Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer Redirects / Random Ads / Hidden Files After Malwareb


  • This topic is locked This topic is locked

#1
dpstorey

dpstorey

    New Member

  • Member
  • Pip
  • 2 posts
Hello All,

First time posting in here. My PC was attacked by a virus a couple weeks ago. I got a window that said I had hard drive failure and then the icons on my desktop and start menu disappeared. I ran Spyware Doctor and Malwarebytes and was able to remove the Windows Vista Recovery virus (so I thought). Also all icons were removed from my desktop / C drive. I made a change (as advised on another forum) to show ALL hidden files. I can now access all files but they are faded and still hidden. My start menu is still blank. I also restarted my computer to run in Diagnostic / Selective Startup mode in attempt to disable some activities.

Soon after I noticed random audio that sounded like commercials started playing but not from any windows I had open. These seemed to be associated with the iexplorer.exe process which I just had to keep manually closing from Windows Task Manager.

Also, all the links on my Google searches are being redirected to suspicious sites which prompt malicious downloads. I'm not sure if these are related/the same virus. I ran OTL and am ready for assistance.

I AM DESPERATE FOR HELP. THIS IS FOR A BUSINESS COMPUTER AND MY IT TECH BAILED ON ME. THANK YOU TO ANYONE THAT CAN HELP.
  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hello dpstorey :)

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.


Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:
  • TDSSKiller log
  • Combofix log

  • 0

#3
dpstorey

dpstorey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Everything went as instructed. However the Microsoft Windows Recovery Console never prompted an automatic install. Also I had to restart my computer in order for all of my files to reappear on to open Firefox. Looks great so far. Thanks for your quick response. Please advise next step. The log reports are below as requested:

TDSSKiller log is as follows:

2011/06/16 12:01:11.0569 3804 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/16 12:01:12.0214 3804 ================================================================================
2011/06/16 12:01:12.0214 3804 SystemInfo:
2011/06/16 12:01:12.0214 3804
2011/06/16 12:01:12.0214 3804 OS Version: 6.0.6000 ServicePack: 0.0
2011/06/16 12:01:12.0214 3804 Product type: Workstation
2011/06/16 12:01:12.0215 3804 ComputerName: LH-ZLOBFRDZLD5S
2011/06/16 12:01:12.0228 3804 UserName: Administrator
2011/06/16 12:01:12.0228 3804 Windows directory: C:\Windows
2011/06/16 12:01:12.0228 3804 System windows directory: C:\Windows
2011/06/16 12:01:12.0228 3804 Processor architecture: Intel x86
2011/06/16 12:01:12.0229 3804 Number of processors: 2
2011/06/16 12:01:12.0229 3804 Page size: 0x1000
2011/06/16 12:01:12.0229 3804 Boot type: Normal boot
2011/06/16 12:01:12.0229 3804 ================================================================================
2011/06/16 12:01:15.0419 3804 Initialize success
2011/06/16 12:03:23.0773 2604 ================================================================================
2011/06/16 12:03:23.0773 2604 Scan started
2011/06/16 12:03:23.0773 2604 Mode: Manual;
2011/06/16 12:03:23.0773 2604 ================================================================================
2011/06/16 12:03:27.0292 2604 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2011/06/16 12:03:27.0361 2604 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/06/16 12:03:27.0430 2604 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/16 12:03:27.0510 2604 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/16 12:03:27.0606 2604 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/16 12:03:27.0661 2604 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/16 12:03:27.0763 2604 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/06/16 12:03:27.0851 2604 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/16 12:03:27.0939 2604 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/16 12:03:28.0020 2604 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/16 12:03:28.0092 2604 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/16 12:03:28.0138 2604 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/16 12:03:28.0207 2604 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/16 12:03:28.0238 2604 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/16 12:03:28.0327 2604 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/16 12:03:28.0423 2604 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/16 12:03:28.0496 2604 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 12:03:28.0535 2604 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/06/16 12:03:28.0627 2604 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/06/16 12:03:28.0695 2604 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/06/16 12:03:28.0854 2604 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 12:03:28.0958 2604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/16 12:03:29.0022 2604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/16 12:03:29.0174 2604 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/16 12:03:29.0226 2604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/16 12:03:29.0318 2604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/16 12:03:29.0379 2604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/16 12:03:29.0483 2604 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/16 12:03:29.0550 2604 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 12:03:29.0599 2604 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/16 12:03:29.0652 2604 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/16 12:03:29.0726 2604 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/06/16 12:03:29.0811 2604 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 12:03:29.0837 2604 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/16 12:03:29.0895 2604 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 12:03:29.0961 2604 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/16 12:03:30.0004 2604 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/16 12:03:30.0106 2604 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 12:03:30.0260 2604 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/06/16 12:03:30.0371 2604 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 12:03:30.0452 2604 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 12:03:30.0537 2604 e1express (9f3e3f19d28b3b4ff261a1e758f4ad26) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/06/16 12:03:30.0637 2604 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/16 12:03:30.0720 2604 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/06/16 12:03:30.0847 2604 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/16 12:03:30.0960 2604 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 12:03:31.0025 2604 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 12:03:31.0154 2604 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 12:03:31.0260 2604 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 12:03:31.0321 2604 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 12:03:31.0375 2604 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 12:03:31.0428 2604 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 12:03:31.0460 2604 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/16 12:03:31.0512 2604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/16 12:03:31.0735 2604 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/16 12:03:31.0814 2604 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/16 12:03:31.0865 2604 HECI (d0fc694df051bc65946db616f20d1168) C:\Windows\system32\DRIVERS\HECI.sys
2011/06/16 12:03:31.0922 2604 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/16 12:03:31.0977 2604 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/16 12:03:32.0044 2604 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/16 12:03:32.0123 2604 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/16 12:03:32.0321 2604 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/16 12:03:32.0405 2604 HSXHWBS2 (a3077d9ed7ff612a033536a6009dbea5) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/16 12:03:32.0487 2604 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 12:03:32.0568 2604 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/16 12:03:32.0650 2604 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/16 12:03:32.0794 2604 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/06/16 12:03:32.0918 2604 iaStor (de01bf14ffb150c779fd561bd0e3c5c5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/16 12:03:32.0986 2604 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/16 12:03:33.0188 2604 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/16 12:03:33.0305 2604 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/16 12:03:33.0426 2604 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys
2011/06/16 12:03:33.0474 2604 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/16 12:03:33.0519 2604 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 12:03:33.0615 2604 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/16 12:03:33.0641 2604 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/16 12:03:33.0694 2604 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/06/16 12:03:33.0778 2604 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/16 12:03:33.0805 2604 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/16 12:03:33.0856 2604 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/16 12:03:33.0911 2604 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/16 12:03:33.0955 2604 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/16 12:03:34.0020 2604 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/16 12:03:34.0082 2604 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 12:03:34.0227 2604 LHidFilt (75415a95c589a07d6c97baa2d4143916) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/16 12:03:34.0294 2604 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/16 12:03:34.0413 2604 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/06/16 12:03:34.0502 2604 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/06/16 12:03:34.0579 2604 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/06/16 12:03:34.0636 2604 LMouFilt (fcb3f81ac07b8608f921134237823b88) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/16 12:03:34.0724 2604 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/16 12:03:34.0790 2604 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/16 12:03:34.0829 2604 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/16 12:03:34.0870 2604 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/06/16 12:03:34.0970 2604 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/16 12:03:35.0064 2604 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/16 12:03:35.0184 2604 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/06/16 12:03:35.0280 2604 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 12:03:35.0337 2604 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/16 12:03:35.0388 2604 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 12:03:35.0446 2604 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 12:03:35.0476 2604 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/16 12:03:35.0537 2604 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 12:03:35.0620 2604 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/16 12:03:35.0692 2604 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 12:03:35.0751 2604 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 12:03:35.0796 2604 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 12:03:35.0867 2604 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 12:03:35.0948 2604 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/16 12:03:35.0991 2604 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/16 12:03:36.0029 2604 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 12:03:36.0083 2604 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/06/16 12:03:36.0163 2604 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 12:03:36.0201 2604 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 12:03:36.0247 2604 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 12:03:36.0299 2604 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 12:03:36.0350 2604 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/16 12:03:36.0405 2604 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 12:03:36.0471 2604 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/06/16 12:03:36.0594 2604 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 12:03:36.0672 2604 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/06/16 12:03:36.0777 2604 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 12:03:36.0808 2604 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 12:03:36.0839 2604 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 12:03:36.0885 2604 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 12:03:36.0942 2604 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 12:03:36.0973 2604 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 12:03:37.0129 2604 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/06/16 12:03:37.0285 2604 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/16 12:03:37.0372 2604 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys
2011/06/16 12:03:37.0437 2604 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys
2011/06/16 12:03:37.0469 2604 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 12:03:37.0503 2604 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 12:03:37.0605 2604 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 12:03:37.0684 2604 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/16 12:03:37.0778 2604 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/16 12:03:37.0825 2604 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/06/16 12:03:37.0867 2604 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 12:03:37.0914 2604 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 12:03:37.0978 2604 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/16 12:03:38.0168 2604 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/16 12:03:38.0265 2604 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/06/16 12:03:38.0315 2604 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 12:03:38.0351 2604 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/16 12:03:38.0400 2604 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/06/16 12:03:38.0449 2604 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/06/16 12:03:38.0521 2604 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/16 12:03:38.0587 2604 PCTCore (2d5c059c1a12babf336f319f45c161d3) C:\Windows\system32\drivers\PCTCore.sys
2011/06/16 12:03:38.0646 2604 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/06/16 12:03:38.0730 2604 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/06/16 12:03:38.0794 2604 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\WINDOWS\System32\drivers\pctgntdi.sys
2011/06/16 12:03:38.0869 2604 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\WINDOWS\System32\drivers\pctplsg.sys
2011/06/16 12:03:38.0942 2604 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\Windows\system32\Drivers\PCTSD.sys
2011/06/16 12:03:39.0043 2604 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/16 12:03:39.0291 2604 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 12:03:39.0358 2604 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/16 12:03:39.0488 2604 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/16 12:03:39.0786 2604 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/16 12:03:39.0882 2604 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/16 12:03:39.0991 2604 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 12:03:40.0072 2604 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 12:03:40.0161 2604 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 12:03:40.0232 2604 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 12:03:40.0286 2604 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 12:03:40.0375 2604 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 12:03:40.0420 2604 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/16 12:03:40.0441 2604 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 12:03:40.0525 2604 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 12:03:40.0711 2604 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/06/16 12:03:40.0820 2604 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/16 12:03:40.0932 2604 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/16 12:03:41.0000 2604 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/16 12:03:41.0063 2604 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/16 12:03:41.0150 2604 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/16 12:03:41.0250 2604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 12:03:41.0421 2604 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/16 12:03:41.0445 2604 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/06/16 12:03:41.0511 2604 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/06/16 12:03:41.0560 2604 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/16 12:03:41.0591 2604 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/16 12:03:41.0632 2604 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/16 12:03:41.0668 2604 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/16 12:03:41.0715 2604 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/16 12:03:41.0744 2604 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/16 12:03:41.0775 2604 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/16 12:03:41.0825 2604 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 12:03:41.0871 2604 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/06/16 12:03:41.0930 2604 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 12:03:41.0982 2604 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 12:03:42.0021 2604 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 12:03:42.0127 2604 STHDA (419c6c05a7b180341314d96c42b8602b) C:\Windows\system32\drivers\stwrt.sys
2011/06/16 12:03:42.0244 2604 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
2011/06/16 12:03:42.0305 2604 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/16 12:03:42.0398 2604 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/16 12:03:42.0430 2604 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/16 12:03:42.0463 2604 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/16 12:03:42.0618 2604 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 12:03:42.0677 2604 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 12:03:42.0722 2604 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 12:03:42.0774 2604 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 12:03:42.0819 2604 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 12:03:42.0862 2604 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 12:03:42.0911 2604 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/16 12:03:42.0975 2604 TfFsMon (5dcf578c5e1ed53f9f6cc3296d9914de) C:\Windows\system32\drivers\TfFsMon.sys
2011/06/16 12:03:43.0006 2604 TfNetMon (8d18700c1ca06d7e6a9993d1935e595b) C:\Windows\system32\drivers\TfNetMon.sys
2011/06/16 12:03:43.0040 2604 TFSysMon (f14140979ecd43179cab1a4d31fe8ecd) C:\Windows\system32\drivers\TfSysMon.sys
2011/06/16 12:03:43.0168 2604 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/06/16 12:03:43.0248 2604 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 12:03:43.0302 2604 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/16 12:03:43.0373 2604 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 12:03:43.0443 2604 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/16 12:03:43.0487 2604 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 12:03:43.0560 2604 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/16 12:03:43.0622 2604 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/16 12:03:43.0691 2604 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/16 12:03:43.0766 2604 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/16 12:03:43.0820 2604 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/16 12:03:43.0923 2604 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/16 12:03:43.0966 2604 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/16 12:03:44.0053 2604 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/16 12:03:44.0122 2604 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/16 12:03:44.0176 2604 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/16 12:03:44.0236 2604 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/16 12:03:44.0298 2604 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/16 12:03:44.0362 2604 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/16 12:03:44.0418 2604 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/16 12:03:44.0569 2604 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 12:03:44.0621 2604 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/06/16 12:03:44.0668 2604 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/16 12:03:44.0711 2604 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/16 12:03:44.0768 2604 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/16 12:03:44.0832 2604 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/06/16 12:03:44.0896 2604 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 12:03:44.0971 2604 volsnap (ab3e98894bec5b655e1eaf6ae593b063) C:\Windows\system32\drivers\volsnap.sys
2011/06/16 12:03:44.0975 2604 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab3e98894bec5b655e1eaf6ae593b063, Fake md5: 80dc0c9bcb579ed9815001a4d37cbfd5
2011/06/16 12:03:44.0984 2604 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/16 12:03:45.0070 2604 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/16 12:03:45.0188 2604 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/16 12:03:45.0441 2604 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 12:03:45.0544 2604 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 12:03:45.0833 2604 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/16 12:03:46.0279 2604 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 12:03:47.0166 2604 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/16 12:03:47.0855 2604 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/16 12:03:48.0279 2604 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/16 12:03:48.0565 2604 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 12:03:49.0022 2604 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 12:03:49.0422 2604 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/16 12:03:49.0518 2604 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/16 12:03:49.0603 2604 ================================================================================
2011/06/16 12:03:49.0603 2604 Scan finished
2011/06/16 12:03:49.0603 2604 ================================================================================
2011/06/16 12:03:49.0629 4384 Detected object count: 1
2011/06/16 12:03:49.0629 4384 Actual detected object count: 1
2011/06/16 12:04:41.0090 4384 volsnap (ab3e98894bec5b655e1eaf6ae593b063) C:\Windows\system32\drivers\volsnap.sys
2011/06/16 12:04:41.0094 4384 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: ab3e98894bec5b655e1eaf6ae593b063, Fake md5: 80dc0c9bcb579ed9815001a4d37cbfd5
2011/06/16 12:04:45.0977 4384 Backup copy found, using it..
2011/06/16 12:04:46.0087 4384 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot
2011/06/16 12:04:46.0087 4384 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/16 12:06:12.0955 0428 Deinitialize success




Combofix log is as follows:



ComboFix 11-06-15.04 - Administrator 06/16/2011 12:33:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2029.1156 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\feed.txt
C:\install.exe
c:\programdata\windows
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\users\Administrator\g2mdlhlpx.exe
c:\windows\Update.bat
H:\Autorun.inf
c:\windows\system32\gotomon.log . . . . Failed to delete
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 16:40 . 2011-06-16 16:40 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2011-06-16 16:40 . 2011-06-16 16:40 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-06-16 16:31 . 2011-06-16 16:31 -------- d-----w- C:\32788R22FWJFW
2011-06-16 10:37 . 2011-06-16 10:37 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-16 10:37 . 2011-06-16 10:37 -------- d-----w- c:\program files\Trend Micro
2011-06-14 13:26 . 2011-06-14 13:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-31 15:50 . 2011-05-31 15:50 -------- d-----w- c:\users\Administrator\AppData\Local\LogMeIn
2011-05-31 15:49 . 2011-03-01 16:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-05-31 15:49 . 2011-03-01 16:12 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-05-31 15:49 . 2011-03-01 16:12 29568 ----a-w- c:\windows\system32\LMIport.dll
2011-05-31 15:49 . 2010-09-17 19:40 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2011-05-31 15:49 . 2011-03-01 16:12 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-05-31 15:49 . 2011-06-16 10:18 -------- d-----w- c:\programdata\LogMeIn
2011-05-31 15:49 . 2011-05-31 15:50 -------- d-----w- c:\program files\LogMeIn
2011-05-31 14:58 . 2011-05-31 14:58 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-05-25 11:01 . 2011-01-20 17:27 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-05-25 11:01 . 2011-01-20 17:27 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-05-25 11:01 . 2011-01-20 17:27 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-05-24 11:40 . 2011-06-16 16:16 738678 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-24 11:19 . 2011-05-24 12:40 -------- d--h--w- c:\programdata\STOPzilla!
2011-05-19 16:07 . 2011-05-19 16:07 568664 ---ha-w- c:\program files\GoogleEarthPluginSetup.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 16:11 . 2010-02-24 15:21 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-04-08 21:20 . 2011-04-08 21:20 37744 ---ha-w- c:\windows\system32\drivers\rcugawdm.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ---ha-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ---ha-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ---ha-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ---ha-w- c:\windows\system32\dns-sd.exe
2011-04-14 16:26 . 2011-05-31 14:57 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-06-04 822384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-16 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-05-09 1600984]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]
"QuickBooksDB19"="c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe" [2009-10-01 131072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-677293462-4023240598-3488219432-500]
"EnableNotificationsRef"=dword:00000002
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 135664]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-12-16 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-01-20 33552]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service [x]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-04-27 337872]
R4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-02 30192]
R4 QuickBooksDB19;QuickBooksDB19;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2009-10-01 131072]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-02-18 371472]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-03-10 263888]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-01-20 51984]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-01-20 69392]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2011-01-17 251560]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [2011-03-10 233976]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-28 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2010-02-22 5504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc22a82079f0b4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 16:25]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc22a821c90bc1.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-05 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.1 167.206.112.138 167.206.7.4
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tzf0o5kz.default\
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-39308736.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 12:42
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c9,b7,c8,85,f2,70,4f,a5,d9,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,87,40,ee,12,f7,35,49,a5,22,dc,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c9,b7,c8,85,f2,70,4f,a5,d9,c8,\
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-677293462-4023240598-3488219432-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c9,b7,c8,85,f2,70,4f,a5,d9,c8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c9,b7,c8,85,f2,70,4f,a5,d9,c8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-06-16 12:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 16:50
.
Pre-Run: 47,955,144,704 bytes free
Post-Run: 47,761,100,800 bytes free
.
- - End Of File - - FA2FD2762329B734224A6B9B7E29C2FD
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#5
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP