Page 1 of 4 1234 LastLast
Results 1 to 10 of 33

Thread: Click.Giftload, Virtumonde and Antivirus Antispyware OH MY...

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default Click.Giftload, Virtumonde and Antivirus Antispyware OH MY...

    Hello wonderful SpyBot support team!

    I have read through the Before you Post bit and have done all that has been suggested with the ERUNT, DDS and attach.txt. My only reservation is how to get that info to this forum. I am on another computer in our network and I used a jump drive to download files and transfer them to the infected computer. (I had to disconnect the other from the home network to keep it's cooties to itself.) I fired it up in safe mode (I will get to how I finally achieved even that in a moment) I opened ERUNT and ran it, saved and exited, then ran DDS, saved and exited. as well I have the Spybot results copied and pasted.

    My gut tells me that the wee txt files saved onto the jump drive would be fine to plug in and transfer what is necessary to the forum for sufficient assistance. However, I don't 100% know how devious these beasties are in getting onto my jumper and spreading their disease. I will wait for further instruction on how to proceed.

    real quick I am running Windows XP svc pack3

    Here's the low down of what started this "storm" of troubles and what I have done to remedy the situation. (thankfully I have read in the past that ComboFix is not for the unsavvy....so I have avoided that thus far until I have advisement to do so)

    1- IE pop ups began randomly appearing...I recognized this and did not open anything. I went into Task Manager and ended any IE processes so that I could stop and run SpyBot, Malwarebytes and the MSE (Microsoft Security Essentials) that were already on the computer. (I have had better success with AVG, but it won't load with MSE on board)

    2-Ran Spybot and it found several minor infections including click.giftload I fixed and removed them all.

    3- Tried to restart computer...explorer.exe would not shut itself down, nor would it shut down the computer. did a hard shut down (held power down for 10 seconds until shut down)

    4- restarted computer and no explorer.exe at all...would fire up and go to the use profile...but no icons, no start menu...nada. hard shut down again (yes I cringe each time I have to do it...I know it's not good...but...)

    5- The next morning I came out to try round 2, everything started up just fine....even explorer....I ran spybot again and it only found click.giftload....YAY Progress!

    6...to make a long story short, I have run Spybot, then malwarebytes (after a few fights with Antivirus Antispyware 2011 now popping up) and it removed another fistfull of infections. Couldn't get AA2011 though...I ran Rkill, THEN malwarebytes and knocked it out...ran Spybot again and now it is finding the click.giftload, Virtumonde.prx and Microsoft.WindowsSecurityCenter_disabled...I fix them and it says they are all removed, but then they restart the computer, they are back again.

    So...here I am...

    I appreciate any assistance you can give.

    S

    edit...I have also run MSE, but it repeatedly says no infections found...
    when I had no explorer I clicked Control/alt/delete to get task manager to open and clicked File -> New task "explorer.exe" then run....it took a few tries to get that to work, but it did and once I was able to successfully shut down the computer...I was able to reopen in Safe Mode as Administrator.
    Last edited by Mommazon; 2011-03-25 at 20:59. Reason: forgot pertinent information...

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Download DDS from one of the links below to your desktop

    Link 1
    Link 2

    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


    Information on A/V control Here
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    Thanks Ken...

    I read through everything...I'm just going to use the jump drive and hope for the best.

    .
    DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
    Run by Administrator at 10:22:45.15 on Fri 03/25/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1750 [GMT -7:00]
    .
    AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    FW: McAfee Personal Firewall Plus *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    F:\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Whakowem] rundll32.exe "c:\windows\ikuwomaqudenenor.dll",Startup
    mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
    mRunOnce: [SpybotDeletingA345] command.com /c del "c:\windows\ikuwomaqudenenor.dll_old"
    mRunOnce: [SpybotDeletingC9660] cmd.exe /c del "c:\windows\ikuwomaqudenenor.dll_old"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: itlnfw32 - itlnfw32.dll
    Notify: itlntfy - itlnfw32.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\63wlbkrm.default\
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: XULRunner: {62FE7DAD-3BEE-4B24-B1B9-C08095A31C20} - c:\documents and settings\mommazon\local settings\application data\{62FE7DAD-3BEE-4B24-B1B9-C08095A31C20}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    .
    ============= SERVICES / DRIVERS ===============
    .
    S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
    S1 MpKsl966d8728;MpKsl966d8728;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{223cf3a5-5ab7-492c-9d16-d5d9bc56e41b}\mpksl966d8728.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{223cf3a5-5ab7-492c-9d16-d5d9bc56e41b}\MpKsl966d8728.sys [?]
    S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2005-8-16 14336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-25 136176]
    S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2005-8-16 14336]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2011-03-25 04:49:42 0 ----a-w- c:\windows\Bhogubetogumamum.bin
    2011-03-25 00:44:46 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2011-03-25 00:00:24 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
    2011-03-25 00:00:04 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
    2011-03-24 20:23:38 34816 ----a-w- c:\windows\system32\itlnfw32.dll
    2011-03-24 20:23:38 216064 ----a-w- c:\windows\system32\itlpfw32.dll
    2011-03-24 04:42:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-24 04:42:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-03-24 04:42:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-24 04:42:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-23 04:42:31 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKslcf42d9c4.sys
    2011-03-23 04:40:22 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKsl085c156a.sys
    2011-03-23 04:30:12 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKsl46dd7b34.sys
    2011-03-23 04:21:02 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\MpKslba6b11df.sys
    2011-03-23 03:41:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-03-22 15:11:26 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{7efc8332-93e6-4a1a-8c02-bc970a3b9fcd}\mpengine.dll
    2011-03-22 01:35:30 -------- d-----w- c:\windows\system32\appmgmt
    2011-03-21 23:08:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-03-21 23:08:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-21 23:08:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-03-16 03:46:57 -------- d-----w- c:\program files\MSECache
    2011-03-10 00:15:57 -------- d-----w- c:\program files\common files\DAZ
    2011-03-08 04:38:59 -------- d-----w- c:\program files\Smith Micro
    2011-03-07 23:32:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Poser
    2011-02-26 07:59:26 86528 ----a-w- c:\windows\system32\E_FLBEGA.DLL
    2011-02-26 07:59:26 78848 ----a-w- c:\windows\system32\E_FD4BEGA.DLL
    2011-02-26 07:59:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\EPSON
    2011-02-26 07:49:14 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-02-26 07:49:14 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-02-26 07:44:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-02-26 07:44:46 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
    .
    ==================== Find3M ====================
    .
    2011-03-21 23:58:48 848 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2011-03-19 20:40:35 4184 ----a-w- c:\windows\system32\KGyGaAvL.sys
    2011-02-19 06:23:43 88 ------w- c:\windows\system32\9E0BD4F60D.sys
    2011-02-05 01:48:32 456192 ------w- c:\windows\system32\encdec.dll
    2011-02-05 01:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ------w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys
    2010-12-29 17:39:04 1700352 ------w- c:\windows\system32\gdiplus.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: HDS728080PLA380 rev.PF2OA63A -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-17
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A5B2439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5b87d0]; MOV EAX, [0x8a5b884c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A5ECAB8]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5EAAB0]
    \Driver\atapi[0x8A614EB8] -> IRP_MJ_CREATE -> 0x8A5B2439
    kernel: MBR read successfully
    _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-17 -> \??\IDE#DiskHDS728080PLA380_________________________PF2OA63A#5&2510770d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A5B227F
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 10:24:34.40 ===============

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Your infected with the TDSS Rootkit

    Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Wait until the program has finished scanning, then please exit the program.

    The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.


    Please restart your computer.





