-
Sorry that is my fault. No need to run as Admin as you're running XP. Thought it was Vista.
Either way now that you've posted I would prefer you run this tool.
Download MBRCheck.exe to your desktop
Double click on MBRCheck.exe to run it
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)
Post the results in your reply
-
MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
Done! Press ENTER to exit...
-
Okay that is clean.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
- Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
- If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
- When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
-
09:38:44:890 3792 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:38:44:890 3792 ================================================================================
09:38:44:890 3792 SystemInfo:
09:38:44:890 3792 OS Version: 5.1.2600 ServicePack: 3.0
09:38:44:890 3792 Product type: Workstation
09:38:44:890 3792 ComputerName: OPTIPLEX
09:38:44:890 3792 UserName: Jonathan
09:38:44:890 3792 Windows directory: C:\WINDOWS
09:38:44:890 3792 System windows directory: C:\WINDOWS
09:38:44:890 3792 Processor architecture: Intel x86
09:38:44:890 3792 Number of processors: 2
09:38:44:890 3792 Page size: 0x1000
09:38:44:906 3792 Boot type: Normal boot
09:38:44:906 3792 ================================================================================
09:38:45:328 3792 Initialize success
09:38:45:328 3792
09:38:45:328 3792 Scanning Services ...
09:38:47:234 3792 Raw services enum returned 403 services
09:38:47:843 3792
09:38:47:859 3792 Scanning Drivers ...
09:38:50:312 3792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:38:50:453 3792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:50:546 3792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:38:50:671 3792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:38:50:906 3792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:51:015 3792 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:38:51:218 3792 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:38:51:406 3792 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:38:51:734 3792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:38:51:812 3792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:38:51:875 3792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:38:51:937 3792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:38:52:000 3792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:38:52:078 3792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:38:52:156 3792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:38:52:234 3792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:38:52:296 3792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:38:52:468 3792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:38:52:500 3792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:38:52:656 3792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:38:52:875 3792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:52:953 3792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:53:125 3792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:53:156 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:53:171 3792 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:38:53:187 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:53:234 3792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:38:53:234 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:53:265 3792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:38:53:296 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:53:359 3792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:53:390 3792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:53:421 3792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:38:53:437 3792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:38:53:484 3792 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:38:53:625 3792 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:38:53:812 3792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:38:53:843 3792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:38:53:906 3792 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:38:53:937 3792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:54:046 3792 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:38:54:078 3792 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:38:54:109 3792 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:38:54:125 3792 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:38:54:140 3792 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:38:54:156 3792 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:38:54:171 3792 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:38:54:187 3792 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:38:54:203 3792 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:38:54:281 3792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:38:54:312 3792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:38:54:328 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:38:54:343 3792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:38:54:484 3792 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:38:54:546 3792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:38:54:687 3792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:38:54:765 3792 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:38:55:062 3792 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:38:55:593 3792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:38:56:281 3792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:38:56:593 3792 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:38:56:921 3792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:38:57:062 3792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:38:57:265 3792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:38:57:406 3792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:38:57:500 3792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:38:57:515 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:38:57:578 3792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:38:57:687 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:38:57:984 3792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:38:58:109 3792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:38:58:203 3792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:38:58:359 3792 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:38:58:750 3792 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:38:59:140 3792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:38:59:234 3792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:38:59:265 3792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:38:59:296 3792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:38:59:359 3792 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
09:38:59:875 3792 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:38:59:953 3792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:00:031 3792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:39:00:078 3792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:39:00:234 3792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:00:375 3792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:39:00:734 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:00:890 3792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:00:984 3792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:01:046 3792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:01:187 3792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:01:250 3792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:01:484 3792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:01:750 3792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:39:02:031 3792 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:39:02:312 3792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:39:02:421 3792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:02:531 3792 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
09:39:02:609 3792 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:39:02:640 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:02:718 3792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:39:03:046 3792 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:39:03:234 3792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:03:406 3792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:03:500 3792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:03:640 3792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:39:04:031 3792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:04:531 3792 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:39:04:890 3792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:39:04:984 3792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:05:078 3792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:05:281 3792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:05:484 3792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:05:625 3792 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:39:06:015 3792 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\naveng.sys
09:39:06:453 3792 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\navex15.sys
09:39:06:578 3792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:39:06:593 3792 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:06:609 3792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:06:640 3792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:06:859 3792 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:07:281 3792 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
09:39:07:421 3792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:07:562 3792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
-
09:35:34:562 6016 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:35:34:562 6016 ================================================================================
09:35:34:562 6016 SystemInfo:
09:35:34:562 6016 OS Version: 5.1.2600 ServicePack: 3.0
09:35:34:562 6016 Product type: Workstation
09:35:34:562 6016 ComputerName: OPTIPLEX
09:35:34:578 6016 UserName: Jonathan
09:35:34:578 6016 Windows directory: C:\WINDOWS
09:35:34:578 6016 System windows directory: C:\WINDOWS
09:35:34:578 6016 Processor architecture: Intel x86
09:35:34:578 6016 Number of processors: 2
09:35:34:578 6016 Page size: 0x1000
09:35:34:578 6016 Boot type: Normal boot
09:35:34:578 6016 ================================================================================
09:35:35:203 6016 Initialize success
09:35:35:203 6016
09:35:35:203 6016 Scanning Services ...
09:35:35:843 6016 Raw services enum returned 403 services
09:35:35:859 6016
09:35:35:859 6016 Scanning Drivers ...
09:35:37:125 6016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:35:37:187 6016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:35:37:234 6016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:35:37:281 6016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:35:37:328 6016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:35:37:390 6016 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:35:37:468 6016 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:35:37:500 6016 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:35:37:562 6016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:35:37:593 6016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:35:37:625 6016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:35:37:656 6016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:35:37:687 6016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:35:37:718 6016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:35:37:750 6016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:35:37:796 6016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:35:37:890 6016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:35:37:937 6016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:35:37:953 6016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:35:37:968 6016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:35:38:031 6016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:35:38:062 6016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:35:38:093 6016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:35:38:140 6016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:35:38:156 6016 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:35:38:187 6016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:35:38:203 6016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:35:38:218 6016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:35:38:250 6016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:35:38:296 6016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:35:38:343 6016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:35:38:359 6016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:35:38:390 6016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:35:38:406 6016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:35:38:468 6016 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:35:38:546 6016 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:35:38:562 6016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:35:38:609 6016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:35:38:687 6016 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:35:38:718 6016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:35:38:781 6016 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:35:38:812 6016 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:35:38:843 6016 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:35:38:859 6016 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:35:38:890 6016 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:35:38:906 6016 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:35:38:921 6016 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:35:38:953 6016 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:35:38:984 6016 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:35:39:093 6016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:35:39:125 6016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:35:39:140 6016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:35:39:171 6016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:35:39:234 6016 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:35:39:281 6016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:35:39:328 6016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:35:39:343 6016 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:35:39:375 6016 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:35:39:406 6016 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:35:39:593 6016 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:35:39:625 6016 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:35:39:687 6016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:35:39:718 6016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:35:39:781 6016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:35:39:812 6016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:35:39:828 6016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:35:39:843 6016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:35:39:875 6016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:35:39:937 6016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:35:39:984 6016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:35:40:000 6016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:35:40:015 6016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:35:40:078 6016 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:35:40:281 6016 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:35:40:359 6016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:35:40:468 6016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:35:40:500 6016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:35:40:562 6016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:35:40:593 6016 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
09:35:40:671 6016 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:35:40:718 6016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:35:40:750 6016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:35:41:125 6016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:35:41:281 6016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:35:41:296 6016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:35:41:359 6016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:35:41:390 6016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:35:41:421 6016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:35:41:437 6016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:35:41:468 6016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:35:41:484 6016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:35:41:515 6016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:35:41:531 6016 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:35:41:578 6016 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:35:41:625 6016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:35:41:656 6016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:35:41:703 6016 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
09:35:41:734 6016 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:35:41:796 6016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:35:41:828 6016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:35:41:843 6016 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:35:41:875 6016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:35:41:937 6016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:35:41:953 6016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:35:42:000 6016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:35:42:031 6016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:35:42:140 6016 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:35:42:156 6016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:35:42:234 6016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:35:42:250 6016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:35:42:281 6016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:35:42:312 6016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:35:42:328 6016 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:35:42:578 6016 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\naveng.sys
09:35:42:625 6016 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\navex15.sys
09:35:42:687 6016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:35:42:734 6016 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:35:42:750 6016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:35:42:781 6016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:35:42:859 6016 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:35:42:921 6016 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
09:35:42:953 6016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:35:42:984 6016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:35:43:031 6016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:35:43:078 6016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:35:43:125 6016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:35:43:218 6016 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:35:43:265 6016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:35:43:281 6016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:35:43:359 6016 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
09:35:43:437 6016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:35:43:453 6016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:35:43:484 6016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:35:43:515 6016 PCI (afa774202672eb4dc593355e290ebe5e) C:\WINDOWS\system32\DRIVERS\pci.sys
09:35:43:515 6016 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: afa774202672eb4dc593355e290ebe5e, Fake md5: a219903ccf74233761d92bef471a07b1
09:35:43:515 6016 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 09:35:44:796 6016 Backup copy found, using it..
09:35:45:093 6016 will be cured on next reboot
09:35:45:328 6016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:35:45:375 6016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:35:45:468 6016 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
09:35:45:531 6016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:35:45:546 6016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:35:45:625 6016 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
09:35:45:687 6016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:35:45:703 6016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:35:45:734 6016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:35:45:796 6016 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:35:45:828 6016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:35:45:843 6016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:35:45:890 6016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:35:45:906 6016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:35:45:937 6016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:35:45:984 6016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:35:46:015 6016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:35:46:046 6016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:35:46:062 6016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:35:46:125 6016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:35:46:156 6016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:35:46:187 6016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:35:46:218 6016 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:35:46:250 6016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
-
Looks like the log is getting cut off for some reason. But I can see that it did find the rootkit.
How is it running now? Can you get to those sites now?
-
I may have accidently cut off the bottom of the log. here it is again
09:38:44:890 3792 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:38:44:890 3792 ================================================================================
09:38:44:890 3792 SystemInfo:
09:38:44:890 3792 OS Version: 5.1.2600 ServicePack: 3.0
09:38:44:890 3792 Product type: Workstation
09:38:44:890 3792 ComputerName: OPTIPLEX
09:38:44:890 3792 UserName: Jonathan
09:38:44:890 3792 Windows directory: C:\WINDOWS
09:38:44:890 3792 System windows directory: C:\WINDOWS
09:38:44:890 3792 Processor architecture: Intel x86
09:38:44:890 3792 Number of processors: 2
09:38:44:890 3792 Page size: 0x1000
09:38:44:906 3792 Boot type: Normal boot
09:38:44:906 3792 ================================================================================
09:38:45:328 3792 Initialize success
09:38:45:328 3792
09:38:45:328 3792 Scanning Services ...
09:38:47:234 3792 Raw services enum returned 403 services
09:38:47:843 3792
09:38:47:859 3792 Scanning Drivers ...
09:38:50:312 3792 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:38:50:453 3792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:50:546 3792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:38:50:671 3792 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:38:50:906 3792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:51:015 3792 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:38:51:218 3792 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
09:38:51:406 3792 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
09:38:51:734 3792 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:38:51:812 3792 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:38:51:875 3792 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:38:51:937 3792 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:38:52:000 3792 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:38:52:078 3792 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:38:52:156 3792 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:38:52:234 3792 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:38:52:296 3792 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:38:52:468 3792 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:38:52:500 3792 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:38:52:656 3792 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:38:52:875 3792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:52:953 3792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:53:125 3792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:53:156 3792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:53:171 3792 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:38:53:187 3792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:53:234 3792 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:38:53:234 3792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:53:265 3792 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:38:53:296 3792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:53:359 3792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:53:390 3792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:53:421 3792 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:38:53:437 3792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:38:53:484 3792 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:38:53:625 3792 CVPNDRVA (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
09:38:53:812 3792 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:38:53:843 3792 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:38:53:906 3792 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
09:38:53:937 3792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:54:046 3792 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:38:54:078 3792 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:38:54:109 3792 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:38:54:125 3792 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:38:54:140 3792 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:38:54:156 3792 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:38:54:171 3792 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:38:54:187 3792 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:38:54:203 3792 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:38:54:281 3792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:38:54:312 3792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:38:54:328 3792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:38:54:343 3792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:38:54:484 3792 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:38:54:546 3792 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:38:54:687 3792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:38:54:765 3792 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:38:55:062 3792 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:38:55:593 3792 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:38:56:281 3792 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:38:56:593 3792 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:38:56:921 3792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:38:57:062 3792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:38:57:265 3792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:38:57:406 3792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:38:57:500 3792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:38:57:515 3792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:38:57:578 3792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:38:57:687 3792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:38:57:984 3792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:38:58:109 3792 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:38:58:203 3792 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:38:58:359 3792 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:38:58:750 3792 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:38:59:140 3792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:38:59:234 3792 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:38:59:265 3792 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:38:59:296 3792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:38:59:359 3792 IABFilt (cbf75f6257751d1089e7e1dd468168df) C:\WINDOWS\system32\DRIVERS\IABFilt.sys
09:38:59:875 3792 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:38:59:953 3792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:00:031 3792 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:39:00:078 3792 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:39:00:234 3792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:00:375 3792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:39:00:734 3792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:00:890 3792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:00:984 3792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:01:046 3792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:01:187 3792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:01:250 3792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:01:484 3792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:01:750 3792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:39:02:031 3792 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
09:39:02:312 3792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:39:02:421 3792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:02:531 3792 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
09:39:02:609 3792 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:39:02:640 3792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:02:718 3792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:39:03:046 3792 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:39:03:234 3792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:03:406 3792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:03:500 3792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:03:640 3792 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:39:04:031 3792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:04:531 3792 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:39:04:890 3792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:39:04:984 3792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:05:078 3792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:05:281 3792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:05:484 3792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:05:625 3792 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:39:06:015 3792 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\naveng.sys
09:39:06:453 3792 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100714.002\navex15.sys
09:39:06:578 3792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:39:06:593 3792 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:06:609 3792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:06:640 3792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:06:859 3792 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:07:281 3792 NEOFLTR_600_13487 (e42ebf219cc8781d439690bdf430182a) C:\WINDOWS\system32\Drivers\NEOFLTR_600_13487.SYS
09:39:07:421 3792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:07:562 3792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:39:07:640 3792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:39:07:812 3792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:39:08:218 3792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:39:08:718 3792 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:39:09:046 3792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:39:09:156 3792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:39:09:312 3792 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
09:39:09:468 3792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:39:09:546 3792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:39:09:828 3792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:39:09:968 3792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\drivers\tsk35.tmp
09:39:10:406 3792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:39:10:546 3792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:39:10:671 3792 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
09:39:11:156 3792 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:39:11:218 3792 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:39:11:375 3792 PortlUSB (895dbe112ef6435dda75c8c9698e400b) C:\WINDOWS\system32\DRIVERS\H10USB.sys
09:39:11:515 3792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:39:11:625 3792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:39:11:937 3792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:39:12:046 3792 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:39:12:203 3792 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:39:12:343 3792 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:39:12:531 3792 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:39:12:703 3792 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:39:12:843 3792 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:39:13:015 3792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:39:13:125 3792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:39:13:359 3792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:39:13:437 3792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:39:13:562 3792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:39:13:687 3792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:39:13:859 3792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:39:14:265 3792 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:39:14:406 3792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:39:14:625 3792 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec AntiVirus\savrt.sys
09:39:14:921 3792 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
09:39:15:000 3792 SCR3XX2K (b442a2470197b3feb38beddae9de9268) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
09:39:15:078 3792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:39:15:187 3792 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:39:15:328 3792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:39:15:437 3792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:39:15:609 3792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:39:15:671 3792 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:39:15:703 3792 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:39:15:921 3792 sonypvd2 (4101a5a53d93a7c6d059e630992b9149) C:\WINDOWS\system32\DRIVERS\sonypvd2.sys
09:39:16:000 3792 sonypvf2 (8984edfa4e4aae45892a2ba7929b360d) C:\WINDOWS\system32\drivers\sonypvf2.sys
09:39:16:015 3792 sonypvl2 (ec7de9b70ca3218803b4b38d62e7dc39) C:\WINDOWS\system32\drivers\sonypvl2.sys
09:39:16:031 3792 sonypvt2 (bf00283a4c71aae7b46c32a264cea22b) C:\WINDOWS\system32\drivers\sonypvt2.sys
09:39:16:093 3792 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:39:16:343 3792 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
09:39:16:406 3792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:39:16:437 3792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:39:16:468 3792 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
09:39:16:531 3792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:39:16:593 3792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:39:16:625 3792 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:39:16:640 3792 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:39:16:687 3792 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:39:16:734 3792 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
09:39:16:968 3792 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
09:39:16:984 3792 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
09:39:17:031 3792 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:39:17:046 3792 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:39:17:078 3792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:39:17:156 3792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:39:17:203 3792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:39:17:265 3792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:39:17:328 3792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:39:17:343 3792 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:39:17:406 3792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:39:17:453 3792 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:39:17:703 3792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:39:17:765 3792 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:39:17:812 3792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:39:17:828 3792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:39:17:859 3792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:39:17:890 3792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:39:17:953 3792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:39:18:015 3792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:39:18:062 3792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:39:18:125 3792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:39:18:328 3792 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:39:18:359 3792 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:39:18:390 3792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:39:18:468 3792 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
09:39:18:515 3792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:39:18:562 3792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:39:18:609 3792 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:39:18:625 3792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:39:18:687 3792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:39:18:703 3792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:39:18:718 3792
09:39:18:718 3792 Completed
09:39:18:718 3792
09:39:18:718 3792 Results:
09:39:18:718 3792 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:39:18:718 3792 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:39:18:718 3792
09:39:18:718 3792 KLMD(ARK) unloaded successfully
-
I can access the windows update page but once I click to download the updates I get a message "The website has encountered a problem and cannot display the page you are trying to view." This happens if I go through the Help center via Start on the computer as well.
I'm also still getting periodic redirects of Internet Explorer. its not happening as frequently but there is still a bug somewhere. Spybot and Malwarebytes are not detecting anything.
-
Time for combofix:
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Also make sure to allow it to install the recovery console.
Please include the C:\ComboFix.txt in your next reply for further review.
-
below is the log. after running this I was able to download Windows updates and access the site without any problems.
ComboFix 10-07-16.01 - Jonathan 07/17/2010 16:52:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.3044 [GMT -4:00]
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\data
c:\documents and settings\All Users\Application Data\459a768
c:\documents and settings\All Users\Application Data\459a768\84.mof
c:\documents and settings\All Users\Application Data\459a768\BackUp\Digital Line Detect.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\JHSecure VPN Client.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\Kodak EasyShare software.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\NkbMonitor.exe.lnk
c:\documents and settings\All Users\Application Data\459a768\BackUp\Wireless USB 2.0 WLAN Card Utility.lnk
c:\documents and settings\All Users\Application Data\459a768\MSE.ico
c:\documents and settings\All Users\Application Data\459a768\MSESys\vd952342.bd
c:\documents and settings\Jonathan\g2mdlhlpx.exe
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\BL_H10.rom
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\bootloader.inf
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\firmware.inf
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\history(firmware).txt
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\history(plus).txt
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\Plus1_0.mdb
c:\documents and settings\Regina\Local Settings\Temporary Internet Files\update.inf
.
((((((((((((((((((((((((( Files Created from 2010-06-17 to 2010-07-17 )))))))))))))))))))))))))))))))
.
2010-07-17 21:07 . 2010-07-17 21:07 -------- d-----w- c:\windows\LastGood
2010-07-15 16:50 . 2010-07-15 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\documents and settings\Jonathan\Application Data\PeaZip
2010-07-15 13:08 . 2010-07-15 13:08 -------- d-----w- c:\program files\PeaZip
2010-07-05 17:27 . 2010-07-05 17:27 293376 ----a-w- C:\7fuz0599.exe
2010-07-05 02:37 . 2010-07-05 02:37 -------- d-----w- c:\program files\Sun
2010-07-05 02:36 . 2010-07-05 02:36 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-04 17:10 . 2010-07-04 17:10 -------- d-----w- c:\program files\ERUNT
2010-07-02 23:25 . 2010-07-02 23:25 -------- d-----w- c:\program files\Trend Micro
2010-07-02 23:17 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\Threat Expert
2010-07-02 22:59 . 2010-07-15 12:38 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-02 22:59 . 2010-07-15 01:51 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-02 22:59 . 2010-07-15 01:51 1435600 ----a-w- c:\windows\PCTBDCore.dll
2010-07-02 22:59 . 2010-06-23 04:01 192 ----a-w- c:\windows\UDB.zip
2010-07-02 22:59 . 2008-11-26 15:08 131 ----a-w- c:\windows\IDB.zip
2010-07-02 22:59 . 2010-07-15 01:51 264144 ----a-w- c:\windows\PCTBDRes.dll
2010-07-02 22:58 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-02 22:58 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-02 22:58 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-02 22:57 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-02 22:57 . 2010-07-02 23:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-30 03:17 . 2010-06-30 03:17 -------- d-----w- C:\c3b08df3689e6543c69b76d6
2010-06-30 03:00 . 2010-07-01 02:56 -------- d-----w- c:\documents and settings\Jonathan\Local Settings\Application Data\hrjamelec
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-17 21:01 . 2008-02-06 20:48 -------- d-----w- c:\program files\Spyware Doctor
2010-07-17 20:56 . 2009-02-15 21:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-07-17 20:51 . 2008-02-06 20:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-17 14:09 . 2006-08-04 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-17 13:35 . 2010-07-17 13:35 68224 ----a-w- c:\windows\system32\drivers\tsk35.tmp
2010-07-17 13:11 . 2010-06-01 10:57 5645311 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-05 02:34 . 2006-07-29 13:13 -------- d-----w- c:\program files\Java
2010-07-01 02:55 . 2010-07-01 03:01 1584128 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB7B.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB79.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB7A.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB78.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB77.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB76.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB75.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB73.tmp
2010-07-01 02:55 . 2010-07-01 02:55 1584128 ----a-w- c:\windows\Internet Logs\xDBB74.tmp
2010-07-01 02:55 . 2010-07-01 02:55 8704 ----a-w- c:\windows\Internet Logs\xDBB72.tmp
2010-07-01 02:53 . 2010-07-01 02:55 8192 ----a-w- c:\windows\Internet Logs\xDBB71.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB70.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6F.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6E.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB6D.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB6B.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6C.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8192 ----a-w- c:\windows\Internet Logs\xDBB69.tmp
2010-07-01 02:53 . 2010-07-01 02:53 1584128 ----a-w- c:\windows\Internet Logs\xDBB6A.tmp
2010-07-01 02:53 . 2010-07-01 02:53 8704 ----a-w- c:\windows\Internet Logs\xDBB68.tmp
2010-07-01 02:51 . 2010-07-01 02:51 1584128 ----a-w- c:\windows\Internet Logs\xDBB32.tmp
2010-07-01 02:50 . 2010-07-01 02:50 8192 ----a-w- c:\windows\Internet Logs\xDBB05.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAF3.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF4.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAF1.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF2.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEF.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAF0.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAED.tmp
2010-07-01 02:49 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEE.tmp
2010-07-01 02:49 . 2010-07-01 02:49 8704 ----a-w- c:\windows\Internet Logs\xDBAEC.tmp
2010-07-01 02:48 . 2010-07-01 02:49 8192 ----a-w- c:\windows\Internet Logs\xDBAEA.tmp
2010-07-01 02:48 . 2010-07-01 02:49 1584128 ----a-w- c:\windows\Internet Logs\xDBAEB.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8704 ----a-w- c:\windows\Internet Logs\xDBAE9.tmp
2010-07-01 02:48 . 2010-07-01 02:48 8192 ----a-w- c:\windows\Internet Logs\xDBAE8.tmp
2010-07-01 02:48 . 2010-07-01 02:48 24064 ----a-w- c:\windows\Internet Logs\xDBAE7.tmp
2010-06-29 21:26 . 2010-05-25 11:59 439816 ----a-w- c:\documents and settings\Jonathan\Application Data\Real\Update\setup3.10\setup.exe
2010-06-19 01:52 . 2007-12-08 23:19 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-06-19 01:52 . 2007-12-08 23:17 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2010-06-05 13:53 . 2007-09-24 01:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Apple Computer
2010-05-31 23:45 . 2010-05-31 23:45 503808 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcp71.dll
2010-05-31 23:45 . 2010-05-31 23:45 499712 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\jmc.dll
2010-05-31 23:45 . 2010-05-31 23:45 348160 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3efb2bd1-n\msvcr71.dll
2010-05-31 23:45 . 2010-05-31 23:45 61440 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-sse.dll
2010-05-31 23:45 . 2010-05-31 23:45 12800 ----a-w- c:\documents and settings\Jonathan\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2b8a1184-n\decora-d3d.dll
2010-05-27 11:08 . 2010-05-27 11:08 49674 ----a-w- c:\windows\Internet Logs\GLB40_2nd_2010_05_27_00_01_01.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49307 ----a-w- c:\windows\Internet Logs\GLB39_2nd_2010_05_26_23_59_44.dmp.zip
2010-05-27 11:08 . 2010-05-27 11:08 49226 ----a-w- c:\windows\Internet Logs\GLB32_2nd_2010_05_26_23_59_31.dmp.zip
2010-05-27 03:49 . 2009-02-15 18:34 -------- d-----w- c:\program files\AVG
2010-05-27 03:47 . 2010-05-27 03:47 -------- d-----w- c:\documents and settings\Jonathan\Application Data\CheckPoint
2010-05-27 03:46 . 2009-02-15 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\CheckPoint
2010-05-27 03:45 . 2010-05-27 03:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-27 02:59 . 2006-08-04 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-27 02:11 . 2010-05-27 02:11 -------- d-----w- c:\documents and settings\Regina\Application Data\Malwarebytes
2010-05-27 02:06 . 2010-05-27 02:06 -------- d-----w- c:\documents and settings\Regina\Application Data\Apple Computer
2010-05-23 18:43 . 2010-05-23 18:43 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-23 18:42 . 2010-05-23 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-23 18:09 . 2010-05-23 18:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSCTSQE
2010-05-20 22:10 . 2010-05-27 03:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-20 22:10 . 2010-05-27 03:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-20 22:10 . 2010-05-27 03:45 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-05-06 10:41 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 21:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-23 18:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-23 18:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 13:59 . 2010-04-22 13:59 37230 ----a-w- c:\documents and settings\Jonathan\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe
2010-04-20 05:30 . 2004-08-11 21:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-11 1287120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
JHSecure VPN Client.lnk - c:\program files\JHSecure\VPN Client\vpngui.exe [2006-8-9 1524776]
Kodak EasyShare software.lnk - c:\program files\KODAK\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-12-8 118784]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2006-7-29 921704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Jonathan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [8/29/2006 5:41 PM 25344]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/2/2010 6:58 PM 218592]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [8/4/2006 10:22 PM 19478]
R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487);c:\windows\system32\drivers\NEOFLTR_600_13487.sys [8/13/2008 9:50 PM 64160]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [8/4/2006 10:22 PM 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [8/4/2006 10:22 PM 430670]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [7/2/2010 6:59 PM 198608]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [8/4/2006 4:26 PM 135168]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [7/29/2006 9:15 AM 61526]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/2/2010 6:57 PM 366840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [5/31/2010 5:47 PM 102448]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [8/4/2006 10:22 PM 64093]
S2 gupdate1c99473f33209e4;Google Update Service (gupdate1c99473f33209e4);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 6:30 PM 133104]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\H10USB.sys [6/24/2004 12:52 AM 7552]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 6:41 PM 116664]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [10/17/2007 11:11 PM 56448]
--- Other Services/Drivers In Memory ---
*Deregistered* - PCTSDInjDriver32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]
2010-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 22:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\real\realplayer\converter\Update\upgrdhlp.exe
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Jonathan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-17 17:11
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\drivers\tsk35.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1543065676-3932340502-659597284-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1262AABE-8920-20ED-9D31-DE48F6154571}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapmcfgagifgmahbhp"=hex:6b,61,6c,6e,66,65,63,68,69,62,61,6e,63,6d,61,70,63,6d,
6b,67,6b,61,00,00
"hajmeeajenlkocii"=hex:6b,61,6c,6e,66,65,63,68,69,62,61,6e,63,6d,61,70,63,6d,
6b,67,6b,61,00,00
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1348)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-07-17 17:16:05
ComboFix-quarantined-files.txt 2010-07-17 21:15
Pre-Run: 81,485,410,304 bytes free
Post-Run: 82,009,362,432 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9B1EC30A748B5DE69918EC44757366B3
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
