Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirects, can't run TDSSKill, get crc error on unzip

Started by mbendle , Nov 16 2010 08:08 PM

  • Please log in to reply

#1
mbendle
Posted 16 November 2010 - 08:08 PM

mbendle

    Member

  • Member
  • PipPip
  • 13 posts
When I first started getting redirects and crashes, I scanned with security essentials, malwarebytes. They detected and removed some things, so I thought my problems were over and I ran Eusing free registry cleaner. When I tried to get updates for security essentials, I got a "cannot display the page, diagnose connection problems" message.

I then restored to an earlier date, ran disk cleanup, security essentials, malwarebytes, and defragged using auslogics defrag and eusing registry cleaner. No luck. I continue to get redirects, and shortly after, the computer will hang. No blue screens, but I will get the svchost.exe application error. And, no updating for windows.

I followed the geeks to go! Malware removal guide and tutorial for google redirects. So far, I have downloaded OTL and run it. I also downloaded OTM and ran it. The first time it ran, it hung while running, so I had to restart. The second time OTM ran, and I have a log file for it, and an extras log file. I then downloaded and ran Gooredfix. Finally, I downloaded the zipped TDSSkill, but when I extracted, I got an "error reading file". Suspecting that the unzip utility was pooped. I downloaded CAM UnZip, and when I tried to extract TDSSkill with CAM UnZip, it returned a CRC error. So here I am, looking for help

Here is the log file for the OTL:

OTL logfile created on: 11/15/2010 8:01:53 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\bendle family\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 14.76 Gb Free Space | 26.40% Space Free | Partition Type: NTFS
Drive E: | 227.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BENDLEFAMILY | User Name: bendle family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 20:01:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bendle family\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/10 10:14:38 | 000,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/15 20:01:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bendle family\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (MpfService)
SRV - File not found [Disabled | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (McProxy)
SRV - File not found [Disabled | Stopped] -- -- (McODS)
SRV - File not found [Disabled | Stopped] -- -- (McNASvc)
SRV - File not found [Disabled | Stopped] -- -- (mcmscsvc)
SRV - File not found [Disabled | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (aawservice)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/09/07 14:17:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\Mpfp.sys -- (MPFP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/10 09:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2004/08/04 00:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lakeorion...lohs/index.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/18 19:26:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2002/09/03 11:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - Reg Error: Value error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to internet.lnk = File not found
O4 - Startup: C:\Documents and Settings\bendle family\Start Menu\Programs\Startup\Shortcut to internet.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe ()
O15 - HKCU\..Trusted Domains: landaccess.com ([www2] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macrom...tor/cabs/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/07 12:44:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/16 14:13:03 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{baba796c-cba2-11dd-a679-0007e9f01710}\Shell - "" = AutoRun
O33 - MountPoints2\{baba796c-cba2-11dd-a679-0007e9f01710}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baba796c-cba2-11dd-a679-0007e9f01710}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
O33 - MountPoints2\{baba796d-cba2-11dd-a679-0007e9f01710}\Shell - "" = AutoRun
O33 - MountPoints2\{baba796d-cba2-11dd-a679-0007e9f01710}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{baba796d-cba2-11dd-a679-0007e9f01710}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 20:00:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bendle family\Desktop\OTL.exe
[2010/11/12 20:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/11/12 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/11 18:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/11 18:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/07/08 10:15:36 | 000,462,848 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\js3250.dll
[2009/07/08 10:15:36 | 000,430,080 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom_core.dll
[2009/07/08 10:15:36 | 000,376,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2009/07/08 10:15:36 | 000,270,336 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2009/07/08 10:15:36 | 000,253,952 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2009/07/08 10:15:36 | 000,200,704 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2009/07/08 10:15:36 | 000,155,648 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\nspr4.dll
[2009/07/08 10:15:36 | 000,131,072 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2009/07/08 10:15:36 | 000,106,496 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2009/07/08 10:15:36 | 000,090,112 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkgfx.dll
[2009/07/08 10:15:36 | 000,081,920 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom_compat.dll
[2009/07/08 10:15:36 | 000,069,632 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozz.dll
[2009/07/08 10:15:36 | 000,028,672 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\plc4.dll
[2009/07/08 10:15:36 | 000,024,576 | ---- | C] (Netscape Communications Corporation) -- C:\Program Files\plds4.dll
[2009/07/08 10:15:36 | 000,024,576 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2008/01/24 18:22:20 | 000,995,410 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC42LU.DLL
[2008/01/24 18:22:20 | 000,393,216 | ---- | C] (Sample Corporation) -- C:\Program Files\MSLUP60.dll
[2008/01/24 18:22:20 | 000,237,568 | ---- | C] (Sample Corporation) -- C:\Program Files\MSLURT.dll
[2006/11/07 09:53:50 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UNICOWS.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\bendle family\My Documents\*.tmp files -> C:\Documents and Settings\bendle family\My Documents\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 20:01:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bendle family\Desktop\OTL.exe
[2010/11/15 19:57:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/15 19:49:27 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/15 19:38:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 19:38:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 19:37:59 | 2146,508,800 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 19:18:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 19:13:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 07:32:19 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/13 15:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/11/13 09:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/13 09:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/11/12 21:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/11/12 20:45:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/12 19:53:08 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/12 19:49:55 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 19:49:55 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/12 19:02:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/12 18:45:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/12 03:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/11/11 18:56:04 | 000,012,477 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/11/08 17:17:34 | 000,169,197 | ---- | M] () -- C:\Documents and Settings\bendle family\My Documents\programregform.pdf
[2010/11/07 15:30:23 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\bendle family\Application Data\completescan
[2010/11/07 13:33:59 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\bendle family\Application Data\install
[2010/10/28 20:48:16 | 000,000,987 | ---- | M] () -- C:\Documents and Settings\bendle family\.powerschool_gradebook.properties
[2010/10/28 20:35:07 | 000,000,025 | ---- | M] () -- C:\Documents and Settings\bendle family\.gradebook_userdict.tlx
[2010/10/18 18:20:18 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\bendle family\Desktop\Microsoft Office Word 2003.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\bendle family\My Documents\*.tmp files -> C:\Documents and Settings\bendle family\My Documents\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 19:49:27 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 19:53:08 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/11/12 19:19:32 | 2146,508,800 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/11 18:54:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 17:56:02 | 000,012,477 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/11/08 17:17:34 | 000,169,197 | ---- | C] () -- C:\Documents and Settings\bendle family\My Documents\programregform.pdf
[2010/11/07 15:30:23 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\bendle family\Application Data\completescan
[2010/11/07 13:33:59 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\bendle family\Application Data\install
[2010/11/07 13:33:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/07 13:33:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/07 13:33:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/07 13:33:26 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/07 13:33:26 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/07 13:33:26 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/07 13:33:25 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/07 13:33:24 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/01/09 17:30:48 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/11/26 14:38:50 | 001,978,481 | ---- | C] () -- C:\Program Files\PartyGamingNet.exe
[2009/10/16 19:18:46 | 000,000,134 | ---- | C] () -- C:\Program Files\InstalledProducts.ini
[2009/10/16 13:10:28 | 000,114,688 | ---- | C] () -- C:\Program Files\PGDetector.exe
[2009/10/16 13:10:28 | 000,102,400 | ---- | C] () -- C:\Program Files\CleanUp.exe
[2009/09/30 15:30:52 | 000,679,936 | ---- | C] () -- C:\Program Files\libeay32.dll
[2009/09/30 15:30:52 | 000,147,456 | ---- | C] () -- C:\Program Files\ssleay32.dll
[2009/06/23 12:48:04 | 000,434,262 | ---- | C] () -- C:\Program Files\PGImageDll.dll
[2009/02/12 21:44:20 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/01/11 14:41:35 | 000,000,047 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/11/28 17:06:29 | 000,000,998 | ---- | C] () -- C:\WINDOWS\MVPBR.INI
[2008/09/29 16:31:54 | 000,106,496 | ---- | C] () -- C:\Program Files\DM.dll
[2008/09/18 15:43:56 | 000,002,201 | ---- | C] () -- C:\Documents and Settings\bendle family\Application Data\evpro32.prf
[2008/09/11 19:05:59 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\bendle family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/07 16:43:34 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2008/09/07 15:59:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/07 15:38:03 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/07 08:35:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/30 12:54:24 | 000,028,672 | ---- | C] () -- C:\Program Files\DID.dll
[2008/01/24 18:22:20 | 000,059,904 | ---- | C] () -- C:\Program Files\zlib1.dll
[2007/08/17 15:50:40 | 000,019,504 | ---- | C] () -- C:\Program Files\ARA.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/31 15:27:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/08 14:05:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/09/07 14:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/09 17:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/02/18 17:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bendle family\Application Data\Auslogics
[2010/04/08 14:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bendle family\Application Data\Canon
[2008/09/07 16:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bendle family\Application Data\Leadertech
[2009/08/26 19:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bendle family\Application Data\PictureMover
[2008/10/14 19:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bendle family\Application Data\Snapfish
[2010/02/18 19:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bendle family\Application Data\TweakNow PowerPack 2009
[2010/11/13 09:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/11/13 15:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/11/12 21:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/11/12 03:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/11/13 09:35:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/12 19:02:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/14 07:32:19 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/15 19:57:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/12 18:45:10 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/12 17:50:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/15 00:00:00 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/07/01 00:00:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/11/15 19:49:27 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\CleanUp.exe:SummaryInformation

< End of report >


I've attached some of the other log files for any help they may give.