    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    2011/03/27 10:54:08.0046 0112 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/27 10:54:08.0265 0112 ================================================================================
    2011/03/27 10:54:08.0265 0112 SystemInfo:
    2011/03/27 10:54:08.0265 0112
    2011/03/27 10:54:08.0265 0112 OS Version: 5.1.2600 ServicePack: 3.0
    2011/03/27 10:54:08.0265 0112 Product type: Workstation
    2011/03/27 10:54:08.0265 0112 ComputerName: D7M16T91
    2011/03/27 10:54:08.0265 0112 UserName: Mommazon
    2011/03/27 10:54:08.0265 0112 Windows directory: C:\WINDOWS
    2011/03/27 10:54:08.0265 0112 System windows directory: C:\WINDOWS
    2011/03/27 10:54:08.0265 0112 Processor architecture: Intel x86
    2011/03/27 10:54:08.0265 0112 Number of processors: 2
    2011/03/27 10:54:08.0265 0112 Page size: 0x1000
    2011/03/27 10:54:08.0265 0112 Boot type: Normal boot
    2011/03/27 10:54:08.0265 0112 ================================================================================
    2011/03/27 10:54:08.0859 0112 Initialize success
    2011/03/27 10:54:25.0593 2296 ================================================================================
    2011/03/27 10:54:25.0593 2296 Scan started
    2011/03/27 10:54:25.0593 2296 Mode: Manual;
    2011/03/27 10:54:25.0593 2296 ================================================================================
    2011/03/27 10:54:26.0125 2296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/03/27 10:54:26.0171 2296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/03/27 10:54:26.0187 2296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/03/27 10:54:26.0234 2296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/03/27 10:54:26.0265 2296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/03/27 10:54:26.0359 2296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/03/27 10:54:26.0406 2296 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/03/27 10:54:26.0437 2296 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/03/27 10:54:26.0500 2296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/03/27 10:54:26.0515 2296 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/03/27 10:54:26.0531 2296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/03/27 10:54:26.0562 2296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/03/27 10:54:26.0609 2296 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/03/27 10:54:26.0625 2296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/03/27 10:54:26.0640 2296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/03/27 10:54:26.0687 2296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/03/27 10:54:26.0765 2296 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/03/27 10:54:26.0781 2296 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/03/27 10:54:26.0796 2296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/03/27 10:54:26.0828 2296 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/03/27 10:54:26.0875 2296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/03/27 10:54:26.0906 2296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/03/27 10:54:26.0937 2296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/03/27 10:54:27.0000 2296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/03/27 10:54:27.0046 2296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/03/27 10:54:27.0078 2296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/03/27 10:54:27.0093 2296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/03/27 10:54:27.0109 2296 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/03/27 10:54:27.0125 2296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/03/27 10:54:27.0156 2296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/03/27 10:54:27.0171 2296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/03/27 10:54:27.0265 2296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/03/27 10:54:27.0296 2296 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/03/27 10:54:27.0343 2296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/03/27 10:54:27.0359 2296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/03/27 10:54:27.0375 2296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/03/27 10:54:27.0406 2296 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    2011/03/27 10:54:27.0421 2296 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    2011/03/27 10:54:27.0453 2296 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    2011/03/27 10:54:27.0484 2296 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    2011/03/27 10:54:27.0500 2296 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    2011/03/27 10:54:27.0515 2296 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    2011/03/27 10:54:27.0531 2296 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    2011/03/27 10:54:27.0546 2296 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    2011/03/27 10:54:27.0562 2296 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    2011/03/27 10:54:27.0609 2296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/03/27 10:54:27.0625 2296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/03/27 10:54:27.0640 2296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/03/27 10:54:27.0671 2296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/03/27 10:54:27.0703 2296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/03/27 10:54:27.0718 2296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/03/27 10:54:27.0750 2296 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    2011/03/27 10:54:27.0796 2296 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    2011/03/27 10:54:27.0828 2296 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/03/27 10:54:27.0875 2296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/03/27 10:54:27.0906 2296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/03/27 10:54:27.0921 2296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/03/27 10:54:27.0937 2296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/03/27 10:54:27.0953 2296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/03/27 10:54:27.0968 2296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/03/27 10:54:27.0984 2296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/03/27 10:54:28.0093 2296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/03/27 10:54:28.0125 2296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/03/27 10:54:28.0171 2296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/03/27 10:54:28.0203 2296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/03/27 10:54:28.0234 2296 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/03/27 10:54:28.0312 2296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/03/27 10:54:28.0328 2296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/03/27 10:54:28.0343 2296 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/03/27 10:54:28.0375 2296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/03/27 10:54:28.0406 2296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/03/27 10:54:28.0437 2296 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/03/27 10:54:28.0468 2296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/03/27 10:54:28.0500 2296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/03/27 10:54:28.0546 2296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/03/27 10:54:28.0578 2296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/03/27 10:54:28.0625 2296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/03/27 10:54:28.0671 2296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/03/27 10:54:28.0703 2296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/03/27 10:54:28.0750 2296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/03/27 10:54:28.0796 2296 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/03/27 10:54:28.0812 2296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/03/27 10:54:28.0843 2296 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/03/27 10:54:28.0875 2296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/03/27 10:54:28.0906 2296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/03/27 10:54:28.0968 2296 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/03/27 10:54:29.0000 2296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/03/27 10:54:29.0078 2296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/03/27 10:54:29.0093 2296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/03/27 10:54:29.0140 2296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/03/27 10:54:29.0187 2296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/03/27 10:54:29.0218 2296 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/03/27 10:54:29.0359 2296 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/03/27 10:54:29.0375 2296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/03/27 10:54:29.0421 2296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/03/27 10:54:29.0468 2296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/03/27 10:54:29.0484 2296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/03/27 10:54:29.0515 2296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/03/27 10:54:29.0546 2296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/03/27 10:54:29.0578 2296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/03/27 10:54:29.0593 2296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/03/27 10:54:29.0609 2296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/03/27 10:54:29.0625 2296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/03/27 10:54:29.0656 2296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/03/27 10:54:29.0718 2296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/03/27 10:54:29.0734 2296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/03/27 10:54:29.0765 2296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/03/27 10:54:29.0796 2296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/03/27 10:54:29.0828 2296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/03/27 10:54:29.0843 2296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/03/27 10:54:29.0875 2296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/03/27 10:54:29.0906 2296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/03/27 10:54:30.0015 2296 nv (94c9962a2d51115be99dbed20801edae) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/03/27 10:54:30.0140 2296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/03/27 10:54:30.0140 2296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/03/27 10:54:30.0187 2296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/03/27 10:54:30.0203 2296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/03/27 10:54:30.0218 2296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/03/27 10:54:30.0250 2296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/03/27 10:54:30.0265 2296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/03/27 10:54:30.0281 2296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/03/27 10:54:30.0312 2296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/03/27 10:54:30.0390 2296 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/03/27 10:54:30.0437 2296 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/03/27 10:54:30.0484 2296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/03/27 10:54:30.0531 2296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/03/27 10:54:30.0546 2296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/03/27 10:54:30.0562 2296 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/03/27 10:54:30.0578 2296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/03/27 10:54:30.0593 2296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/03/27 10:54:30.0609 2296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/03/27 10:54:30.0625 2296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/03/27 10:54:30.0640 2296 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/03/27 10:54:30.0671 2296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/03/27 10:54:30.0687 2296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/03/27 10:54:30.0703 2296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/03/27 10:54:30.0718 2296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/03/27 10:54:30.0750 2296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/03/27 10:54:30.0765 2296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/03/27 10:54:30.0781 2296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/03/27 10:54:30.0812 2296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/03/27 10:54:30.0906 2296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/03/27 10:54:30.0953 2296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/03/27 10:54:30.0984 2296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/03/27 10:54:31.0000 2296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/03/27 10:54:31.0015 2296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/03/27 10:54:31.0093 2296 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/03/27 10:54:31.0171 2296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/03/27 10:54:31.0203 2296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/03/27 10:54:31.0218 2296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/03/27 10:54:31.0265 2296 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/03/27 10:54:31.0328 2296 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
    2011/03/27 10:54:31.0421 2296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/03/27 10:54:31.0453 2296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/03/27 10:54:31.0484 2296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/03/27 10:54:31.0500 2296 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/03/27 10:54:31.0515 2296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/03/27 10:54:31.0531 2296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/03/27 10:54:31.0562 2296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/03/27 10:54:31.0609 2296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/03/27 10:54:31.0671 2296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/03/27 10:54:31.0703 2296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/03/27 10:54:31.0734 2296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/03/27 10:54:31.0781 2296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/03/27 10:54:31.0812 2296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/03/27 10:54:31.0828 2296 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/03/27 10:54:31.0890 2296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/03/27 10:54:31.0953 2296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/03/27 10:54:32.0000 2296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/03/27 10:54:32.0062 2296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/03/27 10:54:32.0109 2296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/03/27 10:54:32.0187 2296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/03/27 10:54:32.0218 2296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/03/27 10:54:32.0234 2296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/03/27 10:54:32.0296 2296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/03/27 10:54:32.0343 2296 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/03/27 10:54:32.0375 2296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/03/27 10:54:32.0406 2296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/03/27 10:54:32.0453 2296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/03/27 10:54:32.0515 2296 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    2011/03/27 10:54:32.0562 2296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/03/27 10:54:32.0640 2296 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/03/27 10:54:33.0609 2296 ================================================================================
    2011/03/27 10:54:33.0609 2296 Scan finished
    2011/03/27 10:54:33.0609 2296 ================================================================================
    2011/03/27 10:54:33.0625 2288 Detected object count: 1
    2011/03/27 10:54:43.0937 2288 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/03/27 10:54:43.0937 2288 \HardDisk0 - ok
    2011/03/27 10:54:43.0937 2288 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/03/27 10:54:49.0234 0228 Deinitialize success

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Make sure you reboot and then run this program


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    Having a bit of trouble disabling MSE...I try to open the program and it will not even open...so I thought perhaps it was disabled, however, CF detects that it is there along with McAfee Scan (I don't even have that listed anywhere to be able to shut it down...never knew it was even ON this computer)

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets run Combofix in Safemode

    Safemode with Network Support

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Mar 2011
    Location
    California
    Posts
    19

    Default

    Ok...I'm in Safe Mode...

    Do I need to attempt to disable anything at this point?

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    No, in safemode your AV and most programs will not load
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •