.0447 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/01/21 20:04:48.0502 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/01/21 20:04:48.0596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/01/21 20:04:48.0729 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/01/21 20:04:48.0826 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/01/21 20:04:49.0005 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/01/21 20:04:49.0110 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/01/21 20:04:49.0266 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/01/21 20:04:49.0360 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/01/21 20:04:49.0432 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/01/21 20:04:49.0585 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/01/21 20:04:49.0627 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/01/21 20:04:49.0727 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/01/21 20:04:49.0870 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/01/21 20:04:49.0904 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/01/21 20:04:49.0966 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/01/21 20:04:50.0116 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/01/21 20:04:50.0168 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/01/21 20:04:50.0257 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/01/21 20:04:50.0372 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/01/21 20:04:50.0526 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/01/21 20:04:50.0591 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/01/21 20:04:50.0682 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/01/21 20:04:50.0823 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/01/21 20:04:50.0929 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/01/21 20:04:51.0014 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/01/21 20:04:51.0150 netbt (feefc4ebf364a5dc57f877f12e0ccd9e) C:\Windows\system32\DRIVERS\netbt.sys

2011/01/21 20:04:51.0152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: feefc4ebf364a5dc57f877f12e0ccd9e, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6

2011/01/21 20:04:51.0161 netbt - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/01/21 20:04:51.0262 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/01/21 20:04:51.0383 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/01/21 20:04:51.0490 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/01/21 20:04:51.0583 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/01/21 20:04:51.0704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/01/21 20:04:51.0853 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/01/21 20:04:52.0220 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/01/21 20:04:52.0541 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/01/21 20:04:52.0610 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/01/21 20:04:52.0658 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/01/21 20:04:52.0773 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/01/21 20:04:52.0866 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/01/21 20:04:52.0977 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/01/21 20:04:53.0125 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/01/21 20:04:53.0247 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/01/21 20:04:53.0300 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2011/01/21 20:04:53.0373 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/01/21 20:04:53.0468 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/01/21 20:04:53.0722 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/01/21 20:04:53.0812 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/01/21 20:04:53.0877 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/01/21 20:04:53.0966 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2011/01/21 20:04:54.0066 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/01/21 20:04:54.0216 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/01/21 20:04:54.0307 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/01/21 20:04:54.0379 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/01/21 20:04:54.0479 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/01/21 20:04:54.0641 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/01/21 20:04:54.0704 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/01/21 20:04:54.0794 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/01/21 20:04:54.0952 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/01/21 20:04:55.0006 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/01/21 20:04:55.0065 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/01/21 20:04:55.0125 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/01/21 20:04:55.0292 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/01/21 20:04:55.0383 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/01/21 20:04:55.0476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/01/21 20:04:55.0635 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/01/21 20:04:55.0721 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/01/21 20:04:55.0811 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/01/21 20:04:55.0947 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/01/21 20:04:56.0083 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2011/01/21 20:04:56.0204 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2011/01/21 20:04:56.0282 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2011/01/21 20:04:56.0329 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/01/21 20:04:56.0420 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/01/21 20:04:56.0565 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/01/21 20:04:56.0638 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/01/21 20:04:56.0749 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/01/21 20:04:56.0909 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/01/21 20:04:57.0019 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys

2011/01/21 20:04:57.0184 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

2011/01/21 20:04:57.0290 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys

2011/01/21 20:04:57.0452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/01/21 20:04:57.0570 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\Windows\system32\Drivers\StMp3Rec.sys

2011/01/21 20:04:57.0658 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/01/21 20:04:57.0717 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/01/21 20:04:57.0838 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/01/21 20:04:57.0922 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/01/21 20:04:58.0050 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys

2011/01/21 20:04:58.0196 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys

2011/01/21 20:04:58.0226 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys

2011/01/21 20:04:58.0330 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/01/21 20:04:58.0403 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/01/21 20:04:58.0513 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/01/21 20:04:58.0606 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/01/21 20:04:58.0716 truecrypt (0f36134bc7897ac0b038b64fa23c4df9) C:\Windows\system32\drivers\truecrypt.sys

2011/01/21 20:04:58.0919 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/01/21 20:04:58.0998 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/01/21 20:04:59.0147 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2011/01/21 20:04:59.0189 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/01/21 20:04:59.0282 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/01/21 20:04:59.0454 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/01/21 20:04:59.0542 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/01/21 20:04:59.0620 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/01/21 20:04:59.0772 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/01/21 20:04:59.0883 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/01/21 20:04:59.0986 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/01/21 20:05:00.0123 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2011/01/21 20:05:00.0202 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/01/21 20:05:00.0297 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/01/21 20:05:00.0445 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/01/21 20:05:00.0538 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/01/21 20:05:00.0622 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/01/21 20:05:00.0745 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/01/21 20:05:00.0828 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/01/21 20:05:00.0923 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/01/21 20:05:01.0074 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/01/21 20:05:01.0202 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/01/21 20:05:01.0327 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/01/21 20:05:01.0373 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/01/21 20:05:01.0412 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/01/21 20:05:01.0449 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/01/21 20:05:01.0539 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/01/21 20:05:01.0695 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/01/21 20:05:01.0793 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/01/21 20:05:01.0859 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/01/21 20:05:02.0004 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/01/21 20:05:02.0094 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/21 20:05:02.0141 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/01/21 20:05:02.0204 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/01/21 20:05:02.0246 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/01/21 20:05:02.0451 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/01/21 20:05:02.0609 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/01/21 20:05:02.0736 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/01/21 20:05:02.0878 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/01/21 20:05:02.0999 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/01/21 20:05:03.0139 X4HSX32 (72e8f37e00dcbd7432c7824570a3a7aa) C:\Program Files\GameTap Web Player\bin\release\X4HSX32.Sys

2011/01/21 20:05:03.0262 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

2011/01/21 20:05:05.0256 ================================================================================

2011/01/21 20:05:05.0256 Scan finished

2011/01/21 20:05:05.0256 ================================================================================

2011/01/21 20:05:05.0274 Detected object count: 1

2011/01/21 20:05:19.0802 netbt (feefc4ebf364a5dc57f877f12e0ccd9e) C:\Windows\system32\DRIVERS\netbt.sys

2011/01/21 20:05:19.0805 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: feefc4ebf364a5dc57f877f12e0ccd9e, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6

2011/01/21 20:05:20.0239 Backup copy found, using it..

2011/01/21 20:05:20.0310 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot

2011/01/21 20:05:20.0310 Rootkit.Win32.TDSS.tdl3(netbt) - User select action: Cure

2011/01/21 20:05:32.0003 Deinitialize success

Link to post
Share on other sites

Thanks!

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Good!

I want to see your log from MBAM and then we're ready.

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5154

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

1/26/2011 9:14:55 PM

mbam-log-2011-01-26 (21-14-55).txt

Scan type: Quick scan

Objects scanned: 157200

Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You're good to go! :blink:

Last steps:

Step 1

  1. Go to Start => Run... and copy & paste next command in the field:
    ComboFix /uninstall


  2. Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Step 2

Please uninstall HiJackThis.

Step 3

Please manually delete DDS and TDSSKiller.

Step 4

Keep your software up-to-date:

http://www.bleepingcomputer.com/tutorials/tutorial174.html

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing! ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.