Attached Files


  • 0

Advertisements

#2
Rorschach112
Posted 17 November 2010 - 10:41 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
this should work now

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
mbendle
Posted 17 November 2010 - 05:26 PM

mbendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
FIrst run of TDSSkill... hung up on reboot.

2010/11/17 17:16:27.0359 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 17:16:27.0359 ================================================================================
2010/11/17 17:16:27.0359 SystemInfo:
2010/11/17 17:16:27.0359
2010/11/17 17:16:27.0359 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/17 17:16:27.0359 Product type: Workstation
2010/11/17 17:16:27.0359 ComputerName: BENDLEFAMILY
2010/11/17 17:16:27.0359 UserName: bendle family
2010/11/17 17:16:27.0359 Windows directory: C:\WINDOWS
2010/11/17 17:16:27.0359 System windows directory: C:\WINDOWS
2010/11/17 17:16:27.0359 Processor architecture: Intel x86
2010/11/17 17:16:27.0359 Number of processors: 1
2010/11/17 17:16:27.0359 Page size: 0x1000
2010/11/17 17:16:27.0375 Boot type: Normal boot
2010/11/17 17:16:27.0375 ================================================================================
2010/11/17 17:16:29.0218 Initialize success
2010/11/17 17:16:42.0718 ================================================================================
2010/11/17 17:16:42.0718 Scan started
2010/11/17 17:16:42.0718 Mode: Manual;
2010/11/17 17:16:42.0718 ================================================================================
2010/11/17 17:16:43.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/17 17:16:43.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/17 17:16:43.0546 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/11/17 17:16:43.0687 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/17 17:16:43.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/17 17:16:43.0953 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/17 17:16:44.0640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/17 17:16:44.0765 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/17 17:16:45.0015 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2010/11/17 17:16:45.0171 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/17 17:16:45.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/17 17:16:45.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/17 17:16:45.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/17 17:16:45.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/17 17:16:45.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/17 17:16:46.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/17 17:16:46.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/17 17:16:46.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/17 17:16:46.0859 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/17 17:16:46.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/17 17:16:47.0125 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/17 17:16:47.0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/17 17:16:47.0468 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/17 17:16:47.0656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/17 17:16:47.0781 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/17 17:16:47.0906 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/17 17:16:48.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/17 17:16:48.0140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/17 17:16:48.0265 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/11/17 17:16:48.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/17 17:16:48.0515 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/17 17:16:48.0625 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/17 17:16:48.0843 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/17 17:16:49.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/17 17:16:49.0421 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/17 17:16:49.0562 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/17 17:16:49.0812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/17 17:16:49.0937 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/17 17:16:50.0078 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/17 17:16:50.0203 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/17 17:16:50.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/17 17:16:50.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/17 17:16:50.0593 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/17 17:16:50.0718 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/17 17:16:50.0859 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/17 17:16:50.0968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/17 17:16:51.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/17 17:16:51.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/17 17:16:51.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/17 17:16:51.0921 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/17 17:16:52.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/17 17:16:52.0218 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/17 17:16:52.0359 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/17 17:16:52.0531 mr7911 (dac38ef64dbdd5c163ed07e5d0d54c1c) C:\WINDOWS\system32\DRIVERS\mr7911.sys
2010/11/17 17:16:52.0718 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/17 17:16:52.0875 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/17 17:16:53.0046 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/17 17:16:53.0218 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/17 17:16:53.0343 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/17 17:16:53.0453 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/17 17:16:53.0562 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/17 17:16:53.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/17 17:16:53.0859 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/17 17:16:54.0015 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/17 17:16:54.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/17 17:16:54.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/17 17:16:54.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/17 17:16:54.0546 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/17 17:16:54.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/17 17:16:54.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/17 17:16:55.0015 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/17 17:16:55.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/17 17:16:55.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/17 17:16:55.0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/17 17:16:55.0609 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/11/17 17:16:55.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/17 17:16:55.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/17 17:16:56.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/17 17:16:56.0125 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/17 17:16:56.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/17 17:16:56.0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/17 17:16:57.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/17 17:16:57.0156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/17 17:16:57.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/17 17:16:57.0437 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/17 17:16:57.0546 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/17 17:16:57.0968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/17 17:16:58.0093 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/17 17:16:58.0281 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/17 17:16:58.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/17 17:16:58.0531 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/17 17:16:58.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/17 17:16:58.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/17 17:16:58.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/17 17:16:59.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/17 17:16:59.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/17 17:16:59.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/17 17:16:59.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/17 17:16:59.0843 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/17 17:17:00.0046 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/17 17:17:00.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/17 17:17:00.0359 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/17 17:17:00.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/17 17:17:00.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/17 17:17:01.0078 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/17 17:17:01.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/17 17:17:01.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/17 17:17:01.0546 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/17 17:17:01.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/17 17:17:01.0875 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/17 17:17:02.0062 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/17 17:17:02.0250 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/17 17:17:02.0375 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/17 17:17:02.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/17 17:17:02.0593 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/17 17:17:02.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/17 17:17:02.0875 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/17 17:17:03.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/17 17:17:03.0156 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/17 17:17:03.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/17 17:17:03.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/17 17:17:03.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/17 17:17:03.0953 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/17 17:17:03.0968 ================================================================================
2010/11/17 17:17:03.0968 Scan finished
2010/11/17 17:17:03.0968 ================================================================================
2010/11/17 17:17:04.0000 Detected object count: 1
2010/11/17 17:35:52.0453 \HardDisk0 - will be cured after reboot
2010/11/17 17:35:52.0453 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/17 17:36:01.0906 Deinitialize success


2nd run of TDSSkill... successful reboot

2010/11/17 17:56:47.0906 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 17:56:47.0906 ================================================================================
2010/11/17 17:56:47.0906 SystemInfo:
2010/11/17 17:56:47.0906
2010/11/17 17:56:47.0906 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/17 17:56:47.0906 Product type: Workstation
2010/11/17 17:56:47.0906 ComputerName: BENDLEFAMILY
2010/11/17 17:56:47.0906 UserName: bendle family
2010/11/17 17:56:47.0906 Windows directory: C:\WINDOWS
2010/11/17 17:56:47.0906 System windows directory: C:\WINDOWS
2010/11/17 17:56:47.0906 Processor architecture: Intel x86
2010/11/17 17:56:47.0906 Number of processors: 1
2010/11/17 17:56:47.0906 Page size: 0x1000
2010/11/17 17:56:47.0906 Boot type: Normal boot
2010/11/17 17:56:47.0906 ================================================================================
2010/11/17 17:56:48.0812 Initialize success
2010/11/17 17:57:03.0796 ================================================================================
2010/11/17 17:57:03.0796 Scan started
2010/11/17 17:57:03.0796 Mode: Manual;
2010/11/17 17:57:03.0796 ================================================================================
2010/11/17 17:57:04.0265 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/17 17:57:04.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/17 17:57:04.0609 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/11/17 17:57:04.0765 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/17 17:57:04.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/17 17:57:05.0031 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/17 17:57:05.0687 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/17 17:57:05.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/17 17:57:06.0062 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2010/11/17 17:57:06.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/17 17:57:06.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/17 17:57:06.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/17 17:57:06.0671 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/17 17:57:06.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/17 17:57:07.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/17 17:57:07.0171 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/17 17:57:07.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/17 17:57:07.0906 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/17 17:57:08.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/17 17:57:08.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/17 17:57:08.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/17 17:57:08.0609 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/17 17:57:08.0750 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/17 17:57:08.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/17 17:57:09.0125 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/17 17:57:09.0296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/17 17:57:09.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/17 17:57:09.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/17 17:57:09.0718 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/11/17 17:57:09.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/17 17:57:10.0015 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/17 17:57:10.0171 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/17 17:57:10.0359 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/17 17:57:10.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/17 17:57:10.0921 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/17 17:57:11.0078 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/17 17:57:11.0312 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/17 17:57:11.0453 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/17 17:57:11.0593 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/17 17:57:11.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/17 17:57:11.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/17 17:57:11.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/17 17:57:12.0093 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/17 17:57:12.0250 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/17 17:57:12.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/17 17:57:12.0578 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/17 17:57:12.0734 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/17 17:57:12.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/17 17:57:13.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/17 17:57:13.0718 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/17 17:57:13.0859 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/17 17:57:14.0015 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/17 17:57:14.0171 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/17 17:57:14.0359 mr7911 (dac38ef64dbdd5c163ed07e5d0d54c1c) C:\WINDOWS\system32\DRIVERS\mr7911.sys
2010/11/17 17:57:14.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/17 17:57:14.0750 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/17 17:57:14.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/17 17:57:15.0078 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/17 17:57:15.0218 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/17 17:57:15.0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/17 17:57:15.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/17 17:57:15.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/17 17:57:15.0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/17 17:57:15.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/17 17:57:16.0109 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/17 17:57:16.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/17 17:57:16.0406 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/17 17:57:16.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/17 17:57:16.0718 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/17 17:57:16.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/17 17:57:17.0125 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/17 17:57:17.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/17 17:57:17.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/17 17:57:17.0828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/17 17:57:17.0968 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/11/17 17:57:18.0265 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/17 17:57:18.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/17 17:57:18.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/17 17:57:18.0953 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/17 17:57:19.0203 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/17 17:57:19.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/17 17:57:20.0000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/17 17:57:20.0156 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/17 17:57:20.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/17 17:57:20.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/17 17:57:20.0609 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/17 17:57:21.0156 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/17 17:57:21.0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/17 17:57:21.0500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/17 17:57:21.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/17 17:57:21.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/17 17:57:21.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/17 17:57:22.0109 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/17 17:57:22.0281 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/17 17:57:22.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/17 17:57:22.0671 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/17 17:57:22.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/17 17:57:22.0968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/17 17:57:23.0265 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/17 17:57:23.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/17 17:57:23.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/17 17:57:24.0015 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/17 17:57:24.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/17 17:57:24.0390 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/17 17:57:24.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/17 17:57:25.0046 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/17 17:57:25.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/17 17:57:25.0375 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/17 17:57:25.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/17 17:57:25.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/17 17:57:25.0937 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/17 17:57:26.0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/17 17:57:26.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/17 17:57:26.0437 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/17 17:57:26.0593 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/17 17:57:26.0765 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/17 17:57:26.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/17 17:57:27.0062 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/17 17:57:27.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/17 17:57:27.0437 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/17 17:57:27.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/17 17:57:27.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/17 17:57:28.0093 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/17 17:57:28.0093 ================================================================================
2010/11/17 17:57:28.0093 Scan finished
2010/11/17 17:57:28.0093 ================================================================================
2010/11/17 17:57:28.0125 Detected object count: 1
2010/11/17 17:59:35.0671 \HardDisk0 - will be cured after reboot
2010/11/17 17:59:35.0671 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/17 17:59:42.0937 Deinitialize success


3rd run of TDSSkill...just to be sure

2010/11/17 18:22:42.0625 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 18:22:42.0625 ================================================================================
2010/11/17 18:22:42.0625 SystemInfo:
2010/11/17 18:22:42.0625
2010/11/17 18:22:42.0625 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/17 18:22:42.0625 Product type: Workstation
2010/11/17 18:22:42.0625 ComputerName: BENDLEFAMILY
2010/11/17 18:22:42.0625 UserName: bendle family
2010/11/17 18:22:42.0625 Windows directory: C:\WINDOWS
2010/11/17 18:22:42.0625 System windows directory: C:\WINDOWS
2010/11/17 18:22:42.0625 Processor architecture: Intel x86
2010/11/17 18:22:42.0625 Number of processors: 1
2010/11/17 18:22:42.0625 Page size: 0x1000
2010/11/17 18:22:42.0625 Boot type: Normal boot
2010/11/17 18:22:42.0625 ================================================================================
2010/11/17 18:22:43.0328 Initialize success
2010/11/17 18:23:10.0171 Deinitialize success
  • 0

#4
mbendle
Posted 17 November 2010 - 06:36 PM

mbendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Seems to be working okay. Thanks for the help and advice!

Is there anything else I can do? I haven't run the GMER program...
I've updated security essentials and malwarebytes, but I haven't scanned with them yet...

Now that I have OTL,OTM,TDSSkill,ERUNT,GMER and gooredfix on my desktop, can I hurt myself by running them occasionally?
  • 0

#5
Rorschach112
Posted 18 November 2010 - 06:40 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
update mbam run a scan post that log here
  • 0

#6
mbendle
Posted 19 November 2010 - 07:26 PM

mbendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5154

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/19/2010 5:39:02 PM
mbam-log-2010-11-19 (17-39-02).txt

Scan type: Quick scan
Objects scanned: 154801
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
Rorschach112
Posted 20 November 2010 - 11:46 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP