Page 4 of 6 FirstFirst 123456 LastLast
Results 31 to 40 of 55

Thread: can't get rid of win32.fraudload.edt

  1. #31
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    ok I ran that one and it found 80 problems and needed to reboot to clear all of them. Posted below is the log;

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 09/25/2010 at 09:06 AM

    Application Version : 4.43.1000

    Core Rules Database Version : 5578
    Trace Rules Database Version: 3390

    Scan type : Complete Scan
    Total Scan Time : 00:44:34

    Memory items scanned : 465
    Memory threats detected : 0
    Registry items scanned : 5856
    Registry threats detected : 0
    File items scanned : 46435
    File threats detected : 80

    Adware.Tracking Cookie
    C:\Documents and Settings\Me\Cookies\me@interclick[1].txt
    C:\Documents and Settings\Me\Cookies\me@hatrack[2].txt
    C:\Documents and Settings\Me\Cookies\me@ad.bodybuilding[1].txt
    C:\Documents and Settings\Me\Cookies\me@trafficmp[1].txt
    C:\Documents and Settings\Me\Cookies\me@overture[1].txt
    C:\Documents and Settings\Me\Cookies\me@content.yieldmanager[1].txt
    C:\Documents and Settings\Me\Cookies\me@bizzclick[1].txt
    C:\Documents and Settings\Me\Cookies\me@n-traffic[1].txt
    C:\Documents and Settings\Me\Cookies\me@ads.blogtalkradio[2].txt
    C:\Documents and Settings\Me\Cookies\me@adbrite[1].txt
    C:\Documents and Settings\Me\Cookies\me@at.atwola[1].txt
    C:\Documents and Settings\Me\Cookies\me@advertise[1].txt
    C:\Documents and Settings\Me\Cookies\me@kontera[1].txt
    C:\Documents and Settings\Me\Cookies\me@richmedia.yahoo[1].txt
    C:\Documents and Settings\Me\Cookies\me@yieldmanager[1].txt
    C:\Documents and Settings\Me\Cookies\me@serving-sys[1].txt
    C:\Documents and Settings\Me\Cookies\me@atdmt[1].txt
    C:\Documents and Settings\Me\Cookies\me@counter.surfcounters[1].txt
    C:\Documents and Settings\Me\Cookies\me@imrworldwide[2].txt
    C:\Documents and Settings\Me\Cookies\me@specificclick[2].txt
    C:\Documents and Settings\Me\Cookies\me@bs.serving-sys[2].txt
    C:\Documents and Settings\Me\Cookies\me@tacoda[2].txt
    C:\Documents and Settings\Me\Cookies\me@adinterax[2].txt
    C:\Documents and Settings\Me\Cookies\me@questionmarket[1].txt
    C:\Documents and Settings\Me\Cookies\me@ad.wsod[2].txt
    C:\Documents and Settings\Me\Cookies\me@microsoftwindows.112.2o7[1].txt
    C:\Documents and Settings\Me\Cookies\me@adcloudmedia[1].txt
    C:\Documents and Settings\Me\Cookies\me@atwola[2].txt
    C:\Documents and Settings\Me\Cookies\me@hatrack[1].txt
    C:\Documents and Settings\Me\Cookies\me@media.abovetopsecret[1].txt
    media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\TW9TLPVQ ]
    media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\TW9TLPVQ ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\TW9TLPVQ ]
    media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\6F9C2ZDW ]
    media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\6F9C2ZDW ]
    secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\6F9C2ZDW ]
    C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
    C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
    C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@videoegg.adbureau[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt
    C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@tacoda[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@sportingnews.122.2o7[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
    C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
    C:\Documents and Settings\NetworkService\Cookies\system@media.mtvnservices[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ads.addynamix[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
    C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
    media.ign.com [ E:\WINDOWS\Application Data\Macromedia\Flash Player\#SharedObjects\EU3D4KKF ]
    stat.radioblogclub.com [ E:\WINDOWS\Application Data\Macromedia\Flash Player\#SharedObjects\EU3D4KKF ]
    files.adbrite.com [ E:\WINDOWS\Application Data\Macromedia\Flash Player\#SharedObjects\EU3D4KKF ]
    macromedia.com [ E:\WINDOWS\Application Data\Macromedia\Flash Player\#SharedObjects\EU3D4KKF ]

    Trojan.Agent/Gen-Virut
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{AB361FEF-B892-40BA-955E-F42CD2CF40B9}\RP3\A0004171.EXE

  2. #32
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Is your computer still locking up upon rebooting ? Are those popup windows still opening ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #33
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    my computer doesn't seem to be locking up after rebooting now, but when I go to shut down or restart it always delays and says the hpmcmgr.exe is still running and I have to end it to finish the shut down. The name on that may be off alitte I forgot to write it down. Anyway, I am still getting redirects also on the web browser.

  4. #34
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I had you run SuperAntiSpyware to clean out more junk so we can concentrate on your current problem.

    A couple of things

    The error on shutdown is related to this, looks like you just need to update
    http://h10025.www1.hp.com/ewfrf/wc/g...tem=oj-22424-5




    From the SAS scan. This could be troubling as Virut is an uncleanable virus, although I am not seeing any other markers for it so this may just have been detected wrong, not sure

    Trojan.Agent/Gen-Virut
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{AB361FEF-B892-40BA-955E-F42CD2CF40B9}\RP3\A0004171.EXE




    I am still not convinced that the MBR is ok, I didn't submit that dump file because it looked like TDSSkiller fix the MBR, but lets check further.


    1.
    Drag Combofix to the trash and grab a fresh copy , run it please and post the log.


    2.
    Run MBRCheck again and post the log


    3.

    Run MBRCheck and attach a new dump log


    Then I will submit all this info and see where we stand
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #35
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    ok I redid the combofix and ran it and here is the log below. I am now going to redo the MBRCheck and will post it in the next reply.

    ComboFix 10-09-24.05 - Me 09/25/2010 12:18:43.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3581.3273 [GMT -4:00]
    Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
    .

    2010-09-25 16:03 . 2010-09-25 16:03 -------- d-----w- c:\program files\Overland
    2010-09-25 12:20 . 2010-09-25 12:20 63488 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-25 12:20 . 2010-09-25 12:20 52224 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-09-25 12:20 . 2010-09-25 12:20 117760 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-25 12:20 . 2010-09-25 12:20 -------- d-----w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com
    2010-09-25 12:20 . 2010-09-25 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-09-25 12:19 . 2010-09-25 12:20 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-09-24 11:35 . 2010-09-24 11:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-09-24 11:09 . 2010-09-24 11:09 -------- d-----w- C:\_OTS
    2010-09-23 12:28 . 2010-09-23 12:28 -------- d-----w- c:\program files\ESET
    2010-09-23 11:43 . 2010-09-23 11:43 -------- d-----w- c:\documents and settings\Me\Application Data\Malwarebytes
    2010-09-23 11:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-23 11:43 . 2010-09-23 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-23 11:43 . 2010-09-23 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-23 11:43 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-21 05:27 . 2010-09-21 05:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-09-21 05:24 . 2010-09-21 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-09-21 05:24 . 2010-09-21 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS(2)
    2010-09-21 04:41 . 2010-09-21 04:41 -------- d-----w- c:\documents and settings\program files for Edrive\uTorrent
    2010-09-20 07:32 . 2010-09-21 04:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Adobe(3)
    2010-09-20 04:45 . 2010-09-21 04:41 -------- d-----w- c:\program files\ERUNT
    2010-09-20 04:25 . 2010-09-21 04:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(5)
    2010-09-19 05:55 . 2010-09-21 05:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(4)
    2010-09-18 23:41 . 2010-09-18 23:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-09-18 12:47 . 2010-09-21 05:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(3)
    2010-09-17 20:07 . 2010-09-21 05:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(2)
    2010-09-17 19:55 . 2010-09-21 05:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Adobe(2)
    2010-09-17 19:41 . 2010-09-17 19:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-09-15 15:24 . 2010-09-15 15:24 -------- d-----w- c:\program files\InterActual

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-25 16:06 . 2007-08-04 16:10 -------- d-----w- c:\documents and settings\Me\Application Data\OpenOffice.org2
    2010-09-24 19:16 . 2008-10-12 13:55 -------- d-----w- c:\program files\Google
    2010-09-24 15:12 . 2007-10-10 05:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-24 14:58 . 2010-05-22 06:55 -------- d-----w- c:\documents and settings\Me\Application Data\Veihxy
    2010-09-24 12:27 . 2008-10-12 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-09-24 00:35 . 2009-04-04 09:20 -------- d-----w- c:\documents and settings\Me\Application Data\Enme
    2010-09-21 05:12 . 2007-08-04 08:36 -------- d-----w- c:\program files\Common Files\Adobe
    2010-09-20 04:06 . 2010-07-03 14:42 -------- d-----w- c:\program files\Viva Media
    2010-08-17 13:17 . 2004-08-04 05:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-22 15:49 . 2004-08-04 05:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57 . 2009-04-17 11:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-07-10 19:12 . 2010-01-09 13:59 251705 ----a-w- c:\documents and settings\Me\Application Data\Sony Online Entertainment\npsoeact.dll
    2010-06-30 12:31 . 2004-08-04 05:56 149504 ----a-w- c:\windows\system32\schannel.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-24_18.41.17 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-25 16:16 . 2010-09-25 16:16 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
    + 2010-09-24 19:17 . 2010-09-24 19:17 25214 c:\windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008}\ARPPRODUCTICON.exe
    + 2010-09-25 16:03 . 2010-09-25 16:03 510976 c:\windows\Installer\7c744d.msi
    + 2010-09-24 19:17 . 2010-09-24 19:17 1223680 c:\windows\Installer\2af541.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 1626112]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
    "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    ytvey.exe [2010-9-24 122880]

    c:\documents and settings\Me\Start Menu\Programs\Startup\
    OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-1-6 63696]
    ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-1-26 54776]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
    "c:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 9:55 AM 135664]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-09-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 19:17]

    2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 13:55]

    2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 13:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-25 12:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ADE9C76]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
    \Driver\ACPI -> ACPI.sys @ 0xf75aecb8
    \Driver\atapi -> atapi.sys @ 0xf74a0852
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
    ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
    ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
    NDIS: Broadcom NetXtreme Gigabit Ethernet for hp -> SendCompleteHandler -> NDIS.sys @ 0xf7426bb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7433a21
    SendHandler -> NDIS.sys @ 0xf741187b
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1202660629-220523388-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(456)
    c:\windows\system32\WININET.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    - - - - - - - > 'lsass.exe'(516)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-09-25 12:33:31
    ComboFix-quarantined-files.txt 2010-09-25 16:33
    ComboFix2.txt 2010-09-24 18:44
    ComboFix3.txt 2010-09-23 01:07

    Pre-Run: 11,003,482,112 bytes free
    Post-Run: 11,292,454,912 bytes free

    - - End Of File - - 399F0A00CE4708B6CC0AFBAE9D6FE419

  6. #36
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    Ok I reran the MBRCheck and here is the log posted below, I will now run it again and dump it and post it in the next reply.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    Kernel Drivers (total 120):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0x8AED9000 \WINDOWS\system32\KDCOM.DLL
    0xF789B000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7989000 intelide.sys
    0xF7607000 MountMgr.sys
    0xF74D8000 ftdisk.sys
    0xF798B000 dmload.sys
    0xF74B2000 dmio.sys
    0xF770F000 PartMgr.sys
    0xF7617000 VolSnap.sys
    0xF749A000 atapi.sys
    0xF7627000 disk.sys
    0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF747A000 fltmgr.sys
    0xF7468000 sr.sys
    0xF7647000 PxHelp20.sys
    0xF7451000 KSecDD.sys
    0xF743E000 WudfPf.sys
    0xF7B52000 Ntfs.sys
    0xF7411000 NDIS.sys
    0xF787D000 Mup.sys
    0xF7657000 agp440.sys
    0xB8AE4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB8AD0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF77FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8AAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7807000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8A81000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xF76D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF780F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB93AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB8A6D000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF793F000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB93A7000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB939F000 \SystemRoot\system32\drivers\Afc.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7587000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB8A4A000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB89BC000 \SystemRoot\system32\drivers\smwdm.sys
    0xB8998000 \SystemRoot\system32\drivers\portcls.sys
    0xF7577000 \SystemRoot\system32\drivers\drmk.sys
    0xB8980000 \SystemRoot\system32\drivers\aeaudio.sys
    0xF7567000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7A59000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7557000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8969000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7547000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7537000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB9397000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8958000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7527000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7747000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF775F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB6F62000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB9D5D000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79E7000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB6F04000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9270000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9DAD000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9D9D000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79FF000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF773F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF799D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB352C000 \SystemRoot\System32\Drivers\Null.SYS
    0xF799F000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7777000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF777F000 \SystemRoot\System32\drivers\vga.sys
    0xF79A1000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7797000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB4782000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB2B6E000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB2B15000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB2AE3000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB2AC1000 \SystemRoot\System32\drivers\afd.sys
    0xB4964000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB2A9F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF77F7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xB2A74000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB2A04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB3DC4000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB29DE000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB3DB4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB4C8A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB9CA8000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB284D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF7927000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xA6864000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xA684C000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xA8B61000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA7CEE000 \SystemRoot\System32\drivers\Dxapi.sys
    0xA7966000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA71F6000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB9C98000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA5D1B000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA6B72000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA5B58000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB6EFE000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA5A89000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB3D94000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xACB4A000 \??\C:\DOCUME~1\Me\LOCALS~1\Temp\mbr.sys
    0xACB62000 \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys
    0xA7D86000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
    0xA58B8000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA588D000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 25):
    0 System Idle Process
    4 System
    384 C:\WINDOWS\system32\smss.exe
    432 csrss.exe
    456 C:\WINDOWS\system32\winlogon.exe
    504 C:\WINDOWS\system32\services.exe
    516 C:\WINDOWS\system32\lsass.exe
    676 C:\WINDOWS\system32\svchost.exe
    736 svchost.exe
    808 C:\WINDOWS\system32\svchost.exe
    856 C:\WINDOWS\system32\svchost.exe
    996 svchost.exe
    1092 svchost.exe
    1180 C:\WINDOWS\system32\spoolsv.exe
    1884 svchost.exe
    188 C:\Program Files\Java\jre6\bin\jqs.exe
    292 C:\WINDOWS\system32\nvsvc32.exe
    784 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    424 C:\WINDOWS\system32\wscntfy.exe
    1668 alg.exe
    400 C:\WINDOWS\system32\notepad.exe
    224 C:\WINDOWS\explorer.exe
    2036 C:\WINDOWS\system32\svchost.exe
    1760 C:\WINDOWS\system32\ctfmon.exe
    336 C:\Documents and Settings\Me\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000006`4e87de00 (FAT32)

    PhysicalDrive0 Model Number: WDCWD400BB-22HEA1, Rev: 14.03G14
    PhysicalDrive1 Model Number: QUANTUMFIREBALLlct1530, Rev: A01.0F00

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    27 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 0DCD918E9B55B1CB6BBF593A8E9A819601ADD524


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

  7. #37
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    Ok I finished it again and zipped up the dump.dat file and will attach it to this post. Thank you again for your help.

  8. #38
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    OK, thanks, I will submit this info and be back as soon as I hear back from them
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #39
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    They would like to see a new TDSSKiller log to confirm that the MBR is clean


    Download TDSSKiller and save it to your Desktop.
    http://support.kaspersky.com/downloa...tdsskiller.zip

    Extract the file and run it.
    Once completed it will create a log in your C:\ drive
    Please post the contents of that log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #40
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    sorry have been gone all day, thanks for getting back with me so soon.
    Here is the log from the scan:

    2010/09/25 20:45:33.0312 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
    2010/09/25 20:45:33.0312 ================================================================================
    2010/09/25 20:45:33.0312 SystemInfo:
    2010/09/25 20:45:33.0312
    2010/09/25 20:45:33.0312 OS Version: 5.1.2600 ServicePack: 3.0
    2010/09/25 20:45:33.0312 Product type: Workstation
    2010/09/25 20:45:33.0312 ComputerName: HP1
    2010/09/25 20:45:33.0312 UserName: Me
    2010/09/25 20:45:33.0312 Windows directory: C:\WINDOWS
    2010/09/25 20:45:33.0312 System windows directory: C:\WINDOWS
    2010/09/25 20:45:33.0312 Processor architecture: Intel x86
    2010/09/25 20:45:33.0312 Number of processors: 1
    2010/09/25 20:45:33.0312 Page size: 0x1000
    2010/09/25 20:45:33.0312 Boot type: Normal boot
    2010/09/25 20:45:33.0312 ================================================================================
    2010/09/25 20:45:33.0921 Initialize success
    2010/09/25 20:45:37.0671 ================================================================================
    2010/09/25 20:45:37.0671 Scan started
    2010/09/25 20:45:37.0671 Mode: Manual;
    2010/09/25 20:45:37.0671 ================================================================================
    2010/09/25 20:45:40.0015 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/09/25 20:45:40.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/09/25 20:45:40.0328 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
    2010/09/25 20:45:40.0437 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/09/25 20:45:40.0531 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
    2010/09/25 20:45:40.0656 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/09/25 20:45:40.0765 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2010/09/25 20:45:41.0359 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/09/25 20:45:41.0468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/09/25 20:45:41.0625 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/09/25 20:45:41.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/09/25 20:45:41.0890 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2010/09/25 20:45:42.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/09/25 20:45:42.0140 Blfp (690308631d4f78679272dff58734f968) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
    2010/09/25 20:45:42.0234 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    2010/09/25 20:45:42.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/09/25 20:45:42.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/09/25 20:45:42.0765 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/09/25 20:45:42.0921 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/09/25 20:45:43.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/09/25 20:45:43.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/09/25 20:45:43.0687 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/09/25 20:45:43.0859 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/09/25 20:45:43.0968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/09/25 20:45:44.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/09/25 20:45:44.0468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/09/25 20:45:44.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/09/25 20:45:44.0671 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/09/25 20:45:44.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/09/25 20:45:44.0937 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/09/25 20:45:45.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/09/25 20:45:45.0171 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/09/25 20:45:45.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/09/25 20:45:45.0375 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/09/25 20:45:45.0531 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/09/25 20:45:45.0828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/09/25 20:45:45.0968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/09/25 20:45:46.0171 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/09/25 20:45:46.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/09/25 20:45:46.0375 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/09/25 20:45:46.0500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/09/25 20:45:46.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/09/25 20:45:46.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/09/25 20:45:46.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/09/25 20:45:47.0015 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/09/25 20:45:47.0109 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/09/25 20:45:47.0218 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/09/25 20:45:47.0343 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/09/25 20:45:47.0406 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/09/25 20:45:47.0546 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/09/25 20:45:47.0734 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/09/25 20:45:47.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/09/25 20:45:48.0000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/09/25 20:45:48.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/09/25 20:45:48.0265 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/09/25 20:45:48.0453 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/09/25 20:45:48.0578 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/09/25 20:45:48.0718 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/09/25 20:45:48.0875 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/09/25 20:45:48.0953 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/09/25 20:45:49.0062 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/09/25 20:45:49.0187 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/09/25 20:45:49.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/09/25 20:45:49.0453 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/09/25 20:45:49.0578 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/09/25 20:45:49.0625 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/09/25 20:45:49.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/09/25 20:45:49.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/09/25 20:45:49.0984 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/09/25 20:45:50.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/09/25 20:45:50.0281 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/09/25 20:45:50.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/09/25 20:45:50.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/09/25 20:45:50.0921 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/09/25 20:45:51.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/09/25 20:45:51.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/09/25 20:45:51.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/09/25 20:45:51.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/09/25 20:45:51.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/09/25 20:45:51.0734 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/09/25 20:45:51.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/09/25 20:45:51.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/09/25 20:45:52.0453 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/09/25 20:45:52.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/09/25 20:45:52.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/09/25 20:45:52.0687 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/09/25 20:45:53.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/09/25 20:45:53.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/09/25 20:45:53.0156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/09/25 20:45:53.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/09/25 20:45:53.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/09/25 20:45:53.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/09/25 20:45:53.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/09/25 20:45:53.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/09/25 20:45:53.0812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/09/25 20:45:53.0984 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2010/09/25 20:45:54.0015 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    2010/09/25 20:45:54.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/09/25 20:45:54.0265 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/09/25 20:45:54.0343 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/09/25 20:45:54.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/09/25 20:45:54.0656 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/09/25 20:45:54.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/09/25 20:45:54.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/09/25 20:45:55.0078 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/09/25 20:45:55.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/09/25 20:45:55.0250 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/09/25 20:45:55.0453 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/09/25 20:45:55.0625 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/09/25 20:45:55.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/09/25 20:45:55.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/09/25 20:45:55.0968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/09/25 20:45:56.0109 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/09/25 20:45:56.0234 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/09/25 20:45:56.0359 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/09/25 20:45:56.0406 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/09/25 20:45:56.0500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/09/25 20:45:56.0578 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/09/25 20:45:56.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/09/25 20:45:56.0734 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/09/25 20:45:56.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/09/25 20:45:56.0968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/09/25 20:45:57.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/09/25 20:45:57.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/09/25 20:45:57.0375 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2010/09/25 20:45:57.0531 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/09/25 20:45:57.0718 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2010/09/25 20:45:57.0906 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/09/25 20:45:57.0984 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/09/25 20:45:58.0062 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/09/25 20:45:58.0062 ================================================================================
    2010/09/25 20:45:58.0062 Scan finished
    2010/09/25 20:45:58.0062 ================================================================================
    2010/09/25 20:45:58.0093 Detected object count: 1
    2010/09/25 20:46:06.0609 \HardDisk1\MBR - will be cured after reboot
    2010/09/25 20:46:06.0609 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure
    2010/09/25 20:46:11.0046 Deinitialize success

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •