Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect virus


  • This topic is locked This topic is locked

#1
tnfloorman

tnfloorman

    New Member

  • Member
  • Pip
  • 2 posts
We have a redirect virus that sends us to different sites when we click on search results. We have had this problem for 6 months or more. Please help, this is making it really difficult to use the computer.

I ran a scan from OTL, here is the log.

OTL Extras logfile created on: 6/18/2011 1:44:52 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 27.86% Memory free
1.19 Gb Paging File | 0.58 Gb Available in Paging File | 48.34% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.54 Gb Free Space | 60.52% Space Free | Partition Type: NTFS

Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\QFloors\Q_Floors.exe" = C:\QFloors\Q_Floors.exe:*:Enabled:Q_Floors -- (Flooring Technologies)
"C:\Program Files\Symantec\pcAnywhere\WinAw32.exe" = C:\Program Files\Symantec\pcAnywhere\WinAw32.exe:*:Enabled:pcAnywhere Main Executable
"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service
"C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\Program Files\DataApples\BeyondRemote\BRServer.exe" = C:\Program Files\DataApples\BeyondRemote\BRServer.exe:*:Enabled:Beyond Remote Host -- (Data Apples Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{05F4061B-93C2-47BD-B8E1-1F71C8DB9949}" = MyLabels Premium
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 23
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}" = MySoftware Fonts
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Beyond Remote Host" = Beyond Remote Host
"CleanUp!" = CleanUp!
"CXT1059" = Broadxent V.92 PCI DI3631-1
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pawn" = Pawn
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"QFloors 3.x" = QFloors 3.x
"Registry Repair_is1" = Registry Repair 2.3
"Shockwave" = Shockwave
"SLABCOMM&10C4&EA60" = CP210x USB to UART Bridge Controller
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2011 10:30:55 AM | Computer Name = D7CBTQ31 | Source = BRServer.exe | ID = 1
Description =

Error - 4/11/2011 9:01:27 AM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1002
Description = Hanging application Q_Floors.exe, version 5.0.60.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 5:00:13 AM | Computer Name = D7CBTQ31 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 4/13/2011 6:01:18 PM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1002
Description = Hanging application Q_Floors.exe, version 5.0.60.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2011 6:01:19 PM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1002
Description = Hanging application Q_Floors.exe, version 5.0.60.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 10:23:11 AM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2011 10:23:19 AM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/19/2011 6:16:13 PM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1002
Description = Hanging application Q_Floors.exe, version 5.0.60.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/16/2011 5:44:55 AM | Computer Name = D7CBTQ31 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/18/2011 2:44:41 PM | Computer Name = D7CBTQ31 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.24.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/11/2011 10:14:05 AM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Beyond Remote Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/13/2011 11:07:09 AM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Beyond Remote Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/2/2011 8:55:54 AM | Computer Name = D7CBTQ31 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.4 on
the Network Card with network address 000D56513405.

Error - 5/10/2011 12:03:36 PM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Beyond Remote Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/10/2011 12:23:49 PM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Beyond Remote Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/20/2011 9:16:57 AM | Computer Name = D7CBTQ31 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.4 on
the Network Card with network address 000D56513405.

Error - 6/1/2011 3:49:57 PM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Trend Micro Personal Firewall service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/1/2011 3:55:54 PM | Computer Name = D7CBTQ31 | Source = Print | ID = 6161
Description = The document Invoice Report owned by Kevin Davenport failed to print
on printer HP LaserJet P1006. Data type: PMJOURNAL. Size of the spool file in bytes:
7343. Number of bytes printed: 0. Total number of pages in the document: 1. Number
of pages printed: 0. Client machine: \\D7CBTQ31. Win32 error code returned by the
print processor: 8 (0x8).

Error - 6/1/2011 4:27:56 PM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Beyond Remote Server service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/16/2011 9:36:08 AM | Computer Name = D7CBTQ31 | Source = Service Control Manager | ID = 7034
Description = The Beyond Remote Server service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

Edited by tnfloorman, 20 June 2011 - 11:36 AM.

  • 0

Advertisements


#2
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
tnfloorman

tnfloorman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Okay ran the scan and no problems found. Now what? thanks for the help.


2011/06/20 12:27:02.0000 1392 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/20 12:27:04.0015 1392 ================================================================================
2011/06/20 12:27:04.0015 1392 SystemInfo:
2011/06/20 12:27:04.0015 1392
2011/06/20 12:27:04.0015 1392 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/20 12:27:04.0015 1392 Product type: Workstation
2011/06/20 12:27:04.0015 1392 ComputerName:
2011/06/20 12:27:04.0015 1392 UserName:
2011/06/20 12:27:04.0015 1392 Windows directory: C:\WINDOWS
2011/06/20 12:27:04.0015 1392 System windows directory: C:\WINDOWS
2011/06/20 12:27:04.0015 1392 Processor architecture: Intel x86
2011/06/20 12:27:04.0015 1392 Number of processors: 1
2011/06/20 12:27:04.0015 1392 Page size: 0x1000
2011/06/20 12:27:04.0015 1392 Boot type: Normal boot
2011/06/20 12:27:04.0015 1392 ================================================================================
2011/06/20 12:27:07.0015 1392 Initialize success
2011/06/20 12:27:11.0921 0196 ================================================================================
2011/06/20 12:27:11.0921 0196 Scan started
2011/06/20 12:27:11.0921 0196 Mode: Manual;
2011/06/20 12:27:11.0921 0196 ================================================================================
2011/06/20 12:27:16.0234 0196 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2011/06/20 12:27:16.0531 0196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/20 12:27:16.0796 0196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/20 12:27:17.0140 0196 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2011/06/20 12:27:17.0453 0196 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/20 12:27:17.0718 0196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/20 12:27:18.0125 0196 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/20 12:27:18.0406 0196 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
2011/06/20 12:27:18.0687 0196 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2011/06/20 12:27:19.0062 0196 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2011/06/20 12:27:19.0390 0196 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2011/06/20 12:27:19.0687 0196 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2011/06/20 12:27:20.0046 0196 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2011/06/20 12:27:20.0328 0196 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2011/06/20 12:27:20.0625 0196 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2011/06/20 12:27:20.0937 0196 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2011/06/20 12:27:21.0296 0196 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2011/06/20 12:27:21.0593 0196 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2011/06/20 12:27:21.0890 0196 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2011/06/20 12:27:22.0250 0196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/20 12:27:22.0531 0196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/20 12:27:23.0031 0196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/20 12:27:23.0312 0196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/20 12:27:23.0546 0196 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/20 12:27:23.0828 0196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/20 12:27:24.0171 0196 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2011/06/20 12:27:24.0468 0196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/20 12:27:24.0687 0196 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2011/06/20 12:27:25.0031 0196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/20 12:27:25.0343 0196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/20 12:27:25.0671 0196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/20 12:27:26.0343 0196 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2011/06/20 12:27:26.0609 0196 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/20 12:27:26.0937 0196 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2011/06/20 12:27:27.0250 0196 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2011/06/20 12:27:27.0578 0196 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2011/06/20 12:27:27.0890 0196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/20 12:27:28.0203 0196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/20 12:27:28.0484 0196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/20 12:27:28.0750 0196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/20 12:27:29.0078 0196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/20 12:27:29.0343 0196 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2011/06/20 12:27:29.0562 0196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/20 12:27:29.0781 0196 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/06/20 12:27:30.0046 0196 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/06/20 12:27:30.0250 0196 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/06/20 12:27:30.0546 0196 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/06/20 12:27:30.0890 0196 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/06/20 12:27:31.0312 0196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/20 12:27:31.0609 0196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/20 12:27:31.0890 0196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/20 12:27:32.0234 0196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/20 12:27:32.0500 0196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/20 12:27:32.0796 0196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/20 12:27:33.0109 0196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/20 12:27:33.0421 0196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/20 12:27:33.0750 0196 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2011/06/20 12:27:34.0171 0196 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/06/20 12:27:34.0484 0196 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/20 12:27:34.0765 0196 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2011/06/20 12:27:35.0078 0196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/20 12:27:35.0343 0196 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/20 12:27:35.0593 0196 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2011/06/20 12:27:35.0875 0196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/20 12:27:36.0171 0196 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2011/06/20 12:27:36.0531 0196 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2011/06/20 12:27:36.0828 0196 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2011/06/20 12:27:37.0109 0196 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2011/06/20 12:27:37.0390 0196 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2011/06/20 12:27:37.0687 0196 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2011/06/20 12:27:37.0968 0196 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2011/06/20 12:27:38.0250 0196 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2011/06/20 12:27:38.0687 0196 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2011/06/20 12:27:38.0968 0196 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2011/06/20 12:27:39.0312 0196 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/20 12:27:39.0718 0196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/20 12:27:40.0093 0196 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2011/06/20 12:27:40.0375 0196 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/20 12:27:40.0656 0196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/20 12:27:40.0953 0196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/20 12:27:41.0296 0196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/20 12:27:41.0625 0196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/20 12:27:42.0015 0196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/20 12:27:42.0328 0196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/20 12:27:42.0625 0196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/20 12:27:42.0937 0196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/20 12:27:43.0296 0196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/20 12:27:43.0546 0196 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/20 12:27:43.0812 0196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/20 12:27:44.0062 0196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/20 12:27:44.0453 0196 mdmxsdk (29174d3d90ee4244fda6355a859691be) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/20 12:27:44.0687 0196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/20 12:27:44.0984 0196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/20 12:27:45.0187 0196 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/20 12:27:45.0375 0196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/20 12:27:45.0593 0196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/20 12:27:45.0828 0196 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2011/06/20 12:27:46.0062 0196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/20 12:27:46.0375 0196 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/20 12:27:46.0656 0196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/20 12:27:46.0921 0196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/20 12:27:47.0156 0196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/20 12:27:47.0375 0196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/20 12:27:47.0578 0196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/20 12:27:47.0796 0196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/20 12:27:48.0062 0196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/20 12:27:48.0312 0196 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/20 12:27:48.0546 0196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/20 12:27:48.0765 0196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/20 12:27:49.0031 0196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/20 12:27:49.0218 0196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/20 12:27:49.0453 0196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/20 12:27:49.0796 0196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/20 12:27:50.0109 0196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/20 12:27:50.0375 0196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/20 12:27:50.0687 0196 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/20 12:27:51.0203 0196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/20 12:27:51.0531 0196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/20 12:27:51.0843 0196 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/06/20 12:27:52.0109 0196 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/06/20 12:27:52.0375 0196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/20 12:27:52.0671 0196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/20 12:27:52.0875 0196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/20 12:27:53.0218 0196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/20 12:27:53.0640 0196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/20 12:27:53.0906 0196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/20 12:27:54.0968 0196 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2011/06/20 12:27:55.0250 0196 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2011/06/20 12:27:55.0625 0196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/20 12:27:55.0921 0196 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/20 12:27:56.0265 0196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/20 12:27:56.0515 0196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/20 12:27:56.0781 0196 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/20 12:27:57.0062 0196 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2011/06/20 12:27:57.0390 0196 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2011/06/20 12:27:57.0671 0196 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2011/06/20 12:27:58.0031 0196 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2011/06/20 12:27:58.0296 0196 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2011/06/20 12:27:58.0562 0196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/20 12:27:58.0812 0196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/20 12:27:59.0125 0196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/20 12:27:59.0359 0196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/20 12:27:59.0640 0196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/20 12:28:00.0031 0196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/20 12:28:00.0453 0196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/20 12:28:00.0765 0196 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/20 12:28:01.0046 0196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/20 12:28:01.0390 0196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/20 12:28:01.0687 0196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/20 12:28:01.0937 0196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/20 12:28:02.0328 0196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/20 12:28:02.0687 0196 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2011/06/20 12:28:03.0062 0196 slabbus (00746035c28e913fb14bc0c94205c863) C:\WINDOWS\system32\DRIVERS\slabbus.sys
2011/06/20 12:28:03.0375 0196 slabser (c471a21df9a26deb2ff5e8eccb4db622) C:\WINDOWS\system32\DRIVERS\slabser.sys
2011/06/20 12:28:03.0765 0196 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/20 12:28:04.0171 0196 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2011/06/20 12:28:04.0437 0196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/20 12:28:04.0671 0196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/20 12:28:05.0171 0196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/20 12:28:05.0546 0196 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/06/20 12:28:05.0859 0196 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/06/20 12:28:06.0171 0196 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/06/20 12:28:06.0437 0196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/20 12:28:06.0703 0196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/20 12:28:07.0015 0196 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2011/06/20 12:28:07.0296 0196 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2011/06/20 12:28:07.0609 0196 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2011/06/20 12:28:07.0875 0196 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2011/06/20 12:28:08.0156 0196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/20 12:28:08.0453 0196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/20 12:28:08.0687 0196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/20 12:28:08.0968 0196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/20 12:28:09.0203 0196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/20 12:28:09.0484 0196 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/06/20 12:28:09.0765 0196 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/06/20 12:28:10.0046 0196 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/06/20 12:28:10.0328 0196 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/06/20 12:28:10.0593 0196 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/06/20 12:28:10.0937 0196 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/06/20 12:28:11.0484 0196 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/06/20 12:28:12.0140 0196 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/06/20 12:28:12.0890 0196 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/06/20 12:28:13.0562 0196 tmactmon (02ffe7402fb07f2f64d1ac6866345087) C:\WINDOWS\system32\drivers\tmactmon.sys
2011/06/20 12:28:13.0828 0196 tmcfw (73d3b5d101e3202c268ffe851574b6eb) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
2011/06/20 12:28:14.0250 0196 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/06/20 12:28:14.0609 0196 tmevtmgr (efe60b70fa964459dde55039c5b05be7) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2011/06/20 12:28:14.0906 0196 tmpreflt (9cbbe54780770fdb7aaa73be530e4d80) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2011/06/20 12:28:15.0203 0196 tmtdi (ce1321671eee4520b9b50cd513f67dad) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/06/20 12:28:15.0453 0196 tmxpflt (6cc393305bd60056ca09a4c8032a169a) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2011/06/20 12:28:15.0796 0196 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2011/06/20 12:28:16.0093 0196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/20 12:28:16.0390 0196 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2011/06/20 12:28:16.0703 0196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/20 12:28:17.0093 0196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/20 12:28:17.0359 0196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/20 12:28:17.0687 0196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/20 12:28:17.0984 0196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/20 12:28:18.0328 0196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/20 12:28:18.0687 0196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/20 12:28:18.0937 0196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/20 12:28:19.0312 0196 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2011/06/20 12:28:19.0578 0196 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2011/06/20 12:28:19.0890 0196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/20 12:28:20.0328 0196 vsapint (bbdd84ca629c1f7c8172b4405867f196) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2011/06/20 12:28:20.0765 0196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/20 12:28:21.0500 0196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/20 12:28:21.0875 0196 Winachcf (0ab973f5c373d58839632da1bee4c20b) C:\WINDOWS\system32\DRIVERS\winachcf.sys
2011/06/20 12:28:22.0437 0196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/20 12:28:22.0687 0196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/20 12:28:23.0031 0196 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/20 12:28:23.0328 0196 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/20 12:28:23.0437 0196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/20 12:28:23.0687 0196 ================================================================================
2011/06/20 12:28:23.0687 0196 Scan finished
2011/06/20 12:28:23.0687 0196 ================================================================================
2011/06/20 12:28:23.0812 2852 Detected object count: 0
2011/06/20 12:28:23.0812 2852 Actual detected object count: 0
  • 0

#4
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
ali.B

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP