Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: JayBG needs help with malware removal

  1. #1
    Junior Member
    Join Date
    Nov 2011
    Posts
    7

    Exclamation JayBG needs help with malware removal

    Hi,

    I'm new to the forum but have had a problem for a few months now. I believed it was just adware that would pop up a new IE window, which was annoying but not necessarily malicious. Recently, though my computer will crash whenever video is run (seems to crash all video except WMV files).

    Some background:
    - Computer is several years old running Windows XP Home with service pack updates
    - we've been running AVAST! as our primary protection
    - based on some other sites I've tried Malewarebytes' Anti-Malware and Advanced System Care for periodic scans and system optimization (including registry fixes, which I now see is not recommended by this site)

    As directed by "before you post" thread, I have:
    - run ERUNT and created a registry backup point for this morning
    - run DDS with the DDS.txt file following and ATTACH.txt as an attachment

    Please let me know what to do next .... THANKS !!!!!!!!!!!!

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Run by ZZadmin at 10:41:03 on 2011-11-14
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.393 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Sony\Giga Pocket\shwserv.exe
    C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\xampp\mysql\bin\mysqld.exe
    C:\WINDOWS\System32\PnkBstrA.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Sony\Giga Pocket\RM_SV.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://file.net/process/_a.html
    uInternet Connection Wizard,ShellNext = iexplore
    mSearchAssistant =
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
    mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\vmware\vmware player\vsocklib.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://mygmgw.gm.com/http://usabhma20.mail.gm.com/iNotes.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma10.mail.gm.com/iNotes6W.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
    DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mygmgw.gm.com/http://usabhembma10.mail.gm.com/dwa8W.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{00D379ED-BD69-48C0-AC8D-9E38EFC56EEA} : NameServer = 192.168.1.1
    Notify: Themes - c:\windows\system32\o6480ghue6480.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\zzadmin\application data\mozilla\firefox\profiles\u7mv6nbs.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-25 13496]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 320856]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-25 353168]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-24 44768]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-25 821080]
    R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-10-14 86098]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
    S0 shzu;shzu;c:\windows\system32\drivers\mpfy.sys --> c:\windows\system32\drivers\mpfy.sys [?]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-8-21 24636]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-11-7 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
    S3 niemrkw;niemrkw;c:\windows\system32\drivers\niemrkw.sys --> c:\windows\system32\drivers\niemrkw.sys [?]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-9-2 50704]
    S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2005-9-29 131776]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
    S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
    S3 usb6xxxkw;usb6xxxkw;c:\windows\system32\drivers\usb6xxxkw.sys --> c:\windows\system32\drivers\usb6xxxkw.sys [?]
    S3 usb9162k;NI-USB 9162 Carrier Loader Driver;c:\windows\system32\drivers\usb9162k.sys --> c:\windows\system32\drivers\usb9162k.sys [?]
    S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
    S4 NiRioRpc;National Instruments RIO Server;c:\windows\system32\niriorpc.exe --> c:\windows\system32\NiRioRpc.exe [?]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
    .
    =============== Created Last 30 ================
    .
    2020-08-11 14:37:27 3991 ----a-w- c:\windows\system32\kbdcache.dll
    .
    ==================== Find3M ====================
    .
    2011-11-06 19:03:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST3160021A rev.3.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BEAEC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85952872; SUB DWORD [EBP-0x4], 0x8595212e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86FCCAB8]
    3 CLASSPNP[0xF759005B] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000070[0x86EC59E8]
    5 ACPI[0xF73CE620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F25940]
    [0x86DE6A78] -> IRP_MJ_CREATE -> 0x86BEAEC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST3160021A______________________________3.04____#4a35325348354748202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x86BEAAEA
    \Driver\atapi -> 0x86fd71f8
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 10:48:28.20 ===============

    Another symptom I forgot to mention was that Google searches get hijacked ... the search seems successful, but the links in the search results are all redirected to somewhere unintended by the user or Google.

    Thanks once again and let me know the next steps, PLEASE!!

    SpyBot S&D results:

    CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

    CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

    CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

    CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}

    CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

    CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

    CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

    CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}

    CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\TTB000001

    CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\TTB000001

    CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\TTB000001

    SearchPixieBar: [SBI $B4D617E4] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\BestToolbars\IEToolbar

    Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
    HKEY_USERS\.DEFAULT\Software\wnxmal

    Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\wnxmal

    Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-18\Software\wnxmal

    Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

    Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixing failed)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

    SpyOnThis: [SBI $6CD506DA] Class ID (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{2A1E37A4-04F1-5535-0715-F2C7C83EB4EE}

    SpyOnThis: [SBI $440C9E27] Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{041B0275E8944912A}

    SpyOnThis: [SBI $E281A2CC] Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{I41B0275E8944912A}

    SpyOnThis: [SBI $2517715A] Program directory (Directory, fixed)
    C:\Program Files\SpyOnThis\

    Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com

    Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com

    Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com

    Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1019\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com

    GameVance: [SBI $E776375B] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\gvtl

    GameVance: [SBI $E776375B] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\gvtl

    FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\FBSearch

    FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\FBSearch

    FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\FBSearch

    FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\FBSearch

    FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\FBSearch

    FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\TBSB07183

    FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\TBSB07183

    FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\TBSB07183

    FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\TBSB07183

    Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, fixed)
    HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

    DSSAgent: [SBI $BF58EA32] Global settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Broderbund software\dss

    Smitfraud-C.MSVPS: [SBI $6FE8300C] Text file (File, fixed)
    C:\WINDOWS\dat.txt
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Right Media: Tracking cookie (Internet Explorer: ZZadmin) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    BurstMedia: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: Guest (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    WebTrends live: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)


    Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    BlueStreak: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    BurstMedia: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    HitsLink: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    CoreMetrics: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    LinkSynergy: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    LinkSynergy: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    AdRevolver: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    WebTrends live: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    CoreMetrics: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    FastClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-11-14 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-08-29 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-09-27 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-10-31 Includes\Malware.sbi (*)
    2011-11-08 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-10-11 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-10-18 Includes\Spyware.sbi (*)
    2011-10-18 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2011-11-09 Includes\TrojansC-02.sbi (*)
    2011-11-09 Includes\TrojansC-03.sbi (*)
    2011-10-28 Includes\TrojansC-04.sbi (*)
    2011-11-03 Includes\TrojansC-05.sbi (*)
    2011-11-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by Blade81; 2011-11-15 at 16:43. Reason: Two posts merged. Helpers look for topics with 0 replies.

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Your infected with a Rootkit



    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)






    Then run DDS again and post a new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Nov 2011
    Posts
    7

    Exclamation TDSSkiller and SSD results

    FIRST, let me say THANKS a MILLION !! Your time and effort are greatly appreciated.

    TDSSKiller.2.6.18.0_15.11.2011_23.42.07_log
    ----------------------------------------------


    23:42:07.0968 4084 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
    23:42:08.0468 4084 ============================================================
    23:42:08.0468 4084 Current date / time: 2011/11/15 23:42:08.0468
    23:42:08.0468 4084 SystemInfo:
    23:42:08.0468 4084
    23:42:08.0468 4084 OS Version: 5.1.2600 ServicePack: 2.0
    23:42:08.0468 4084 Product type: Workstation
    23:42:08.0468 4084 ComputerName: CINDIE
    23:42:08.0468 4084 UserName: ZZadmin
    23:42:08.0468 4084 Windows directory: C:\WINDOWS
    23:42:08.0468 4084 System windows directory: C:\WINDOWS
    23:42:08.0468 4084 Processor architecture: Intel x86
    23:42:08.0468 4084 Number of processors: 2
    23:42:08.0468 4084 Page size: 0x1000
    23:42:08.0468 4084 Boot type: Normal boot
    23:42:08.0484 4084 ============================================================
    23:42:08.0484 4084 SetPrivileges failed!
    23:42:10.0625 4084 Initialize success
    23:42:29.0453 0720 ============================================================
    23:42:29.0453 0720 Scan started
    23:42:29.0453 0720 Mode: Manual;
    23:42:29.0453 0720 ============================================================
    23:42:29.0734 0720 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
    23:42:29.0734 0720 Aavmker4 - ok
    23:42:29.0812 0720 Abiosdsk - ok
    23:42:29.0875 0720 abp480n5 - ok
    23:42:29.0968 0720 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:42:29.0984 0720 ACPI - ok
    23:42:30.0093 0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:42:30.0093 0720 ACPIEC - ok
    23:42:30.0140 0720 adpu160m - ok
    23:42:30.0234 0720 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    23:42:30.0234 0720 aeaudio - ok
    23:42:30.0328 0720 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
    23:42:30.0328 0720 aec - ok
    23:42:30.0453 0720 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    23:42:30.0453 0720 AFD - ok
    23:42:30.0625 0720 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    23:42:30.0718 0720 AgereSoftModem - ok
    23:42:30.0843 0720 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    23:42:30.0843 0720 agp440 - ok
    23:42:30.0890 0720 Aha154x - ok
    23:42:30.0953 0720 aic78u2 - ok
    23:42:31.0031 0720 aic78xx - ok
    23:42:31.0078 0720 AliIde - ok
    23:42:31.0125 0720 amsint - ok
    23:42:31.0218 0720 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:42:31.0218 0720 Arp1394 - ok
    23:42:31.0250 0720 asc - ok
    23:42:31.0296 0720 asc3350p - ok
    23:42:31.0328 0720 asc3550 - ok
    23:42:31.0421 0720 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    23:42:31.0421 0720 aswFsBlk - ok
    23:42:31.0468 0720 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
    23:42:31.0484 0720 aswMon2 - ok
    23:42:31.0562 0720 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
    23:42:31.0562 0720 aswRdr - ok
    23:42:31.0656 0720 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
    23:42:31.0718 0720 aswSnx - ok
    23:42:31.0875 0720 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
    23:42:31.0890 0720 aswSP - ok
    23:42:32.0000 0720 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
    23:42:32.0015 0720 aswTdi - ok
    23:42:32.0078 0720 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:42:32.0078 0720 AsyncMac - ok
    23:42:32.0125 0720 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:42:32.0140 0720 atapi - ok
    23:42:32.0171 0720 Atdisk - ok
    23:42:32.0265 0720 ati2mtag (8a4bb7291606fba4eaafd7b5604255a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:42:32.0296 0720 ati2mtag - ok
    23:42:32.0421 0720 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:42:32.0437 0720 Atmarpc - ok
    23:42:32.0562 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:42:32.0562 0720 audstub - ok
    23:42:32.0687 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:42:32.0687 0720 Beep - ok
    23:42:32.0828 0720 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
    23:42:32.0843 0720 Bridge - ok
    23:42:32.0859 0720 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
    23:42:32.0859 0720 BridgeMP - ok
    23:42:32.0968 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:42:32.0968 0720 cbidf2k - ok
    23:42:33.0046 0720 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:42:33.0046 0720 CCDECODE - ok
    23:42:33.0078 0720 cd20xrnt - ok
    23:42:33.0171 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:42:33.0171 0720 Cdaudio - ok
    23:42:33.0234 0720 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:42:33.0234 0720 Cdfs - ok
    23:42:33.0281 0720 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:42:33.0296 0720 Cdrom - ok
    23:42:33.0328 0720 Changer - ok
    23:42:33.0390 0720 CmdIde - ok
    23:42:33.0453 0720 Cpqarray - ok
    23:42:33.0531 0720 dac2w2k - ok
    23:42:33.0593 0720 dac960nt - ok
    23:42:33.0718 0720 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:42:33.0718 0720 Disk - ok
    23:42:33.0843 0720 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    23:42:33.0875 0720 dmboot - ok
    23:42:34.0000 0720 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
    23:42:34.0000 0720 DMICall - ok
    23:42:34.0078 0720 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    23:42:34.0078 0720 dmio - ok
    23:42:34.0171 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:42:34.0171 0720 dmload - ok
    23:42:34.0250 0720 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    23:42:34.0250 0720 DMusic - ok
    23:42:34.0312 0720 dpti2o - ok
    23:42:34.0375 0720 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:42:34.0375 0720 drmkaud - ok
    23:42:34.0515 0720 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    23:42:34.0515 0720 E100B - ok
    23:42:34.0640 0720 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
    23:42:34.0640 0720 FANTOM - ok
    23:42:34.0718 0720 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:42:34.0718 0720 Fastfat - ok
    23:42:34.0890 0720 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:42:34.0890 0720 Fdc - ok
    23:42:35.0125 0720 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
    23:42:35.0125 0720 FileMonitor - ok
    23:42:35.0250 0720 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    23:42:35.0250 0720 Fips - ok
    23:42:35.0312 0720 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:42:35.0312 0720 Flpydisk - ok
    23:42:35.0406 0720 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:42:35.0406 0720 FltMgr - ok
    23:42:35.0484 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:42:35.0500 0720 Fs_Rec - ok
    23:42:35.0578 0720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:42:35.0593 0720 Ftdisk - ok
    23:42:35.0687 0720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:42:35.0703 0720 GEARAspiWDM - ok
    23:42:35.0828 0720 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:42:35.0828 0720 Gpc - ok
    23:42:35.0968 0720 hcmon (ac6586971883c28c1d9e77f921b6105f) C:\WINDOWS\system32\drivers\hcmon.sys
    23:42:35.0968 0720 hcmon - ok
    23:42:36.0062 0720 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:42:36.0062 0720 HidUsb - ok
    23:42:36.0125 0720 hpn - ok
    23:42:36.0203 0720 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    23:42:36.0218 0720 HPZid412 - ok
    23:42:36.0296 0720 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    23:42:36.0296 0720 HPZipr12 - ok
    23:42:36.0375 0720 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    23:42:36.0375 0720 HPZius12 - ok
    23:42:36.0500 0720 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:42:36.0515 0720 HTTP - ok
    23:42:36.0593 0720 i2omgmt - ok
    23:42:36.0656 0720 i2omp - ok
    23:42:36.0781 0720 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:42:36.0781 0720 i8042prt - ok
    23:42:36.0875 0720 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    23:42:36.0890 0720 ialm - ok
    23:42:36.0968 0720 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:42:36.0968 0720 Imapi - ok
    23:42:37.0031 0720 ini910u - ok
    23:42:37.0093 0720 IntelIde - ok
    23:42:37.0171 0720 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:42:37.0171 0720 intelppm - ok
    23:42:37.0250 0720 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:42:37.0250 0720 ip6fw - ok
    23:42:37.0343 0720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:42:37.0343 0720 IpFilterDriver - ok
    23:42:37.0421 0720 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:42:37.0421 0720 IpInIp - ok
    23:42:37.0468 0720 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:42:37.0484 0720 IpNat - ok
    23:42:37.0609 0720 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:42:37.0609 0720 IPSec - ok
    23:42:37.0656 0720 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:42:37.0656 0720 IRENUM - ok
    23:42:37.0765 0720 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:42:37.0765 0720 isapnp - ok
    23:42:37.0890 0720 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:42:37.0890 0720 Kbdclass - ok
    23:42:37.0937 0720 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
    23:42:37.0953 0720 kmixer - ok
    23:42:38.0046 0720 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:42:38.0046 0720 KSecDD - ok
    23:42:38.0109 0720 lbrtfdc - ok
    23:42:38.0234 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:42:38.0234 0720 mnmdd - ok
    23:42:38.0328 0720 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    23:42:38.0328 0720 Modem - ok
    23:42:38.0375 0720 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:42:38.0375 0720 Mouclass - ok
    23:42:38.0453 0720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:42:38.0468 0720 mouhid - ok
    23:42:38.0578 0720 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:42:38.0578 0720 MountMgr - ok
    23:42:38.0640 0720 mraid35x - ok
    23:42:38.0734 0720 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:42:38.0734 0720 MRxDAV - ok
    23:42:38.0890 0720 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:42:38.0921 0720 MRxSmb - ok
    23:42:39.0046 0720 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    23:42:39.0062 0720 Msfs - ok
    23:42:39.0109 0720 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:42:39.0109 0720 MSKSSRV - ok
    23:42:39.0187 0720 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:42:39.0187 0720 MSPCLOCK - ok
    23:42:39.0281 0720 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:42:39.0281 0720 MSPQM - ok
    23:42:39.0359 0720 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:42:39.0359 0720 mssmbios - ok
    23:42:39.0437 0720 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:42:39.0437 0720 MSTEE - ok
    23:42:39.0500 0720 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    23:42:39.0500 0720 Mup - ok
    23:42:39.0593 0720 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:42:39.0609 0720 NABTSFEC - ok
    23:42:39.0718 0720 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    23:42:39.0718 0720 NDIS - ok
    23:42:39.0843 0720 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:42:39.0843 0720 NdisIP - ok
    23:42:39.0921 0720 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:42:39.0921 0720 NdisTapi - ok
    23:42:40.0015 0720 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:42:40.0015 0720 Ndisuio - ok
    23:42:40.0062 0720 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:42:40.0062 0720 NdisWan - ok
    23:42:40.0156 0720 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:42:40.0156 0720 NDProxy - ok
    23:42:40.0234 0720 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:42:40.0234 0720 NetBIOS - ok
    23:42:40.0343 0720 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:42:40.0359 0720 NetBT - ok
    23:42:40.0468 0720 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:42:40.0468 0720 NIC1394 - ok
    23:42:40.0515 0720 niemrkw - ok
    23:42:40.0656 0720 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    23:42:40.0656 0720 nm - ok
    23:42:40.0734 0720 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
    23:42:40.0750 0720 NPF - ok
    23:42:40.0859 0720 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    23:42:40.0859 0720 Npfs - ok
    23:42:40.0921 0720 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:42:40.0937 0720 Ntfs - ok
    23:42:41.0093 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:42:41.0093 0720 Null - ok
    23:42:41.0171 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:42:41.0171 0720 NwlnkFlt - ok
    23:42:41.0250 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:42:41.0265 0720 NwlnkFwd - ok
    23:42:41.0343 0720 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:42:41.0343 0720 ohci1394 - ok
    23:42:41.0468 0720 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:42:41.0468 0720 Parport - ok
    23:42:41.0609 0720 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:42:41.0609 0720 PartMgr - ok
    23:42:41.0718 0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:42:41.0718 0720 ParVdm - ok
    23:42:41.0796 0720 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:42:41.0812 0720 PCI - ok
    23:42:41.0890 0720 PCIDump - ok
    23:42:42.0015 0720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:42:42.0015 0720 PCIIde - ok
    23:42:42.0140 0720 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:42:42.0140 0720 Pcmcia - ok
    23:42:42.0187 0720 PDCOMP - ok
    23:42:42.0234 0720 PDFRAME - ok
    23:42:42.0281 0720 PDRELI - ok
    23:42:42.0312 0720 PDRFRAME - ok
    23:42:42.0359 0720 perc2 - ok
    23:42:42.0406 0720 perc2hib - ok
    23:42:42.0562 0720 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:42:42.0578 0720 PptpMiniport - ok
    23:42:42.0656 0720 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:42:42.0656 0720 Processor - ok
    23:42:42.0734 0720 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:42:42.0750 0720 PSched - ok
    23:42:42.0828 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:42:42.0843 0720 Ptilink - ok
    23:42:42.0921 0720 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:42:42.0937 0720 PxHelp20 - ok
    23:42:42.0984 0720 ql1080 - ok
    23:42:43.0031 0720 Ql10wnt - ok
    23:42:43.0062 0720 ql12160 - ok
    23:42:43.0109 0720 ql1240 - ok
    23:42:43.0156 0720 ql1280 - ok
    23:42:43.0234 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:42:43.0234 0720 RasAcd - ok
    23:42:43.0328 0720 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:42:43.0328 0720 Rasl2tp - ok
    23:42:43.0406 0720 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:42:43.0406 0720 RasPppoe - ok
    23:42:43.0500 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:42:43.0515 0720 Raspti - ok
    23:42:43.0640 0720 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:42:43.0640 0720 Rdbss - ok
    23:42:43.0796 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:42:43.0796 0720 RDPCDD - ok
    23:42:43.0906 0720 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:42:43.0906 0720 RDPWD - ok
    23:42:44.0031 0720 redbook (86d3afb02bef12949b26e0ba966bd252) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:42:44.0031 0720 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 86d3afb02bef12949b26e0ba966bd252, Fake md5: b31b4588e4086d8d84adbf9845c2402b
    23:42:44.0031 0720 redbook ( Rootkit.Win32.TDSS.tdl3 ) - infected
    23:42:44.0031 0720 redbook - detected Rootkit.Win32.TDSS.tdl3 (0)
    23:42:44.0234 0720 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
    23:42:44.0234 0720 RegFilter - ok
    23:42:44.0343 0720 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    23:42:44.0359 0720 RimVSerPort - ok
    23:42:44.0484 0720 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
    23:42:44.0500 0720 RsFx0102 - ok
    23:42:44.0640 0720 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:42:44.0640 0720 Secdrv - ok
    23:42:44.0750 0720 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
    23:42:44.0750 0720 Serial - ok
    23:42:44.0890 0720 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:42:44.0890 0720 Sfloppy - ok
    23:42:44.0968 0720 shzu - ok
    23:42:45.0031 0720 Simbad - ok
    23:42:45.0125 0720 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:42:45.0140 0720 SLIP - ok
    23:42:45.0218 0720 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    23:42:45.0218 0720 SmartDefragDriver - ok
    23:42:45.0328 0720 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys
    23:42:45.0390 0720 smrt - ok
    23:42:45.0531 0720 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
    23:42:45.0593 0720 smwdm - ok
    23:42:45.0687 0720 Sparrow - ok
    23:42:45.0796 0720 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
    23:42:45.0812 0720 splitter - ok
    23:42:45.0953 0720 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    23:42:45.0968 0720 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    23:42:45.0968 0720 sptd ( LockedFile.Multi.Generic ) - warning
    23:42:45.0968 0720 sptd - detected LockedFile.Multi.Generic (1)
    23:42:46.0109 0720 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:42:46.0109 0720 sr - ok
    23:42:46.0265 0720 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:42:46.0281 0720 Srv - ok
    23:42:46.0421 0720 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
    23:42:46.0421 0720 StarOpen - ok
    23:42:46.0546 0720 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    23:42:46.0546 0720 StillCam - ok
    23:42:46.0734 0720 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:42:46.0734 0720 streamip - ok
    23:42:46.0843 0720 STVqx3 (65ba7d9daca76f67bb5a62f3570c5fe5) C:\WINDOWS\system32\drivers\STVqx3.sys
    23:42:46.0843 0720 STVqx3 - ok
    23:42:47.0000 0720 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:42:47.0000 0720 swenum - ok
    23:42:47.0078 0720 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    23:42:47.0093 0720 swmidi - ok
    23:42:47.0171 0720 symc810 - ok
    23:42:47.0250 0720 symc8xx - ok
    23:42:47.0312 0720 sym_hi - ok
    23:42:47.0375 0720 sym_u3 - ok
    23:42:47.0484 0720 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:42:47.0484 0720 sysaudio - ok
    23:42:47.0625 0720 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:42:47.0640 0720 Tcpip - ok
    23:42:47.0765 0720 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:42:47.0765 0720 TDPIPE - ok
    23:42:47.0875 0720 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:42:47.0875 0720 TDTCP - ok
    23:42:48.0031 0720 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
    23:42:48.0031 0720 teamviewervpn - ok
    23:42:48.0140 0720 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:42:48.0140 0720 TermDD - ok
    23:42:48.0234 0720 TMPassthruMP - ok
    23:42:48.0296 0720 TosIde - ok
    23:42:48.0421 0720 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    23:42:48.0421 0720 Udfs - ok
    23:42:48.0531 0720 ultra - ok
    23:42:48.0656 0720 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
    23:42:48.0671 0720 Update - ok
    23:42:48.0906 0720 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
    23:42:48.0906 0720 UrlFilter - ok
    23:42:49.0000 0720 usb6xxxkw - ok
    23:42:49.0078 0720 usb9162k - ok
    23:42:49.0187 0720 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:42:49.0203 0720 USBAAPL - ok
    23:42:49.0265 0720 usbbus - ok
    23:42:49.0375 0720 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:42:49.0375 0720 usbccgp - ok
    23:42:49.0468 0720 UsbDiag - ok
    23:42:49.0578 0720 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:42:49.0578 0720 usbehci - ok
    23:42:49.0687 0720 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:42:49.0687 0720 usbhub - ok
    23:42:49.0765 0720 USBModem - ok
    23:42:49.0875 0720 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:42:49.0875 0720 usbprint - ok
    23:42:49.0968 0720 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:42:49.0968 0720 usbscan - ok
    23:42:50.0062 0720 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:42:50.0062 0720 usbstor - ok
    23:42:50.0140 0720 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:42:50.0140 0720 usbuhci - ok
    23:42:50.0328 0720 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    23:42:50.0328 0720 VgaSave - ok
    23:42:50.0359 0720 ViaIde - ok
    23:42:50.0453 0720 vmci (eca058fdf9105001b113441f6d420fa4) C:\WINDOWS\system32\Drivers\vmci.sys
    23:42:50.0468 0720 vmci - ok
    23:42:50.0578 0720 vmkbd (c993e9325c68dd1f6ee4a8151b34f442) C:\WINDOWS\system32\drivers\VMkbd.sys
    23:42:50.0593 0720 vmkbd - ok
    23:42:50.0687 0720 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
    23:42:50.0687 0720 VMnetAdapter - ok
    23:42:50.0765 0720 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
    23:42:50.0781 0720 VMnetBridge - ok
    23:42:50.0843 0720 VMnetuserif (5f1ba57c5882cedf70b14de331f06ee0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
    23:42:50.0843 0720 VMnetuserif - ok
    23:42:50.0921 0720 VMparport (c04e55f58d9871da1b153b48889f594f) C:\WINDOWS\system32\Drivers\VMparport.sys
    23:42:50.0937 0720 VMparport - ok
    23:42:51.0031 0720 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
    23:42:51.0031 0720 vmusb - ok
    23:42:51.0171 0720 vmx86 (72defa27db4a31e11740e12d745a70f3) C:\WINDOWS\system32\Drivers\vmx86.sys
    23:42:51.0203 0720 vmx86 - ok
    23:42:51.0328 0720 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:42:51.0328 0720 VolSnap - ok
    23:42:51.0484 0720 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
    23:42:51.0484 0720 vstor2-ws60 - ok
    23:42:51.0640 0720 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:42:51.0640 0720 Wanarp - ok
    23:42:51.0750 0720 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    23:42:51.0750 0720 wanatw - ok
    23:42:51.0796 0720 WDICA - ok
    23:42:51.0875 0720 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:42:51.0890 0720 wdmaud - ok
    23:42:52.0125 0720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    23:42:52.0125 0720 WpdUsb - ok
    23:42:52.0218 0720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:42:52.0234 0720 WS2IFSL - ok
    23:42:52.0328 0720 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:42:52.0328 0720 WSTCODEC - ok
    23:42:52.0421 0720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:42:52.0437 0720 WudfPf - ok
    23:42:52.0500 0720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:42:52.0500 0720 WudfRd - ok
    23:42:52.0671 0720 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
    23:42:52.0687 0720 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
    23:42:52.0843 0720 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
    23:42:52.0843 0720 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
    23:42:52.0875 0720 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
    23:42:53.0109 0720 \Device\Harddisk0\DR0 - ok
    23:42:53.0125 0720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    23:42:53.0140 0720 \Device\Harddisk1\DR1 - ok
    23:42:53.0156 0720 Boot (0x1200) (711c73626a2c51579528f2eb42a25390) \Device\Harddisk0\DR0\Partition0
    23:42:53.0156 0720 \Device\Harddisk0\DR0\Partition0 - ok
    23:42:53.0171 0720 Boot (0x1200) (44915dd5061ea9ca725b40cb52ee464b) \Device\Harddisk1\DR1\Partition0
    23:42:53.0171 0720 \Device\Harddisk1\DR1\Partition0 - ok
    23:42:53.0187 0720 ============================================================
    23:42:53.0187 0720 Scan finished
    23:42:53.0187 0720 ============================================================
    23:42:53.0218 0396 Detected object count: 2
    23:42:53.0218 0396 Actual detected object count: 2
    23:44:42.0531 0396 Backup copy found, using it..
    23:44:42.0562 0396 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
    23:44:42.0562 0396 redbook ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
    23:44:42.0562 0396 sptd ( LockedFile.Multi.Generic ) - skipped by user
    23:44:42.0562 0396 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:45:20.0421 3264 Deinitialize success








    SSD results:
    -------------------------------


    DoubleClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-11-14 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-08-29 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-09-27 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-10-31 Includes\Malware.sbi (*)
    2011-11-08 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-10-11 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-10-18 Includes\Spyware.sbi (*)
    2011-10-18 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2011-11-09 Includes\TrojansC-02.sbi (*)
    2011-11-09 Includes\TrojansC-03.sbi (*)
    2011-10-28 Includes\TrojansC-04.sbi (*)
    2011-11-03 Includes\TrojansC-05.sbi (*)
    2011-11-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Post a new DDS log not SSD please

    With Rootkit type of infections there could be more lurking, lets do this


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Last edited by ken545; 2011-11-16 at 10:59.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Nov 2011
    Posts
    7

    Exclamation

    Thanks for the help, but I have been unsuccessful at installing and runnning ComboFix.

    The only software that I found and disabled were the AVAST free antivirus and IOBits Malware Fighter. After disabling those, I tried to download ComboFix, but on installation, it was extracting dozens of files and then just quit. The installation text box disappeared and no other window or dialogbox popped up. After verifying the disabled status of those two software packages, I tried ComboFix a second time with the same result.

    My guess is that I am missing some other anti-spy antil-malware software that does not show up in the online list or in my quick link tray. Any suggestions?

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets try running Combofix in Safemode


    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Nov 2011
    Posts
    7

    Default

    Hello again.

    Thanks for the tips on running in Safe Mode.

    It took me a while, as I had to get a VGA monitor hooked up, as my computer does not output DVI until later in the boot process, so I never saw the safemode menus with the DVI. Anyway ...

    Was able to run ComboFix in safemode, but it insisted Avast! was still scanning, although I had disabled all 8 sheilds repeatedly. So that scared me (warning that it was running at my risk of machine damage) .. so the first two times I aborted by rebooting

    Anyway, it finally fully executed and I followed that up with a DDS scan. All three files (log from ComboFix, DDS.txt and Attach.txt) are attachments to this message.

    I am running SSD now, but it will be an hour or more .. will post results if you want me to.

    Thanks again!!



    ComboFix 11-11-19.03 - ZZadmin 11/19/2011 10:56:39.1.2 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.760 [GMT -5:00]
    Running from: c:\documents and settings\ZZadmin\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\AMMYY
    c:\documents and settings\All Users\Application Data\AMMYY\hr
    c:\documents and settings\All Users\Application Data\AMMYY\settings.bin
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setup.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setupx.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\20100709075325.log
    c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.dat
    c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.ico
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\BB960BFC.TMP
    c:\documents and settings\Olivia\WINDOWS
    c:\program files\Common Files\ofmf
    c:\program files\Common Files\ofmf\ofmfa.lck
    c:\program files\Common Files\ofmf\ofmfd\class-barrel
    c:\program files\Common Files\ofmf\ofmfd\vocabulary
    c:\program files\Common Files\ofmf\ofmfl.lck
    c:\program files\Common Files\ofmf\ofmfm.lck
    c:\windows\desktop
    c:\windows\Downloaded Program Files\RdxIE.dll
    c:\windows\Downloaded Program Files\Temp
    c:\windows\help\wmplayer.bak
    c:\windows\iun6002.exe
    c:\windows\search_res.txt
    c:\windows\system32\components
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\res
    c:\windows\system32\wnsapisv.exe
    c:\windows\system32\wpcap.dll
    c:\windows\system32\zlibwapi.dll
    c:\windows\windowsmedia-kb828026-x86-enu.exe
    c:\windows\windowsmedia9-kb819639-x86-enu.exe
    c:\windows\windowsxp-kb817611-x86-enu.exe
    c:\windows\windowsxp-kb820291-x86-enu.exe
    c:\windows\windowsxp-kb822827-x86-enu.exe
    c:\windows\windowsxp-kb823182-x86-enu.exe
    c:\windows\windowsxp-kb824105-x86-enu.exe
    c:\windows\windowsxp-kb824141-x86-enu.exe
    c:\windows\windowsxp-kb824146-x86-enu.exe
    c:\windows\windowsxp-kb825119-x86-enu.exe
    c:\windows\windowsxp-kb825121-x86-enu.exe
    c:\windows\windowsxp-kb826939-x86-enu.exe
    c:\windows\windowsxp-kb826959-x86-enu.exe
    c:\windows\windowsxp-kb828028-x86-enu.exe
    c:\windows\windowsxp-kb828035-x86-enu.exe
    c:\windows\wnsxs~1
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Legacy_WINDOWS_OVERLAY_COMPONENTS
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
    .
    .
    2020-08-11 14:37 . 2020-08-11 15:26 3991 ----a-w- c:\windows\system32\kbdcache.dll
    2011-11-17 00:33 . 2011-11-17 00:33 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
    2011-11-17 00:29 . 2011-11-17 00:29 -------- d-----w- c:\documents and settings\ZZadmin\Local Settings\Application Data\Solid State Networks
    2011-11-17 00:27 . 2011-11-17 00:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-16 23:50 . 2011-11-16 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2011-11-14 17:39 . 2011-11-14 18:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-14 15:34 . 2011-11-14 15:36 -------- d-----w- c:\program files\ERUNT
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-16 04:46 . 2004-03-31 13:05 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-11-06 19:03 . 2010-09-02 00:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-06 20:45 . 2010-10-24 14:07 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 20:45 . 2009-06-25 22:51 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 20:38 . 2011-05-13 20:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 20:37 . 2009-06-25 22:51 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 20:36 . 2009-06-25 22:51 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 20:36 . 2009-06-25 22:51 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 20:36 . 2009-06-25 22:51 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-06 20:36 . 2009-06-25 22:51 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-06 20:36 . 2009-06-25 22:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-06 20:33 . 2009-06-25 22:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-08-31 22:00 . 2010-09-02 00:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-16 335872]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
    .
    c:\documents and settings\Guest\Start Menu\Programs\Startup\
    V CAST Media Monitor.lnk - c:\program files\V CAST Media Manager\MEMonitor.exe [2010-3-21 2991464]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
    "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
    "c:\\xampp\\apache\\bin\\httpd.exe"=
    "c:\\xampp\\mysql\\bin\\mysqld.exe"=
    "c:\\xampp\\MercuryMail\\mercury.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\mektek.net\\MTX\\mtx.exe"=
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/25/2011 12:04 PM 13496]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2008 5:51 PM 717296]
    S0 shzu;shzu;c:\windows\system32\drivers\mpfy.sys --> c:\windows\system32\drivers\mpfy.sys [?]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/13/2011 3:17 PM 442200]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/25/2009 5:51 PM 320856]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/16/2011 6:49 PM 490840]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [8/21/2009 11:17 AM 24636]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/25/2009 5:51 PM 20568]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/24/2010 9:08 AM 136176]
    S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/25/2011 12:04 PM 820568]
    S2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [10/14/2004 5:30 PM 86098]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [3/26/2009 9:58 PM 54960]
    S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [11/7/2006 5:02 PM 39424]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/24/2010 9:08 AM 136176]
    S3 niemrkw;niemrkw;c:\windows\system32\DRIVERS\niemrkw.sys --> c:\windows\system32\DRIVERS\niemrkw.sys [?]
    S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [11/14/2011 12:24 PM 30368]
    S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [9/29/2005 3:52 PM 131776]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/11/2010 4:17 AM 25088]
    S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
    S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [11/14/2011 12:24 PM 16208]
    S3 usb6xxxkw;usb6xxxkw;c:\windows\system32\DRIVERS\usb6xxxkw.sys --> c:\windows\system32\DRIVERS\usb6xxxkw.sys [?]
    S3 usb9162k;NI-USB 9162 Carrier Loader Driver;c:\windows\system32\DRIVERS\usb9162k.sys --> c:\windows\system32\DRIVERS\usb9162k.sys [?]
    S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\program files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [11/14/2011 12:24 PM 239472]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
    S4 NiRioRpc;National Instruments RIO Server;c:\windows\system32\NiRioRpc.exe --> c:\windows\system32\NiRioRpc.exe [?]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:07]
    .
    2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-24 14:07]
    .
    2011-11-19 c:\windows\Tasks\User_Feed_Synchronization-{056B7D34-B07B-4BFB-B256-0823BB5D667A}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    2011-11-19 c:\windows\Tasks\User_Feed_Synchronization-{99A3DB5B-40AB-4547-8310-1B14D1112E9C}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    2011-11-19 c:\windows\Tasks\User_Feed_Synchronization-{B53B5342-0B01-4984-9240-16FCDB1D2A7E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    2011-11-19 c:\windows\Tasks\User_Feed_Synchronization-{B9B78A04-42C7-480A-A6F4-D57AECFE97D5}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://file.net/process/_a.html
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    LSP: c:\program files\VMware\VMware Player\vsocklib.dll
    TCP: Interfaces\{00D379ED-BD69-48C0-AC8D-9E38EFC56EEA}: NameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\ZZadmin\Application Data\Mozilla\Firefox\Profiles\u7mv6nbs.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-Themes - c:\windows\system32\o6480ghue6480.dll
    SafeBoot-93410293.sys
    AddRemove-HijackThis - j:\portableapps\HiJackThis\HijackThis.exe
    AddRemove-{E7269FD6-34EA-4617-8752-6739AA384080} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{E7269~1\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-19 11:09
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.EXE'(1392)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    .
    Completion time: 2011-11-19 11:17:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-19 16:17
    .
    Pre-Run: 65,557,426,176 bytes free
    Post-Run: 65,807,409,152 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 7238C42AB4BA39B990AE3C10594066E0
    Last edited by ken545; 2011-11-19 at 19:15.

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You did just fine, things are looking better. I dont need the SSD report

    How are things running now, any better ???


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Nov 2011
    Posts
    7

    Default

    MBAM found 8 related items and required a reboot. The log file is attached.

    To verify the reboot deletion was successful, I re-ran MBAM ... that file is attached as well.

    -------------

    Regarding how things are running, I believe most symptoms are gone.
    The only remaining symptom that I seem to have is a system crash (reboot) whenever we try to run videos like youtube or news feeds. The exception seems to be WMV files, which apparently run fine.

    I'm thinking that something was deleted incorrectly by some earlier attempt to clean up the system.

    THANKS AGAIN for all the help .. any further tips would also be appreciated

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Do me a favor and just copy and paste the logs we ask for into this thread in lew of attaching them, its easier on these old eyes to analyze.


    As far as running videos, when where done I will link you to another forum that can help you with that as we just do malware removal on this one.



    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •