Ussrch google redirect

UssrchVictim

New member
Hello dear analysts, I found myself to be infected with some Malware or Virus that keeps redirecting me when I click on google results. it still loads the URL into the URL-field but it displays a completely different page. Any help towards resolving this issue would be greatly appreciated. Here is what I did so far:

I ran Antivir's complete scan
I ran Spybot SD

both programs found things unknown to me, stupid as I am around such things I just clicked remove without noting any names or anything. Anyhow, the problem kept on occuring which made me assume that the removed stuff was not it.

here is my DDS-log:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Schorsch at 14:08:14 on 2011-07-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2770 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
D:\Program Files (x86)\Winamp\winampa.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\games\LoL\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
D:\games\LoL\RADS\projects\lol_launcher\releases\0.0.0.25\deploy\LoLLauncher.exe
D:\Program Files (x86)\QIP\qip.exe
D:\Program Files (x86)\Firefox\firefox.exe
D:\Program Files (x86)\Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [IpSharkk] "D:\Program Files\IpSharkk\IpSharkk.exe" /auto
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "D:\Program Files (x86)\Winamp\winampa.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Schorsch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - D:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\Schorsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\24B4140294D637960234164736865627 : DhcpNameServer = 192.168.1.1 217.237.149.142
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\46C696E6B613639316 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\651474C4941474C494 : DhcpNameServer = 192.168.2.11
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\66279647A72323 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\75C414E4D2030313643364932333832453 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\75C414E4D2736453442313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\8656E6E65637E65647A7 : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
{32099AAC-C132-4136-9E9A-4E364A424E17}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WinampAgent] "D:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Schorsch\AppData\Roaming\Mozilla\Firefox\Profiles\khytt9qe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search
FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-6-19 136360]
R2 AntiVirService;Avira AntiVir Guard;D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-6-19 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-6-3 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-2-4 341296]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-23 1153368]
R2 TeamViewer5;TeamViewer 5;D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys --> C:\Windows\system32\drivers\sfdrv01a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
.
=============== Created Last 30 ================
.
2011-06-23 11:38:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-19 21:15:11 -------- d-----w- C:\Users\Schorsch\AppData\Roaming\Avira
2011-06-19 21:08:41 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-06-19 21:08:41 -------- d-----w- C:\ProgramData\Avira
2011-06-19 20:51:12 -------- d-----we C:\Windows\system64
2011-06-19 20:44:43 -------- d-----w- C:\ProgramData\PC Drivers HeadQuarters
2011-06-19 18:39:04 -------- d-----w- C:\Users\Schorsch\AppData\Roaming\GetRightToGo
.
==================== Find3M ====================
.
2011-05-04 02:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-20 02:44:48 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-04-20 02:30:16 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
2011-04-20 02:09:18 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-04-20 02:09:04 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-04-20 02:07:46 795648 ----a-w- C:\Windows\System32\aticfx64.dll
2011-04-20 02:07:02 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-04-20 02:05:08 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-04-20 02:04:54 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-04-20 02:04:18 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-04-20 02:03:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-04-20 02:02:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-04-20 02:02:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-04-20 02:02:30 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-04-20 02:02:24 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-04-20 02:02:20 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-04-20 02:02:16 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-04-20 01:59:20 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-04-20 01:49:30 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
2011-04-20 01:46:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-04-20 01:46:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-04-20 01:46:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-04-20 01:46:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-04-20 01:45:52 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-04-20 01:42:04 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-04-20 01:40:48 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-04-20 01:40:14 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-04-20 01:40:02 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-04-20 01:38:04 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-04-20 01:31:12 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
2011-04-20 01:30:36 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-04-20 01:27:00 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-04-20 01:23:12 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-04-20 01:23:06 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-04-20 01:22:54 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-04-20 01:22:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-04-20 01:22:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-04-20 01:22:48 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-04-20 01:22:40 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-04-20 01:22:32 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-04-20 01:21:44 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-04-20 01:21:38 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-04-20 01:21:32 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-04-20 01:21:24 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-04-20 01:20:50 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-04-20 01:13:36 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-04-20 01:13:36 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-04-20 01:13:28 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-04-20 01:13:28 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-04-19 20:10:34 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-04-19 20:10:32 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-04-19 20:10:22 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-04-19 20:10:18 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-04-19 20:10:14 16116224 ----a-w- C:\Windows\System32\amdocl64.dll
2011-04-19 20:10:02 12385280 ----a-w- C:\Windows\SysWow64\amdocl.dll
.
============= FINISH: 14:09:11,88 ===============


attached you will find the attach.txt that ERUNT produced.


when I ran spybot SD there was nothing it could not remove. as the sticky post advises, I am only supposed to post its log when it cannot remove something, did I understand that correctly? If not, I can post that log in no time.

Thank you in advance for taking the time to help me.

Sincerely,

Adrian
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Lets see if there is a rootkit involved

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 
Thank you for replying. I downloaded the aswMBR.exe and ran it. It asked me if I would want it to download the newest avast! definitions. I thought it won't hurt and did so, was that correct? Optional? A mistake?

Here is my aswMBR-Log.

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-19 13:37:52
-----------------------------
13:37:52.110 OS Version: Windows x64 6.1.7600
13:37:52.110 Number of processors: 2 586 0x301
13:37:52.111 ComputerName: SCHORSCH-PC UserName: Schorsch
13:37:52.779 Initialize success
13:38:41.176 AVAST engine defs: 11071900
13:38:51.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:38:51.599 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 11
13:38:51.612 Disk 0 MBR read successfully
13:38:51.615 Disk 0 MBR scan
13:38:51.622 Disk 0 Windows 7 default MBR code
13:38:51.627 Service scanning
13:38:52.694 Disk 0 trace - called modules:
13:38:52.758 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80048512c0]<<
13:38:52.762 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b7a060]
13:38:52.767 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004958060]
13:38:52.772 \Driver\atapi[0xfffffa8004934060] -> IRP_MJ_CREATE -> 0xfffffa80048512c0
13:38:57.237 AVAST engine scan C:\Windows
13:39:00.481 AVAST engine scan C:\Windows\system32
13:39:18.746 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
13:41:41.126 AVAST engine scan C:\Windows\system32\drivers
13:41:57.061 AVAST engine scan C:\Users\Schorsch
13:50:50.685 AVAST engine scan C:\ProgramData
13:51:38.613 Scan finished successfully
13:56:48.137 Disk 0 MBR has been saved successfully to "C:\Users\Schorsch\Desktop\MBR.dat"
13:56:48.144 The log file has been saved successfully to "C:\Users\Schorsch\Desktop\aswMBR.txt"


Again, thank you for helping me. :)
 
Hello Adrian,

You did just fine, looks like a Rootkit is involved

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Hello Ken,

thank you for the quick reply.

I did the scan, it said that it found 1 thread but just gave me a data window with information that I cannot process due to lack of knowledge. So nothing malicious according to the program. Log follows, please tell me if you need data from that thread window at the end of the scan then I will repeat the scan.

2011/07/19 16:42:18.0282 1980 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/19 16:42:18.0475 1980 ================================================================================
2011/07/19 16:42:18.0475 1980 SystemInfo:
2011/07/19 16:42:18.0475 1980
2011/07/19 16:42:18.0475 1980 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/19 16:42:18.0475 1980 Product type: Workstation
2011/07/19 16:42:18.0475 1980 ComputerName: SCHORSCH-PC
2011/07/19 16:42:18.0475 1980 UserName: Schorsch
2011/07/19 16:42:18.0475 1980 Windows directory: C:\Windows
2011/07/19 16:42:18.0475 1980 System windows directory: C:\Windows
2011/07/19 16:42:18.0475 1980 Running under WOW64
2011/07/19 16:42:18.0475 1980 Processor architecture: Intel x64
2011/07/19 16:42:18.0476 1980 Number of processors: 2
2011/07/19 16:42:18.0476 1980 Page size: 0x1000
2011/07/19 16:42:18.0476 1980 Boot type: Normal boot
2011/07/19 16:42:18.0476 1980 ================================================================================
2011/07/19 16:42:20.0050 1980 Initialize success
2011/07/19 16:42:21.0840 1100 ================================================================================
2011/07/19 16:42:21.0840 1100 Scan started
2011/07/19 16:42:21.0840 1100 Mode: Manual;
2011/07/19 16:42:21.0840 1100 ================================================================================
2011/07/19 16:42:23.0505 1100 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/19 16:42:23.0587 1100 acedrv05 (056faaff049ca7237194065423307189) C:\Windows\system32\drivers\acedrv05.sys
2011/07/19 16:42:23.0634 1100 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/19 16:42:23.0691 1100 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/19 16:42:23.0756 1100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/19 16:42:23.0814 1100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/19 16:42:23.0860 1100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/19 16:42:23.0952 1100 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/07/19 16:42:24.0004 1100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/19 16:42:24.0047 1100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/19 16:42:24.0110 1100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/19 16:42:24.0175 1100 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/07/19 16:42:24.0228 1100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/19 16:42:24.0502 1100 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/19 16:42:24.0897 1100 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/19 16:42:24.0997 1100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/19 16:42:25.0051 1100 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/19 16:42:25.0093 1100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/19 16:42:25.0139 1100 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/19 16:42:25.0273 1100 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/19 16:42:25.0337 1100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/19 16:42:25.0367 1100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/19 16:42:25.0436 1100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/19 16:42:25.0469 1100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/19 16:42:25.0553 1100 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/19 16:42:25.0857 1100 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/19 16:42:26.0098 1100 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/19 16:42:26.0147 1100 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/19 16:42:26.0226 1100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/19 16:42:26.0281 1100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/19 16:42:26.0341 1100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/19 16:42:26.0407 1100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/19 16:42:26.0464 1100 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/19 16:42:26.0504 1100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/19 16:42:26.0536 1100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/19 16:42:26.0584 1100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/19 16:42:26.0622 1100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/19 16:42:26.0656 1100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/19 16:42:26.0693 1100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/19 16:42:26.0738 1100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/19 16:42:26.0789 1100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/19 16:42:26.0844 1100 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/19 16:42:26.0937 1100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/19 16:42:26.0979 1100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/19 16:42:27.0080 1100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/19 16:42:27.0127 1100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/19 16:42:27.0190 1100 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/19 16:42:27.0245 1100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/19 16:42:27.0273 1100 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/19 16:42:27.0324 1100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/19 16:42:27.0413 1100 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/07/19 16:42:27.0796 1100 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/07/19 16:42:27.0831 1100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/19 16:42:27.0890 1100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/19 16:42:27.0991 1100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/19 16:42:28.0044 1100 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/19 16:42:28.0191 1100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/19 16:42:28.0325 1100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/19 16:42:28.0400 1100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/19 16:42:28.0503 1100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/19 16:42:28.0548 1100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/19 16:42:28.0606 1100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/19 16:42:28.0671 1100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/19 16:42:28.0697 1100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/19 16:42:28.0740 1100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/19 16:42:28.0827 1100 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/19 16:42:28.0890 1100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/19 16:42:28.0929 1100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/19 16:42:28.0966 1100 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/19 16:42:29.0046 1100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/19 16:42:29.0111 1100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/19 16:42:29.0225 1100 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/19 16:42:29.0283 1100 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/19 16:42:29.0310 1100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/19 16:42:29.0358 1100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/19 16:42:29.0388 1100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/19 16:42:29.0442 1100 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/19 16:42:29.0517 1100 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/19 16:42:29.0615 1100 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/07/19 16:42:29.0752 1100 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/19 16:42:29.0798 1100 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/19 16:42:29.0845 1100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/19 16:42:29.0901 1100 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/19 16:42:29.0961 1100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/19 16:42:30.0009 1100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/19 16:42:30.0075 1100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/19 16:42:30.0130 1100 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/19 16:42:30.0165 1100 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/19 16:42:30.0202 1100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/19 16:42:30.0335 1100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/19 16:42:30.0384 1100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/19 16:42:30.0450 1100 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/19 16:42:30.0509 1100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/19 16:42:30.0583 1100 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/19 16:42:30.0643 1100 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/19 16:42:30.0717 1100 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/19 16:42:30.0825 1100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/19 16:42:30.0913 1100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/19 16:42:31.0073 1100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/19 16:42:31.0108 1100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/19 16:42:31.0157 1100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/19 16:42:31.0226 1100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/19 16:42:31.0280 1100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/19 16:42:31.0319 1100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/19 16:42:31.0363 1100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/19 16:42:31.0410 1100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/19 16:42:31.0480 1100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/19 16:42:31.0523 1100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/19 16:42:31.0584 1100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/19 16:42:31.0613 1100 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/19 16:42:31.0650 1100 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/19 16:42:31.0681 1100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/19 16:42:31.0741 1100 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/19 16:42:31.0789 1100 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/19 16:42:31.0824 1100 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/19 16:42:31.0864 1100 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/19 16:42:31.0900 1100 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/19 16:42:31.0944 1100 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/19 16:42:32.0028 1100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/19 16:42:32.0080 1100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/19 16:42:32.0120 1100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/19 16:42:32.0191 1100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/19 16:42:32.0251 1100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/19 16:42:32.0301 1100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/19 16:42:32.0350 1100 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/19 16:42:32.0393 1100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/19 16:42:32.0461 1100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/19 16:42:32.0498 1100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/19 16:42:32.0551 1100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/19 16:42:32.0678 1100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/19 16:42:32.0767 1100 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/19 16:42:32.0842 1100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/19 16:42:32.0904 1100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/19 16:42:32.0939 1100 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/19 16:42:32.0973 1100 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/19 16:42:33.0012 1100 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/19 16:42:33.0055 1100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/19 16:42:33.0107 1100 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/19 16:42:33.0253 1100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/19 16:42:33.0316 1100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/19 16:42:33.0361 1100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/19 16:42:33.0456 1100 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/19 16:42:33.0504 1100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/19 16:42:33.0553 1100 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/19 16:42:33.0595 1100 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/19 16:42:33.0647 1100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/19 16:42:33.0687 1100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/19 16:42:33.0738 1100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/19 16:42:33.0793 1100 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/19 16:42:33.0830 1100 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/19 16:42:33.0864 1100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/19 16:42:33.0911 1100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/19 16:42:33.0964 1100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/19 16:42:34.0014 1100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/19 16:42:34.0194 1100 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/19 16:42:34.0221 1100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/19 16:42:34.0312 1100 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/19 16:42:34.0391 1100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/19 16:42:34.0455 1100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/19 16:42:34.0501 1100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/19 16:42:34.0538 1100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/19 16:42:34.0608 1100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/19 16:42:34.0646 1100 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/19 16:42:34.0687 1100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/19 16:42:34.0729 1100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/19 16:42:34.0776 1100 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/19 16:42:34.0809 1100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/19 16:42:34.0838 1100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/19 16:42:34.0889 1100 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/07/19 16:42:34.0972 1100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/19 16:42:35.0009 1100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/19 16:42:35.0050 1100 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/19 16:42:35.0089 1100 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/19 16:42:35.0215 1100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/19 16:42:35.0295 1100 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/19 16:42:35.0354 1100 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/19 16:42:35.0465 1100 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/19 16:42:35.0526 1100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/19 16:42:35.0586 1100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/19 16:42:35.0630 1100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/19 16:42:35.0662 1100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/19 16:42:35.0771 1100 sfdrv01a (dda1b38a59de5096e2619d4cfde01f4a) C:\Windows\system32\drivers\sfdrv01a.sys
2011/07/19 16:42:35.0813 1100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/19 16:42:35.0853 1100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/19 16:42:35.0877 1100 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/19 16:42:35.0977 1100 sfhlp02 (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
2011/07/19 16:42:36.0012 1100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/19 16:42:36.0117 1100 sfsync04 (5322b5366fc315e1b4c03633a1331cd1) C:\Windows\system32\drivers\sfsync04.sys
2011/07/19 16:42:36.0180 1100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/19 16:42:36.0233 1100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/19 16:42:36.0300 1100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/19 16:42:36.0370 1100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/19 16:42:36.0479 1100 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/07/19 16:42:36.0479 1100 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/07/19 16:42:36.0487 1100 sptd - detected LockedFile.Multi.Generic (1)
2011/07/19 16:42:36.0534 1100 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/07/19 16:42:36.0576 1100 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/19 16:42:36.0611 1100 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/19 16:42:36.0660 1100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/19 16:42:36.0722 1100 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/19 16:42:36.0766 1100 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/19 16:42:36.0799 1100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/19 16:42:36.0895 1100 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/07/19 16:42:37.0002 1100 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/07/19 16:42:37.0096 1100 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/19 16:42:37.0147 1100 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/19 16:42:37.0191 1100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/19 16:42:37.0224 1100 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/19 16:42:37.0289 1100 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/19 16:42:37.0351 1100 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/19 16:42:37.0430 1100 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/19 16:42:37.0491 1100 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/19 16:42:37.0524 1100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/19 16:42:37.0582 1100 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/19 16:42:37.0660 1100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/19 16:42:37.0698 1100 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/19 16:42:37.0733 1100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/19 16:42:37.0792 1100 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/19 16:42:37.0845 1100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/19 16:42:37.0882 1100 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/19 16:42:37.0935 1100 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/19 16:42:37.0986 1100 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/19 16:42:38.0026 1100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/19 16:42:38.0085 1100 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/19 16:42:38.0128 1100 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/19 16:42:38.0210 1100 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/19 16:42:38.0312 1100 VBoxDrv (55e98518b8bf10bd3475607804e3b325) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/07/19 16:42:38.0372 1100 VBoxNetAdp (f06b5dba15aa87541f1ed6cc17251913) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/07/19 16:42:38.0417 1100 VBoxNetFlt (08267d8e073e0d056c154fb71de772d0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/07/19 16:42:38.0467 1100 VBoxUSBMon (4aaf4085761676489b316162f99554d9) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/07/19 16:42:38.0529 1100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/19 16:42:38.0571 1100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/19 16:42:38.0607 1100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/19 16:42:38.0656 1100 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/19 16:42:38.0706 1100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/19 16:42:38.0758 1100 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/19 16:42:38.0797 1100 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/19 16:42:38.0832 1100 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/19 16:42:38.0885 1100 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/19 16:42:38.0943 1100 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/19 16:42:38.0999 1100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/19 16:42:39.0052 1100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/19 16:42:39.0107 1100 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/19 16:42:39.0165 1100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/19 16:42:39.0225 1100 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 16:42:39.0248 1100 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 16:42:39.0320 1100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/19 16:42:39.0374 1100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/19 16:42:39.0472 1100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/19 16:42:39.0515 1100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/19 16:42:39.0642 1100 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/19 16:42:39.0691 1100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/19 16:42:39.0763 1100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/19 16:42:39.0827 1100 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/19 16:42:39.0896 1100 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/19 16:42:40.0004 1100 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/19 16:42:40.0073 1100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/19 16:42:40.0090 1100 Boot (0x1200) (3548e250159c460c66dc751b0a1c6e85) \Device\Harddisk0\DR0\Partition0
2011/07/19 16:42:40.0131 1100 Boot (0x1200) (64a04edcbe255100ef611117336e36aa) \Device\Harddisk0\DR0\Partition1
2011/07/19 16:42:40.0140 1100 ================================================================================
2011/07/19 16:42:40.0140 1100 Scan finished
2011/07/19 16:42:40.0140 1100 ================================================================================
2011/07/19 16:42:40.0157 3844 Detected object count: 1
2011/07/19 16:42:40.0157 3844 Actual detected object count: 1
2011/07/19 16:42:53.0082 3844 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/19 16:43:26.0289 2652 Deinitialize success
 
You need to run TDSSkiller again and make sure you select Cure or Delete, the wording may be different, thats a rootkit infection that we need to remove
 
I completely missed the dropdown-menu for deleting it. ran it again and deleted it, rebooted the pc. Ran another scan, no threats found.

What did strike me as odd was that upon rebooting my pc told me that Daemon Tools Lite encountered some problem because it requires at least Win 2000 with an installed SPTD-Driver v1.60. Additionally it states that Kerneldebugger (I hope its more or less the right translation) need to be deactivated. My question is: Is that at all related to the problem we are working on right now? If not please discard this information because I am planning on deleting it anyways.

Do you need a new DDS-Log now?
 
I would uninstall Daemon Tools Lite as the driver was infected and removed.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Sorry for my delayed response. I downloaded the program, moved it to the desktop, ran it. Antivir was disabled. It demanded a restart, I acted upon that and then W7 said "I cannot start the system, try recovery mode?" I said no, it tried to start, failed, jumped back to booting, asked me the same question. I, hesitantingly, told it to go ahead, denied its request to restore earlier system settings, let it run for a long period of time. The end result was "Could not fix your problem, shut me down and retry or find professional help." I initiated a rerun of the recovery program and told it to restore to earlier settings. It did, W7 worked again but ComboFix.exe was not on my desktop. Do we have to redo past steps because W7 suffered a rollback or can we just proceed as before? I am at a loss here.
 
Sorry your having problems, let me ask you, when TDSKiller was done, did you reboot your system to have it remove that Rookit ????

No biggie, accidents happen and all systems are different and act differently with the programs we run.

Lets do this

Rerun DDS and post a new log and then rerun aswMBR and lets see whats going on, if there not on your deskop any longer just go back to my prior posts and redownload them
 
Thank you for your fast reply. yes, I did reboot my system after running the TDSkiller.

here is the DDS log:


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Schorsch at 22:39:01 on 2011-07-24
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2828 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
C:\Windows\system32\svchost.exe -k imgsvc
D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
D:\Program Files (x86)\Winamp\winampa.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Program Files (x86)\Firefox\firefox.exe
D:\Program Files (x86)\Firefox\plugin-container.exe
D:\Program Files (x86)\QIP\qip.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.hotspotshield.com/g/?c=h
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [IpSharkk] "D:\Program Files\IpSharkk\IpSharkk.exe" /auto
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "D:\Program Files (x86)\Winamp\winampa.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Schorsch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - D:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\Schorsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 83.169.185.33 83.169.185.97
TCP: Interfaces\{52433529-BF7E-41F0-AA6E-29103F7FD496} : DhcpNameServer = 83.169.185.33 83.169.185.97
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\24B4140294D637960234164736865627 : DhcpNameServer = 192.168.1.1 217.237.149.142
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\46C696E6B613639316 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\5416379724F687D2243334635383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\651474C4941474C494 : DhcpNameServer = 192.168.2.11
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\66279647A72323 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\75C414E4D2030313643364932333832453 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\75C414E4D2736453442313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AD26FD8C-AD16-48C5-9753-44C9BD0E9301}\8656E6E65637E65647A7 : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
{32099AAC-C132-4136-9E9A-4E364A424E17}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WinampAgent] "D:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Schorsch\AppData\Roaming\Mozilla\Firefox\Profiles\khytt9qe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Hotspot Shield Private Search
FF - prefs.js: browser.startup.homepage - hxxp://search.hotspotshield.com/g/?c=h
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-6-19 136360]
R2 AntiVirService;Avira AntiVir Guard;D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-6-19 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-6-3 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-2-4 341296]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-23 1153368]
R2 TeamViewer5;TeamViewer 5;D:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-5-21 173352]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\Windows\system32\drivers\sfdrv01a.sys --> C:\Windows\system32\drivers\sfdrv01a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
.
=============== Created Last 30 ================
.
2011-08-14 21:32:20 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-24 12:47:23 -------- d-s---w- C:\ComboFix
.
==================== Find3M ====================
.
2011-06-28 13:55:59 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-05-04 02:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:39:41,15 ===============


here is the aswMBR log:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-24 22:42:55
-----------------------------
22:42:55.293 OS Version: Windows x64 6.1.7600
22:42:55.294 Number of processors: 2 586 0x301
22:42:55.295 ComputerName: SCHORSCH-PC UserName: Schorsch
22:42:56.806 Initialize success
22:45:34.217 AVAST engine defs: 11072401
22:47:12.863 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:47:12.866 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 11
22:47:12.887 Disk 0 MBR read successfully
22:47:12.891 Disk 0 MBR scan
22:47:12.897 Disk 0 Windows 7 default MBR code
22:47:12.902 Service scanning
22:47:14.067 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:47:14.659 Modules scanning
22:47:14.663 Disk 0 trace - called modules:
22:47:14.728 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80048532c0]<<
22:47:14.733 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b796f0]
22:47:14.738 3 CLASSPNP.SYS[fffff880013c143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049ff1f0]
22:47:14.743 \Driver\atapi[0xfffffa80049b8e70] -> IRP_MJ_CREATE -> 0xfffffa80048532c0
22:47:15.458 AVAST engine scan C:\Windows
22:47:18.369 AVAST engine scan C:\Windows\system32
22:47:35.260 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
22:50:01.627 AVAST engine scan C:\Windows\system32\drivers
22:50:15.203 AVAST engine scan C:\Users\Schorsch
22:55:32.921 AVAST engine scan C:\ProgramData
22:56:13.595 Scan finished successfully
23:02:58.727 Disk 0 MBR has been saved successfully to "C:\Users\Schorsch\Desktop\MBR.dat"
23:02:58.734 The log file has been saved successfully to "C:\Users\Schorsch\Desktop\aswMBR.txt"



Thank you again for helping me out with this annoying virus. If it weren't for you and this forum, I would have to reinstall my complete system. I appreciate to not have to do so.
 
Looks like the rootkit may have come back

DAEMON Tools Toolbar <-- This falls somewhere in the grey area, if you dont use it you should uninstall it via Programs and Features in the Control Panel

Lets drag TDSSkiller and the old log to the trash and download a fresh updated copy and run the program again


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
 
Actually I thought to have uninstalled that toolbar AND Daemon Tools itself. Both proved to be false. That appeared very suspicious. To be honest, I could not believe to have had that toolbar installed in the first place, I always select custom install and uncheck all that garbage they want you to use. Both is gone now.

Now a question about the wording. It says to only delete the findings if it is malicious. Such word did not appear on my screen, instead it was talking about 1 threat. There was no "cure" option but I recalled that you said it could be named differently. Therefore I chose to "delete" the "1 threat". Rebooted and here is the log:

2011/07/25 01:21:05.0209 3564 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/25 01:21:05.0507 3564 ================================================================================
2011/07/25 01:21:05.0507 3564 SystemInfo:
2011/07/25 01:21:05.0507 3564
2011/07/25 01:21:05.0508 3564 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/25 01:21:05.0508 3564 Product type: Workstation
2011/07/25 01:21:05.0508 3564 ComputerName: SCHORSCH-PC
2011/07/25 01:21:05.0508 3564 UserName: Schorsch
2011/07/25 01:21:05.0508 3564 Windows directory: C:\Windows
2011/07/25 01:21:05.0508 3564 System windows directory: C:\Windows
2011/07/25 01:21:05.0508 3564 Running under WOW64
2011/07/25 01:21:05.0508 3564 Processor architecture: Intel x64
2011/07/25 01:21:05.0508 3564 Number of processors: 2
2011/07/25 01:21:05.0508 3564 Page size: 0x1000
2011/07/25 01:21:05.0508 3564 Boot type: Normal boot
2011/07/25 01:21:05.0508 3564 ================================================================================
2011/07/25 01:21:07.0309 3564 Initialize success
2011/07/25 01:21:10.0964 3156 ================================================================================
2011/07/25 01:21:10.0964 3156 Scan started
2011/07/25 01:21:10.0964 3156 Mode: Manual;
2011/07/25 01:21:10.0964 3156 ================================================================================
2011/07/25 01:21:12.0265 3156 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/25 01:21:12.0357 3156 acedrv05 (056faaff049ca7237194065423307189) C:\Windows\system32\drivers\acedrv05.sys
2011/07/25 01:21:12.0426 3156 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/25 01:21:12.0472 3156 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/25 01:21:12.0530 3156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/25 01:21:12.0579 3156 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/25 01:21:12.0618 3156 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/25 01:21:12.0689 3156 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/07/25 01:21:12.0735 3156 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/25 01:21:12.0795 3156 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/25 01:21:12.0845 3156 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/25 01:21:13.0187 3156 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/07/25 01:21:13.0238 3156 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/25 01:21:13.0524 3156 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/25 01:21:13.0931 3156 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/25 01:21:13.0999 3156 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/25 01:21:14.0053 3156 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/25 01:21:14.0089 3156 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/25 01:21:14.0119 3156 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/25 01:21:14.0226 3156 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/25 01:21:14.0307 3156 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/25 01:21:14.0343 3156 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/25 01:21:14.0405 3156 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/25 01:21:14.0438 3156 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/25 01:21:14.0522 3156 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/25 01:21:14.0825 3156 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/25 01:21:15.0066 3156 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/25 01:21:15.0137 3156 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/25 01:21:15.0213 3156 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/25 01:21:15.0270 3156 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/25 01:21:15.0332 3156 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/25 01:21:15.0387 3156 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/25 01:21:15.0433 3156 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/25 01:21:15.0484 3156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/25 01:21:15.0526 3156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/25 01:21:15.0599 3156 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/25 01:21:15.0622 3156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/25 01:21:15.0657 3156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/25 01:21:15.0695 3156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/25 01:21:15.0754 3156 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/25 01:21:15.0846 3156 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/25 01:21:15.0912 3156 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/25 01:21:15.0966 3156 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/25 01:21:16.0014 3156 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/25 01:21:16.0093 3156 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/25 01:21:16.0151 3156 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/25 01:21:16.0225 3156 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/25 01:21:16.0280 3156 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/25 01:21:16.0319 3156 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/25 01:21:16.0356 3156 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/25 01:21:16.0414 3156 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/07/25 01:21:16.0489 3156 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/07/25 01:21:16.0536 3156 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/25 01:21:16.0583 3156 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/25 01:21:16.0662 3156 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/25 01:21:16.0714 3156 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/25 01:21:16.0861 3156 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/25 01:21:16.0996 3156 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/25 01:21:17.0049 3156 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/25 01:21:17.0119 3156 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/25 01:21:17.0164 3156 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/25 01:21:17.0211 3156 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/25 01:21:17.0264 3156 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/25 01:21:17.0302 3156 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/25 01:21:17.0345 3156 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/25 01:21:17.0454 3156 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/25 01:21:17.0517 3156 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/25 01:21:17.0643 3156 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/25 01:21:17.0681 3156 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/25 01:21:17.0739 3156 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/25 01:21:17.0782 3156 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/25 01:21:17.0852 3156 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/25 01:21:17.0909 3156 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/25 01:21:17.0933 3156 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/25 01:21:17.0973 3156 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/25 01:21:18.0005 3156 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/25 01:21:18.0084 3156 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/25 01:21:18.0155 3156 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/25 01:21:18.0661 3156 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/07/25 01:21:18.0798 3156 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/25 01:21:18.0833 3156 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/25 01:21:18.0879 3156 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/25 01:21:18.0935 3156 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/25 01:21:18.0996 3156 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/25 01:21:19.0031 3156 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/25 01:21:19.0077 3156 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/25 01:21:19.0106 3156 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/25 01:21:19.0138 3156 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/25 01:21:19.0192 3156 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/25 01:21:19.0237 3156 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/25 01:21:19.0276 3156 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/25 01:21:19.0308 3156 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/25 01:21:19.0367 3156 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/25 01:21:19.0420 3156 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/25 01:21:19.0457 3156 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/25 01:21:19.0496 3156 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/25 01:21:19.0529 3156 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/25 01:21:19.0606 3156 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/25 01:21:19.0700 3156 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/25 01:21:19.0746 3156 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/25 01:21:19.0783 3156 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/25 01:21:19.0842 3156 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/25 01:21:19.0896 3156 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/25 01:21:19.0946 3156 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/25 01:21:20.0000 3156 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/25 01:21:20.0048 3156 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/25 01:21:20.0095 3156 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/25 01:21:20.0139 3156 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/25 01:21:20.0188 3156 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/25 01:21:20.0229 3156 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/25 01:21:20.0266 3156 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/25 01:21:20.0296 3156 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/25 01:21:20.0345 3156 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/25 01:21:20.0383 3156 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/25 01:21:20.0429 3156 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/25 01:21:20.0469 3156 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/25 01:21:20.0505 3156 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/25 01:21:20.0560 3156 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/25 01:21:20.0644 3156 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/25 01:21:20.0674 3156 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/25 01:21:20.0703 3156 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/25 01:21:20.0763 3156 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/25 01:21:20.0800 3156 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/25 01:21:20.0851 3156 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/25 01:21:20.0899 3156 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/25 01:21:20.0943 3156 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/25 01:21:20.0988 3156 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/25 01:21:21.0025 3156 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/25 01:21:21.0078 3156 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/25 01:21:21.0184 3156 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/25 01:21:21.0251 3156 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/25 01:21:21.0292 3156 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/25 01:21:21.0344 3156 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/25 01:21:21.0379 3156 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/25 01:21:21.0413 3156 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/25 01:21:21.0451 3156 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/25 01:21:21.0484 3156 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/25 01:21:21.0525 3156 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/25 01:21:21.0626 3156 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/25 01:21:21.0679 3156 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/25 01:21:21.0723 3156 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/25 01:21:21.0795 3156 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/25 01:21:21.0856 3156 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/25 01:21:21.0915 3156 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/25 01:21:21.0957 3156 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/25 01:21:22.0009 3156 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/25 01:21:22.0050 3156 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/25 01:21:22.0100 3156 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/25 01:21:22.0155 3156 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/25 01:21:22.0203 3156 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/25 01:21:22.0237 3156 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/25 01:21:22.0273 3156 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/25 01:21:22.0305 3156 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/25 01:21:22.0353 3156 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/25 01:21:22.0512 3156 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/25 01:21:22.0550 3156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/25 01:21:22.0630 3156 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/25 01:21:22.0709 3156 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/25 01:21:22.0773 3156 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/25 01:21:22.0830 3156 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/25 01:21:22.0868 3156 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/25 01:21:22.0926 3156 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/25 01:21:22.0965 3156 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/25 01:21:23.0027 3156 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/25 01:21:23.0058 3156 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/25 01:21:23.0094 3156 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/25 01:21:23.0126 3156 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/25 01:21:23.0156 3156 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/25 01:21:23.0207 3156 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/07/25 01:21:23.0257 3156 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/25 01:21:23.0294 3156 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/25 01:21:23.0335 3156 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/25 01:21:23.0396 3156 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/25 01:21:23.0467 3156 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/25 01:21:23.0514 3156 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/25 01:21:23.0562 3156 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/25 01:21:23.0640 3156 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/25 01:21:23.0932 3156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/25 01:21:23.0992 3156 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/25 01:21:24.0047 3156 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/25 01:21:24.0124 3156 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/25 01:21:24.0222 3156 sfdrv01a (dda1b38a59de5096e2619d4cfde01f4a) C:\Windows\system32\drivers\sfdrv01a.sys
2011/07/25 01:21:24.0253 3156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/25 01:21:24.0292 3156 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/25 01:21:24.0314 3156 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/25 01:21:24.0405 3156 sfhlp02 (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
2011/07/25 01:21:24.0440 3156 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/25 01:21:24.0534 3156 sfsync04 (5322b5366fc315e1b4c03633a1331cd1) C:\Windows\system32\drivers\sfsync04.sys
2011/07/25 01:21:24.0608 3156 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/25 01:21:24.0650 3156 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/25 01:21:24.0717 3156 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/25 01:21:24.0776 3156 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/25 01:21:24.0878 3156 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/07/25 01:21:24.0878 3156 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/07/25 01:21:24.0886 3156 sptd - detected LockedFile.Multi.Generic (1)
2011/07/25 01:21:24.0930 3156 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/07/25 01:21:24.0982 3156 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/25 01:21:25.0018 3156 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/25 01:21:25.0077 3156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/25 01:21:25.0128 3156 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/25 01:21:25.0173 3156 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/25 01:21:25.0205 3156 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/25 01:21:25.0302 3156 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
2011/07/25 01:21:25.0419 3156 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/07/25 01:21:25.0518 3156 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/25 01:21:25.0564 3156 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/25 01:21:25.0608 3156 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/25 01:21:25.0642 3156 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/25 01:21:25.0696 3156 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/25 01:21:25.0757 3156 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/25 01:21:25.0836 3156 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/25 01:21:25.0898 3156 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/25 01:21:25.0930 3156 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/25 01:21:25.0977 3156 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/25 01:21:26.0055 3156 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/25 01:21:26.0093 3156 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/25 01:21:26.0128 3156 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/25 01:21:26.0187 3156 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/25 01:21:26.0240 3156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/25 01:21:26.0278 3156 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/25 01:21:26.0330 3156 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/25 01:21:26.0381 3156 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/25 01:21:26.0421 3156 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/25 01:21:26.0469 3156 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/25 01:21:26.0502 3156 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/25 01:21:26.0606 3156 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/25 01:21:26.0718 3156 VBoxDrv (55e98518b8bf10bd3475607804e3b325) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/07/25 01:21:26.0756 3156 VBoxNetAdp (f06b5dba15aa87541f1ed6cc17251913) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/07/25 01:21:26.0802 3156 VBoxNetFlt (08267d8e073e0d056c154fb71de772d0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/07/25 01:21:26.0840 3156 VBoxUSBMon (4aaf4085761676489b316162f99554d9) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/07/25 01:21:26.0881 3156 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/25 01:21:26.0933 3156 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/25 01:21:26.0969 3156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/25 01:21:27.0007 3156 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/25 01:21:27.0047 3156 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/25 01:21:27.0109 3156 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/25 01:21:27.0148 3156 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/25 01:21:27.0183 3156 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/25 01:21:27.0225 3156 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/25 01:21:27.0272 3156 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/25 01:21:27.0328 3156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/25 01:21:27.0370 3156 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/25 01:21:27.0414 3156 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/25 01:21:27.0461 3156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/25 01:21:27.0499 3156 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 01:21:27.0516 3156 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/25 01:21:27.0583 3156 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/25 01:21:27.0637 3156 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/25 01:21:27.0724 3156 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/25 01:21:27.0756 3156 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/25 01:21:27.0889 3156 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/25 01:21:27.0932 3156 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/25 01:21:28.0004 3156 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/25 01:21:28.0068 3156 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/25 01:21:28.0132 3156 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/25 01:21:28.0234 3156 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/07/25 01:21:28.0303 3156 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/25 01:21:28.0319 3156 Boot (0x1200) (3548e250159c460c66dc751b0a1c6e85) \Device\Harddisk0\DR0\Partition0
2011/07/25 01:21:28.0361 3156 Boot (0x1200) (64a04edcbe255100ef611117336e36aa) \Device\Harddisk0\DR0\Partition1
2011/07/25 01:21:28.0369 3156 ================================================================================
2011/07/25 01:21:28.0369 3156 Scan finished
2011/07/25 01:21:28.0369 3156 ================================================================================
2011/07/25 01:21:28.0392 1120 Detected object count: 1
2011/07/25 01:21:28.0392 1120 Actual detected object count: 1
2011/07/25 01:21:50.0621 1120 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/07/25 01:21:50.0684 1120 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/07/25 01:21:50.0711 1120 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/07/25 01:21:50.0711 1120 LockedFile.Multi.Generic(sptd) - User select action: Delete
2011/07/25 01:22:41.0342 3648 Deinitialize success


The log is the new one, the old ones I deleted. Also, the copy of TDSSkiller was freshly downloaded. Going to bed now, it is 1:30 in the morning. Thank you for helping me.
 
You did just fine :bigthumb:

Again, if the old one is on your desktop, drag it to the trash


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Now I have the same situation again. Rollback to an earlier point, this poorly programmed OS doesn't even tell me to what point it jumped back. All I know is that there is not log and a lot of the cleaning tools are missing, meaning, we directly (again) jumped back into an earlier stage of our cleaning process. Is there a way to nuke out that friggin malware piece of s*** that, according to combofix, is lurking around in the system32 folder without using combofix? Because I really dislike the fact that I have to re-organize my whole desktop again and have to uninstall a lot of stupid programs again. I was sort of proud of my cleaned up desktop. Now its crowded with crap again. :/ Sorry for being such a difficult malware-patient. I really wonder where that thing came from.

Thankfully awaiting your response as always.
 
Well, Rootkits are nasty and it came back and we removed it again, I really need you to run Combofix, we can have another forum we work closely with fix your desktop when were done
 
No, you must have misunderstood me. My Desktop is just crowded because of the restoration point of my windows. i cleaned it up after our last step.

I ran combofix again and at the end of its process it restarted my computer. it is supposed to do that, isn't it? but it then says: unable to start windows, boot in recovery mode. (or some similar wording).

yeah, the rootkit nasty, true that. any way to have combofix work on it without rebooting automatically afterwards?
 
I understood the way it works, but it will just do the same thing again, won't it? I will run ComboFix, it will find something, reboot to remove it, produce the screen that says: Can't start up your OS. Then it will demand the clearance for restoring back to an older point. Since I did not want that to happen, I tried out all options to move around that somehow which was not at all crowned with success. So I gave in to this demand and it jumps back to a point where Daemon Tools and the fishy Toolbar are still installed, causing the rootkit to be back in the business. Or am I misinterpreting something here? I will run ComboFix again, but to be honest, I expect the same result we got the last two times I ran it. I will post back here with more information on that soon.
 
OK, hold off on ComboFix for a bit.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.






OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
Back
Top