Jump to content

Quickfingers26

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Update- everything seems to be working perfectly. Got PC Tools Firewall and zero sign of any malware or viruses. Can't thank you enough MrC!
  2. Yes, my name is John. And thank you very, very much for all of your help with this process! Ok uninstalled ComboFix. Ran OTL and did the cleanup. I'm gonna install the firewall now.
  3. Ok freshest TDSS came up clean. And no Google redirects. What's next? Download a firewall or more scans?
  4. Freshest TDSS found another 1. Rebooting for fix. Then I will download another fresh TDSS and rescan. 2011/03/19 19:00:11.0093 0564 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/19 19:00:11.0343 0564 ================================================================================ 2011/03/19 19:00:11.0343 0564 SystemInfo: 2011/03/19 19:00:11.0343 0564 2011/03/19 19:00:11.0343 0564 OS Version: 5.1.2600 ServicePack: 2.0 2011/03/19 19:00:11.0343 0564 Product type: Workstation 2011/03/19 19:00:11.0343 0564 ComputerName: YOUR-4DACD0EA75 2011/03/19 19:00:11.0343 0564 UserName: HP_Administrator 2011/03/19 19:00:11.0343 0564 Windows directory: C:\WINDOWS 2011/03/19 19:00:11.0343 0564 System windows directory: C:\WINDOWS 2011/03/19 19:00:11.0343 0564 Processor architecture: Intel x86 2011/03/19 19:00:11.0343 0564 Number of processors: 2 2011/03/19 19:00:11.0343 0564 Page size: 0x1000 2011/03/19 19:00:11.0343 0564 Boot type: Normal boot 2011/03/19 19:00:11.0343 0564 ================================================================================ 2011/03/19 19:00:11.0718 0564 Initialize success 2011/03/19 19:00:12.0828 2716 ================================================================================ 2011/03/19 19:00:12.0828 2716 Scan started 2011/03/19 19:00:12.0828 2716 Mode: Manual; 2011/03/19 19:00:12.0828 2716 ================================================================================ 2011/03/19 19:00:14.0406 2716 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/19 19:00:14.0468 2716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/19 19:00:14.0546 2716 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/03/19 19:00:14.0593 2716 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/03/19 19:00:14.0718 2716 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/03/19 19:00:14.0781 2716 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 2011/03/19 19:00:14.0812 2716 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 2011/03/19 19:00:14.0843 2716 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 2011/03/19 19:00:14.0859 2716 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 2011/03/19 19:00:14.0875 2716 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/19 19:00:14.0906 2716 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 2011/03/19 19:00:14.0984 2716 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/19 19:00:15.0000 2716 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/19 19:00:15.0046 2716 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/19 19:00:15.0062 2716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/19 19:00:15.0078 2716 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys 2011/03/19 19:00:15.0109 2716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/19 19:00:15.0265 2716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/19 19:00:15.0312 2716 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/19 19:00:15.0359 2716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/19 19:00:15.0375 2716 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/19 19:00:15.0421 2716 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/19 19:00:15.0546 2716 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/19 19:00:15.0640 2716 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/19 19:00:15.0796 2716 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/19 19:00:15.0812 2716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/19 19:00:15.0843 2716 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/19 19:00:15.0875 2716 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/19 19:00:15.0921 2716 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/19 19:00:15.0953 2716 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2011/03/19 19:00:15.0984 2716 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/19 19:00:16.0015 2716 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/19 19:00:16.0031 2716 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/03/19 19:00:16.0046 2716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/19 19:00:16.0078 2716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/19 19:00:16.0109 2716 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 2011/03/19 19:00:16.0156 2716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/03/19 19:00:16.0187 2716 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/19 19:00:16.0218 2716 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/03/19 19:00:16.0312 2716 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/19 19:00:16.0359 2716 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 2011/03/19 19:00:16.0406 2716 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 2011/03/19 19:00:16.0500 2716 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/19 19:00:16.0593 2716 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/19 19:00:16.0625 2716 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/03/19 19:00:16.0671 2716 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/19 19:00:17.0000 2716 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/03/19 19:00:17.0031 2716 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/19 19:00:17.0078 2716 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/03/19 19:00:17.0093 2716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/19 19:00:17.0109 2716 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/19 19:00:17.0156 2716 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/19 19:00:17.0171 2716 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/19 19:00:17.0187 2716 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/19 19:00:17.0218 2716 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/19 19:00:17.0296 2716 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/19 19:00:17.0343 2716 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/19 19:00:17.0375 2716 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/19 19:00:17.0484 2716 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/03/19 19:00:17.0515 2716 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/03/19 19:00:17.0531 2716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/19 19:00:17.0562 2716 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/19 19:00:17.0578 2716 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/19 19:00:17.0640 2716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/19 19:00:17.0656 2716 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/19 19:00:17.0703 2716 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/19 19:00:17.0750 2716 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/19 19:00:17.0781 2716 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/19 19:00:17.0828 2716 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/19 19:00:17.0843 2716 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/19 19:00:17.0875 2716 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/19 19:00:18.0015 2716 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/19 19:00:18.0078 2716 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/19 19:00:18.0078 2716 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/19 19:00:18.0125 2716 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/19 19:00:18.0343 2716 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100609.003\NAVENG.Sys 2011/03/19 19:00:18.0421 2716 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100609.003\NavEx15.Sys 2011/03/19 19:00:18.0484 2716 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/19 19:00:18.0546 2716 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/19 19:00:18.0578 2716 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/19 19:00:18.0625 2716 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/19 19:00:18.0640 2716 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/19 19:00:18.0656 2716 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/19 19:00:18.0703 2716 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\drivers\tsk2B.tmp 2011/03/19 19:00:18.0921 2716 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/19 19:00:19.0015 2716 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/19 19:00:19.0031 2716 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/19 19:00:19.0078 2716 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/19 19:00:19.0125 2716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/19 19:00:19.0359 2716 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/19 19:00:19.0546 2716 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/03/19 19:00:19.0578 2716 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/03/19 19:00:19.0640 2716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/19 19:00:19.0671 2716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/19 19:00:19.0718 2716 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/19 19:00:19.0750 2716 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/19 19:00:19.0765 2716 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/19 19:00:19.0812 2716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/19 19:00:19.0843 2716 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/19 19:00:19.0875 2716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/19 19:00:19.0921 2716 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/19 19:00:20.0140 2716 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 2011/03/19 19:00:20.0203 2716 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/19 19:00:20.0218 2716 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/03/19 19:00:20.0296 2716 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/03/19 19:00:20.0312 2716 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/19 19:00:20.0328 2716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/19 19:00:20.0343 2716 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/19 19:00:20.0468 2716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/19 19:00:20.0546 2716 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/19 19:00:20.0625 2716 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/19 19:00:20.0640 2716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/19 19:00:20.0671 2716 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/19 19:00:20.0703 2716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/19 19:00:20.0750 2716 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/19 19:00:20.0796 2716 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/19 19:00:20.0843 2716 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/19 19:00:21.0015 2716 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/03/19 19:00:21.0125 2716 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/03/19 19:00:21.0125 2716 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/03/19 19:00:21.0187 2716 SAVRT (21ba125b956a513f85f6ab1dd603f917) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 2011/03/19 19:00:21.0218 2716 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 2011/03/19 19:00:21.0265 2716 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys 2011/03/19 19:00:21.0312 2716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/19 19:00:21.0375 2716 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 2011/03/19 19:00:21.0406 2716 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/19 19:00:21.0453 2716 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/19 19:00:21.0546 2716 SPBBCDrv (16aa4657806e3ea423d7e9286e763016) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2011/03/19 19:00:21.0609 2716 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/19 19:00:21.0640 2716 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/19 19:00:21.0687 2716 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/19 19:00:21.0765 2716 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/19 19:00:21.0796 2716 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/19 19:00:21.0828 2716 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/19 19:00:22.0031 2716 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS 2011/03/19 19:00:22.0203 2716 SYMIDSCO (d65255d470cd5103cce573cd7b5a88d2) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100604.001\symidsco.sys 2011/03/19 19:00:22.0250 2716 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/03/19 19:00:22.0296 2716 SYMREDRV (47e42785075c21e3bce904e0793da471) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2011/03/19 19:00:22.0343 2716 SYMTDI (99b9bfdca81ea66a6a346ce9d4f56703) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2011/03/19 19:00:22.0437 2716 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/19 19:00:22.0484 2716 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/19 19:00:22.0531 2716 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/19 19:00:22.0562 2716 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/19 19:00:22.0609 2716 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/19 19:00:22.0671 2716 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/19 19:00:22.0734 2716 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/19 19:00:22.0781 2716 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/19 19:00:22.0859 2716 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/03/19 19:00:22.0937 2716 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/19 19:00:22.0953 2716 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/19 19:00:23.0015 2716 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\drivers\tsk9.tmp 2011/03/19 19:00:23.0046 2716 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/19 19:00:23.0078 2716 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/19 19:00:23.0093 2716 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/19 19:00:23.0109 2716 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/19 19:00:23.0156 2716 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/19 19:00:23.0203 2716 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/03/19 19:00:23.0281 2716 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/19 19:00:23.0359 2716 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/19 19:00:23.0390 2716 Wanarp (4af3e6c6a234c1eb68d846da40c257db) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/19 19:00:23.0390 2716 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\wanarp.sys. Real md5: 4af3e6c6a234c1eb68d846da40c257db, Fake md5: 984ef0b9788abf89974cfed4bfbaacbc 2011/03/19 19:00:23.0390 2716 Wanarp - detected Rootkit.Win32.ZAccess.c (0) 2011/03/19 19:00:23.0468 2716 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/19 19:00:23.0500 2716 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 2011/03/19 19:00:23.0593 2716 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/19 19:00:23.0671 2716 ================================================================================ 2011/03/19 19:00:23.0671 2716 Scan finished 2011/03/19 19:00:23.0671 2716 ================================================================================ 2011/03/19 19:00:23.0687 1432 Detected object count: 1 2011/03/19 19:00:29.0250 1432 Wanarp (4af3e6c6a234c1eb68d846da40c257db) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/19 19:00:29.0250 1432 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\wanarp.sys. Real md5: 4af3e6c6a234c1eb68d846da40c257db, Fake md5: 984ef0b9788abf89974cfed4bfbaacbc 2011/03/19 19:00:31.0562 1432 Backup copy found, using it.. 2011/03/19 19:00:31.0562 1432 C:\WINDOWS\system32\DRIVERS\wanarp.sys - will be cured after reboot 2011/03/19 19:00:31.0562 1432 Rootkit.Win32.ZAccess.c(Wanarp) - User select action: Cure
  5. I am using a router. Here's the fress TDSSKiller log. 2011/03/19 18:45:57.0078 2520 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/19 18:45:57.0343 2520 ================================================================================ 2011/03/19 18:45:57.0343 2520 SystemInfo: 2011/03/19 18:45:57.0343 2520 2011/03/19 18:45:57.0343 2520 OS Version: 5.1.2600 ServicePack: 2.0 2011/03/19 18:45:57.0343 2520 Product type: Workstation 2011/03/19 18:45:57.0343 2520 ComputerName: YOUR-4DACD0EA75 2011/03/19 18:45:57.0343 2520 UserName: HP_Administrator 2011/03/19 18:45:57.0343 2520 Windows directory: C:\WINDOWS 2011/03/19 18:45:57.0343 2520 System windows directory: C:\WINDOWS 2011/03/19 18:45:57.0343 2520 Processor architecture: Intel x86 2011/03/19 18:45:57.0343 2520 Number of processors: 2 2011/03/19 18:45:57.0343 2520 Page size: 0x1000 2011/03/19 18:45:57.0343 2520 Boot type: Normal boot 2011/03/19 18:45:57.0343 2520 ================================================================================ 2011/03/19 18:45:57.0687 2520 Initialize success 2011/03/19 18:45:59.0140 2156 ================================================================================ 2011/03/19 18:45:59.0140 2156 Scan started 2011/03/19 18:45:59.0140 2156 Mode: Manual; 2011/03/19 18:45:59.0140 2156 ================================================================================ 2011/03/19 18:46:01.0046 2156 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/19 18:46:01.0078 2156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/19 18:46:01.0140 2156 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/03/19 18:46:01.0187 2156 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2011/03/19 18:46:01.0343 2156 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/03/19 18:46:01.0421 2156 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys 2011/03/19 18:46:01.0468 2156 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 2011/03/19 18:46:01.0500 2156 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 2011/03/19 18:46:01.0546 2156 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 2011/03/19 18:46:01.0562 2156 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/19 18:46:01.0578 2156 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys 2011/03/19 18:46:01.0656 2156 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/19 18:46:01.0671 2156 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/19 18:46:01.0703 2156 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/19 18:46:01.0734 2156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/19 18:46:01.0750 2156 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys 2011/03/19 18:46:01.0781 2156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/19 18:46:01.0937 2156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/19 18:46:01.0968 2156 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/19 18:46:02.0046 2156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/19 18:46:02.0062 2156 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/19 18:46:02.0093 2156 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/19 18:46:02.0218 2156 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/19 18:46:02.0281 2156 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/19 18:46:02.0421 2156 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/19 18:46:02.0453 2156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/19 18:46:02.0468 2156 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/19 18:46:02.0500 2156 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/19 18:46:02.0562 2156 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/19 18:46:02.0593 2156 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2011/03/19 18:46:02.0609 2156 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/19 18:46:02.0640 2156 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/19 18:46:02.0656 2156 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/03/19 18:46:02.0671 2156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/19 18:46:02.0703 2156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/19 18:46:02.0734 2156 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys 2011/03/19 18:46:02.0765 2156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/03/19 18:46:02.0812 2156 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/19 18:46:02.0859 2156 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/03/19 18:46:02.0937 2156 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/19 18:46:03.0000 2156 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 2011/03/19 18:46:03.0031 2156 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 2011/03/19 18:46:03.0078 2156 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/19 18:46:03.0156 2156 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/19 18:46:03.0203 2156 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2011/03/19 18:46:03.0359 2156 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/19 18:46:03.0625 2156 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/03/19 18:46:03.0687 2156 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/19 18:46:03.0765 2156 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/03/19 18:46:03.0781 2156 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/19 18:46:03.0796 2156 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/19 18:46:03.0828 2156 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/19 18:46:03.0859 2156 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/19 18:46:03.0875 2156 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/19 18:46:03.0890 2156 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/19 18:46:03.0953 2156 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/19 18:46:04.0000 2156 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/19 18:46:04.0031 2156 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/19 18:46:04.0125 2156 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/03/19 18:46:04.0171 2156 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/03/19 18:46:04.0171 2156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/19 18:46:04.0218 2156 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/19 18:46:04.0234 2156 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/19 18:46:04.0312 2156 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/19 18:46:04.0328 2156 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/19 18:46:04.0406 2156 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/19 18:46:04.0453 2156 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/19 18:46:04.0609 2156 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/19 18:46:04.0656 2156 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/19 18:46:04.0703 2156 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/19 18:46:04.0750 2156 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/19 18:46:04.0781 2156 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/19 18:46:04.0843 2156 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/19 18:46:04.0859 2156 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/19 18:46:04.0906 2156 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/19 18:46:05.0109 2156 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100609.003\NAVENG.Sys 2011/03/19 18:46:05.0218 2156 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100609.003\NavEx15.Sys 2011/03/19 18:46:05.0312 2156 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/19 18:46:05.0359 2156 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/19 18:46:05.0390 2156 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/19 18:46:05.0468 2156 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/19 18:46:05.0484 2156 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/19 18:46:05.0500 2156 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/19 18:46:05.0515 2156 NetBIOS (fc8eb72e5623f9377c2d7a064d8ab5aa) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/19 18:46:05.0515 2156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbios.sys. Real md5: fc8eb72e5623f9377c2d7a064d8ab5aa, Fake md5: 3a2aca8fc1d7786902ca434998d7ceb4 2011/03/19 18:46:05.0515 2156 NetBIOS - detected Rootkit.Win32.ZAccess.c (0) 2011/03/19 18:46:05.0593 2156 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/19 18:46:05.0656 2156 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/19 18:46:05.0671 2156 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/19 18:46:05.0734 2156 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/19 18:46:05.0781 2156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/19 18:46:06.0140 2156 nv (23b95a09677e62ec8d1641ecf39b9bfb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/19 18:46:06.0187 2156 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/03/19 18:46:06.0218 2156 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/03/19 18:46:06.0265 2156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/19 18:46:06.0312 2156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/19 18:46:06.0343 2156 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/19 18:46:06.0406 2156 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/19 18:46:06.0593 2156 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/19 18:46:06.0796 2156 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/19 18:46:07.0000 2156 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/19 18:46:07.0031 2156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/19 18:46:07.0078 2156 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/19 18:46:07.0312 2156 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 2011/03/19 18:46:07.0375 2156 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/19 18:46:07.0390 2156 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/03/19 18:46:07.0453 2156 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys 2011/03/19 18:46:07.0468 2156 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/19 18:46:07.0484 2156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/19 18:46:07.0500 2156 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/19 18:46:07.0609 2156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/19 18:46:07.0640 2156 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/19 18:46:07.0671 2156 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/19 18:46:07.0703 2156 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/19 18:46:07.0734 2156 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/19 18:46:07.0781 2156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/19 18:46:07.0812 2156 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/19 18:46:07.0984 2156 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/19 18:46:08.0031 2156 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/19 18:46:08.0093 2156 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/03/19 18:46:08.0203 2156 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/03/19 18:46:08.0218 2156 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/03/19 18:46:08.0281 2156 SAVRT (21ba125b956a513f85f6ab1dd603f917) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 2011/03/19 18:46:08.0343 2156 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS 2011/03/19 18:46:08.0421 2156 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys 2011/03/19 18:46:08.0484 2156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/19 18:46:08.0546 2156 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 2011/03/19 18:46:08.0593 2156 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/19 18:46:08.0687 2156 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/19 18:46:08.0796 2156 SPBBCDrv (16aa4657806e3ea423d7e9286e763016) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2011/03/19 18:46:08.0859 2156 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/19 18:46:08.0906 2156 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/19 18:46:09.0093 2156 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/19 18:46:09.0171 2156 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/03/19 18:46:09.0203 2156 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/19 18:46:09.0250 2156 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/19 18:46:09.0390 2156 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS 2011/03/19 18:46:09.0578 2156 SYMIDSCO (d65255d470cd5103cce573cd7b5a88d2) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100604.001\symidsco.sys 2011/03/19 18:46:09.0656 2156 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys 2011/03/19 18:46:09.0703 2156 SYMREDRV (47e42785075c21e3bce904e0793da471) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2011/03/19 18:46:09.0765 2156 SYMTDI (99b9bfdca81ea66a6a346ce9d4f56703) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2011/03/19 18:46:09.0828 2156 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/19 18:46:09.0906 2156 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/19 18:46:09.0953 2156 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/19 18:46:09.0984 2156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/19 18:46:10.0015 2156 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/19 18:46:10.0125 2156 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/19 18:46:10.0187 2156 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/19 18:46:10.0234 2156 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/19 18:46:10.0312 2156 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/03/19 18:46:10.0500 2156 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/19 18:46:10.0562 2156 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/19 18:46:10.0625 2156 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\drivers\tsk9.tmp 2011/03/19 18:46:10.0687 2156 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/03/19 18:46:10.0750 2156 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/19 18:46:10.0796 2156 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/19 18:46:10.0812 2156 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/19 18:46:10.0843 2156 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/19 18:46:10.0921 2156 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/03/19 18:46:10.0937 2156 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/19 18:46:10.0968 2156 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/19 18:46:11.0015 2156 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/19 18:46:11.0078 2156 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/19 18:46:11.0140 2156 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 2011/03/19 18:46:11.0265 2156 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/03/19 18:46:11.0390 2156 ================================================================================ 2011/03/19 18:46:11.0390 2156 Scan finished 2011/03/19 18:46:11.0390 2156 ================================================================================ 2011/03/19 18:46:11.0406 3176 Detected object count: 1 2011/03/19 18:46:15.0046 3176 NetBIOS (fc8eb72e5623f9377c2d7a064d8ab5aa) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/19 18:46:15.0046 3176 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbios.sys. Real md5: fc8eb72e5623f9377c2d7a064d8ab5aa, Fake md5: 3a2aca8fc1d7786902ca434998d7ceb4 2011/03/19 18:46:16.0093 3176 Backup copy found, using it.. 2011/03/19 18:46:16.0125 3176 C:\WINDOWS\system32\DRIVERS\netbios.sys - will be cured after reboot 2011/03/19 18:46:16.0125 3176 Rootkit.Win32.ZAccess.c(NetBIOS) - User select action: Cure 2011/03/19 18:46:23.0734 0124 Deinitialize success
  6. Well crud. MBAM says everything is cool. But when I tried to get to a common webpage like Facebook from Google I was redirected. So something is still lurking. Here's the latest log. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6108 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 3/19/2011 6:34:35 PM mbam-log-2011-03-19 (18-34-35).txt Scan type: Quick scan Objects scanned: 193974 Time elapsed: 21 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. Good news. All programs seem to be functioning fine. I'm rerunning MBAM scan. Will post the log when it finishes.
  8. Interesting... MBAM already found 4 more infections. Grrr. Rebooting. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6108 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 3/19/2011 6:03:21 PM mbam-log-2011-03-19 (18-03-21).txt Scan type: Quick scan Objects scanned: 193473 Time elapsed: 22 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\WinSxS\x86_microsoft.windows.shell.hweventdetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully.
  9. Ok running Malwarebyes (its updated) from normal mode. Assuming I still have no viruses, I'm going to then reboot and make sure everything is still functioning (such as exe files and the Control Panel). If everything is still cool... then I think I will just need to add that firewall and hopefully I'll be set.
  10. Found a fix! Downloaded a file from http://windowsxp.mvps.org/exefile.htm and that seems to have worked!
  11. Just did that in Safe Mode (w/ Networking). Was able to merge it into the registry with no problem. But in normal mode, nothing appears to have changed. Can't run an exe file or use anything in the Control Panel.
  12. I think it's exe files. And all of these issues are when my pc is in "normal mode". When in Safe Mode w/ Networking, everything appears to be fine.
  13. Ok added that to the registry but still getting the Which Program list.
  14. Can't download anything it seems. I get the same "Which Program Do You Want To Use to Open This File" when I went to download the firwall.
  15. Hmmm. A bit of a problem. My WinZip is one of the missing programs. And when I went to download a new one, I got a "Choose the Program You Want to Use to Open this File with List". That can't be good.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.