Author Topic: mega virus problems (Read 2074 times)

Zoltarian · « **on:** August 12, 2011, 02:38:03 PM »

hellow i have problems with my computer, whenever i click a link of of google msn yahooect it goes to something completely difrrent unless i copy and paste it in the address bar i am also unable to play my favirite games World of Warcraft and League of Legends as it wont let me connect to them i also played starcarft 2 but was unable to download a patch so i tryed to reinstall it, when i hit ok on the selection path my cpu freezes plz help

GR@PH;<'S · « **Reply #1 on:** August 12, 2011, 04:38:46 PM »

Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please advise the results of the on-line scan conducted.
Then, should you still need additional help, please post the requested logs from Log Posting Instructions as a reply.
some one will then advise you further.

GR@PH;<'S

Zoltarian · « **Reply #2 on:** August 12, 2011, 06:07:59 PM »

Results of screen317's Security Check version 0.99.18
Windows Vista (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.32.18
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Corrine · « **Reply #3 on:** August 12, 2011, 08:17:56 PM »

Hi, Zoltarian. Welcome to LandzDown Forum.

You are going to have a lot of cleanup to do of out-of-date and vulnerable software. Please stick with us so we can help you prevent reinfection.

Is the Norton antivirus that is installed on your computer current or have you switched to Avast? If you have switched to Avast, you need to uninstall Norton and activate the Windows firewall. Otherwise, you are advised to uninstall Avast, as two antivirus programs can cause conflicts.

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

Download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2

Double-Click dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Note: It may be necessary to create two or more replies to fit the three logs.

Zoltarian · « **Reply #4 on:** August 13, 2011, 01:13:23 PM »

2011/08/13 09:00:37.0318 4660   TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/13 09:00:37.0442 4660   ================================================================================
2011/08/13 09:00:37.0442 4660   SystemInfo:
2011/08/13 09:00:37.0442 4660
2011/08/13 09:00:37.0442 4660   OS Version: 6.0.6000 ServicePack: 0.0
2011/08/13 09:00:37.0442 4660   Product type: Workstation
2011/08/13 09:00:37.0442 4660   ComputerName: ANDY-PC
2011/08/13 09:00:37.0442 4660   UserName: Andy
2011/08/13 09:00:37.0442 4660   Windows directory: C:\Windows
2011/08/13 09:00:37.0442 4660   System windows directory: C:\Windows
2011/08/13 09:00:37.0442 4660   Processor architecture: Intel x86
2011/08/13 09:00:37.0442 4660   Number of processors: 2
2011/08/13 09:00:37.0442 4660   Page size: 0x1000
2011/08/13 09:00:37.0442 4660   Boot type: Normal boot
2011/08/13 09:00:37.0442 4660   ================================================================================
2011/08/13 09:00:39.0720 4660   Initialize success
2011/08/13 09:00:43.0760 2456   ================================================================================
2011/08/13 09:00:43.0760 2456   Scan started
2011/08/13 09:00:43.0760 2456   Mode: Manual;
2011/08/13 09:00:43.0760 2456   ================================================================================
2011/08/13 09:00:46.0444 2456   ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/08/13 09:00:46.0522 2456   adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/13 09:00:46.0568 2456   adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/13 09:00:46.0600 2456   adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/13 09:00:46.0646 2456   adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/13 09:00:46.0740 2456   AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/08/13 09:00:46.0802 2456   agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/13 09:00:46.0849 2456   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/13 09:00:46.0896 2456   aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/13 09:00:46.0912 2456   amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/13 09:00:47.0083 2456   amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/13 09:00:47.0114 2456   AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/13 09:00:47.0161 2456   AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/13 09:00:47.0208 2456   arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/13 09:00:47.0239 2456   arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/13 09:00:47.0333 2456   aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\Windows\system32\drivers\aswFsBlk.sys
2011/08/13 09:00:47.0395 2456   aswMonFlt (ff83c93aeee8b0cf4b464ca667a67acd) C:\Windows\system32\drivers\aswMonFlt.sys
2011/08/13 09:00:47.0426 2456   aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\Windows\system32\drivers\aswRdr.sys
2011/08/13 09:00:47.0458 2456   aswSnx (17230708a2028cd995656df455f2e303) C:\Windows\system32\drivers\aswSnx.sys
2011/08/13 09:00:47.0536 2456   aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\Windows\system32\drivers\aswSP.sys
2011/08/13 09:00:47.0598 2456   aswTdi (984cfce2168286c2511695c2f9621475) C:\Windows\system32\drivers\aswTdi.sys
2011/08/13 09:00:47.0660 2456   AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/13 09:00:47.0707 2456   atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/08/13 09:00:47.0770 2456   athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
2011/08/13 09:00:47.0972 2456   atikmdag (5e80c91ca04c46a9ac6d4f39e1bce636) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/13 09:00:48.0191 2456   BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/13 09:00:48.0284 2456   BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/13 09:00:48.0347 2456   Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/08/13 09:00:48.0425 2456   bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/13 09:00:48.0487 2456   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/13 09:00:48.0503 2456   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/13 09:00:48.0565 2456   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/13 09:00:48.0612 2456   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/13 09:00:48.0643 2456   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/13 09:00:48.0674 2456   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/13 09:00:48.0706 2456   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/13 09:00:48.0752 2456   cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/13 09:00:48.0799 2456   cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/13 09:00:48.0830 2456   circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/13 09:00:48.0893 2456   CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/08/13 09:00:48.0986 2456   CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/13 09:00:49.0018 2456   cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/13 09:00:49.0080 2456   Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/13 09:00:49.0127 2456   crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/13 09:00:49.0158 2456   Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/13 09:00:49.0236 2456   DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/13 09:00:49.0283 2456   disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/08/13 09:00:49.0361 2456   DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/08/13 09:00:49.0454 2456   dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/13 09:00:49.0532 2456   Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/13 09:00:49.0564 2456   Dot4Scan (8455e3fb3738ef33f0c6073a3efa013e) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/08/13 09:00:49.0595 2456   dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/13 09:00:49.0642 2456   drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/08/13 09:00:49.0720 2456   DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/13 09:00:49.0766 2456   E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/13 09:00:49.0829 2456   Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/08/13 09:00:49.0969 2456   eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/13 09:00:50.0078 2456   elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/13 09:00:50.0266 2456   fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/08/13 09:00:50.0312 2456   fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/13 09:00:50.0390 2456   FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/08/13 09:00:50.0484 2456   Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/08/13 09:00:50.0546 2456   flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/13 09:00:50.0562 2456   FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/08/13 09:00:50.0593 2456   Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/13 09:00:50.0640 2456   gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/13 09:00:50.0702 2456   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/13 09:00:50.0765 2456   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/13 09:00:50.0812 2456   HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/13 09:00:50.0843 2456   HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/13 09:00:50.0905 2456   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/13 09:00:50.0983 2456   HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/13 09:00:51.0030 2456   HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/13 09:00:51.0092 2456   HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/13 09:00:51.0170 2456   HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/13 09:00:51.0248 2456   HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/13 09:00:51.0311 2456   HTTP (5637078f2ab4e28f0e308a26089d9c92) C:\Windows\system32\drivers\HTTP.sys
2011/08/13 09:00:51.0342 2456   i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/13 09:00:51.0420 2456   i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/13 09:00:51.0514 2456   ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/13 09:00:51.0607 2456   iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/13 09:00:51.0763 2456   IDSvix86 (bbbc8b3f0db98ef2494327694222d658) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100112.001\IDSvix86.sys
2011/08/13 09:00:51.0810 2456   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/13 09:00:51.0904 2456   int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/08/13 09:00:52.0044 2456   IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/13 09:00:52.0153 2456   intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/08/13 09:00:52.0231 2456   intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/13 09:00:52.0340 2456   IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/13 09:00:52.0403 2456   IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/13 09:00:52.0450 2456   IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/13 09:00:52.0496 2456   irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys
2011/08/13 09:00:52.0543 2456   IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/08/13 09:00:52.0590 2456   isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/13 09:00:52.0637 2456   iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/13 09:00:52.0668 2456   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/13 09:00:52.0715 2456   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/13 09:00:52.0777 2456   kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/13 09:00:52.0808 2456   kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/08/13 09:00:52.0886 2456   KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/13 09:00:52.0949 2456   lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/13 09:00:52.0996 2456   LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/13 09:00:53.0027 2456   LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/13 09:00:53.0058 2456   LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/13 09:00:53.0105 2456   luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/08/13 09:00:53.0152 2456   MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/13 09:00:53.0198 2456   MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/08/13 09:00:53.0261 2456   mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/13 09:00:53.0308 2456   megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/13 09:00:53.0354 2456   Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/08/13 09:00:53.0432 2456   monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/13 09:00:53.0464 2456   mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/13 09:00:53.0510 2456   mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/13 09:00:53.0542 2456   MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/08/13 09:00:53.0588 2456   mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/13 09:00:53.0620 2456   mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/13 09:00:53.0666 2456   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/13 09:00:53.0713 2456   MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/08/13 09:00:53.0760 2456   mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/13 09:00:53.0822 2456   mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/13 09:00:53.0838 2456   mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/13 09:00:53.0869 2456   msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/13 09:00:53.0916 2456   msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/13 09:00:53.0947 2456   Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/08/13 09:00:53.0994 2456   msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/08/13 09:00:54.0041 2456   MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/13 09:00:54.0103 2456   MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/13 09:00:54.0134 2456   MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/08/13 09:00:54.0166 2456   MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/08/13 09:00:54.0212 2456   mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/13 09:00:54.0259 2456   MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/08/13 09:00:54.0306 2456   Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/08/13 09:00:54.0368 2456   NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/13 09:00:54.0446 2456   NDIS (d370af435c7db8e307c9dc45521eb48d) C:\Windows\system32\drivers\ndis.sys
2011/08/13 09:00:54.0462 2456   NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/08/13 09:00:54.0524 2456   NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/13 09:00:54.0556 2456   Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/13 09:00:54.0587 2456   NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/13 09:00:54.0634 2456   NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/13 09:00:54.0680 2456   netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/13 09:00:54.0743 2456   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/13 09:00:54.0836 2456   Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/08/13 09:00:54.0868 2456   NSCIRDA (c9294e01e45139fd77e16ec07fd86f61) C:\Windows\system32\DRIVERS\nscirda.sys
2011/08/13 09:00:54.0899 2456   nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/13 09:00:54.0992 2456   Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/08/13 09:00:55.0086 2456   NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/08/13 09:00:55.0117 2456   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/13 09:00:55.0148 2456   Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/08/13 09:00:55.0195 2456   nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/13 09:00:55.0211 2456   nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/13 09:00:55.0242 2456   nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/13 09:00:55.0336 2456   O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\Windows\system32\DRIVERS\o2media.sys
2011/08/13 09:00:55.0382 2456   O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\Windows\system32\DRIVERS\o2sd.sys
2011/08/13 09:00:55.0445 2456   ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/13 09:00:55.0507 2456   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/13 09:00:55.0538 2456   partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/08/13 09:00:55.0585 2456   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/13 09:00:55.0616 2456   pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/08/13 09:00:55.0694 2456   pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/08/13 09:00:55.0710 2456   pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/13 09:00:55.0788 2456   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/13 09:00:55.0928 2456   PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/13 09:00:55.0960 2456   Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/13 09:00:56.0053 2456   PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/13 09:00:56.0100 2456   PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/08/13 09:00:56.0147 2456   PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/08/13 09:00:56.0178 2456   psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/08/13 09:00:56.0256 2456   ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/13 09:00:56.0318 2456   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/13 09:00:56.0381 2456   QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/13 09:00:56.0396 2456   RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/13 09:00:56.0443 2456   Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/13 09:00:56.0474 2456   RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/13 09:00:56.0506 2456   rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/13 09:00:56.0537 2456   RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/13 09:00:56.0599 2456   rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/13 09:00:56.0615 2456   RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/13 09:00:56.0677 2456   RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/08/13 09:00:56.0740 2456   rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/13 09:00:56.0786 2456   RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/13 09:00:56.0896 2456   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/13 09:00:56.0958 2456   sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/13 09:00:57.0036 2456   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/13 09:00:57.0317 2456   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/13 09:00:57.0364 2456   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/13 09:00:57.0410 2456   sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/08/13 09:00:57.0473 2456   sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/13 09:00:57.0504 2456   sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/13 09:00:57.0535 2456   sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/13 09:00:57.0598 2456   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/13 09:00:57.0629 2456   sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/13 09:00:57.0676 2456   SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/13 09:00:57.0707 2456   SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/13 09:00:57.0754 2456   Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/08/13 09:00:57.0894 2456   SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/08/13 09:00:57.0972 2456   spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/08/13 09:00:58.0066 2456   srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
2011/08/13 09:00:58.0112 2456   srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/13 09:00:58.0159 2456   srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/13 09:00:58.0237 2456   ssfs0bbc (010232855e1903f70bd34afa026543c4) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
2011/08/13 09:00:58.0268 2456   sshrmd (1b4edfe8d487277fcbaf6905d255f855) C:\Windows\system32\DRIVERS\sshrmd.sys
2011/08/13 09:00:58.0315 2456   ssidrv (72b663021fc7a23ed7241092558fe573) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/08/13 09:00:58.0378 2456   StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/13 09:00:58.0440 2456   swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/13 09:00:58.0487 2456   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/13 09:00:58.0534 2456   SYMDNS (55a216212c89de109bde71a5f440593c) C:\Windows\System32\Drivers\SYMDNS.SYS
2011/08/13 09:00:58.0596 2456   SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/08/13 09:00:58.0643 2456   SYMFW (3f72da2a613ae5da86c7002737fe56b3) C:\Windows\System32\Drivers\SYMFW.SYS
2011/08/13 09:00:58.0674 2456   SYMIDS (cf88c0fa1fb45fd49fa1f4adf6251ea6) C:\Windows\System32\Drivers\SYMIDS.SYS
2011/08/13 09:00:58.0705 2456   SYMNDISV (105f0717ab5049a0a40d55c524b4c2e5) C:\Windows\System32\Drivers\SYMNDISV.SYS
2011/08/13 09:00:58.0736 2456   SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/08/13 09:00:58.0768 2456   SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/08/13 09:00:58.0814 2456   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/13 09:00:58.0846 2456   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/13 09:00:58.0877 2456   SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/13 09:00:59.0002 2456   Tcpip (300208927321066ea53761fdc98747c6) C:\Windows\system32\drivers\tcpip.sys
2011/08/13 09:00:59.0064 2456   Tcpip6 (300208927321066ea53761fdc98747c6) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/13 09:00:59.0111 2456   tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/13 09:00:59.0142 2456   TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/08/13 09:00:59.0173 2456   TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/08/13 09:00:59.0220 2456   tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/13 09:00:59.0267 2456   TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/13 09:00:59.0345 2456   tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/13 09:00:59.0407 2456   tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/13 09:00:59.0454 2456   tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/13 09:00:59.0485 2456   uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/13 09:00:59.0532 2456   udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/13 09:00:59.0579 2456   uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/13 09:00:59.0626 2456   uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/13 09:00:59.0672 2456   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/13 09:00:59.0704 2456   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/13 09:00:59.0750 2456   umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/13 09:00:59.0860 2456   usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/08/13 09:00:59.0938 2456   usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/13 09:00:59.0969 2456   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/13 09:01:00.0016 2456   usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/13 09:01:00.0047 2456   usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/13 09:01:00.0094 2456   usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/13 09:01:00.0125 2456   usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/13 09:01:00.0172 2456   usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/13 09:01:00.0218 2456   USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/13 09:01:00.0250 2456   usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/13 09:01:00.0296 2456   usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/13 09:01:00.0359 2456   vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/13 09:01:00.0390 2456   VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/08/13 09:01:00.0437 2456   viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/13 09:01:00.0468 2456   ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/13 09:01:00.0499 2456   viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/13 09:01:00.0546 2456   volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/08/13 09:01:00.0593 2456   volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/08/13 09:01:00.0640 2456   volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/08/13 09:01:00.0686 2456   vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/13 09:01:00.0749 2456   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/13 09:01:00.0811 2456   Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/13 09:01:00.0842 2456   Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/13 09:01:00.0889 2456   Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/13 09:01:00.0952 2456   Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/13 09:01:01.0061 2456   winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/13 09:01:01.0170 2456   WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/13 09:01:01.0264 2456   WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/13 09:01:01.0342 2456   ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/13 09:01:01.0404 2456   WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/13 09:01:01.0435 2456   XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/13 09:01:01.0529 2456   yukonwlh (7927e830ecde6db3682cc319bad26984) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/08/13 09:01:01.0607 2456   {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/08/13 09:01:01.0654 2456   MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/08/13 09:01:01.0763 2456   Boot (0x1200) (997e8bd71313f39ff32ce6101324050c) \Device\Harddisk0\DR0\Partition0
2011/08/13 09:01:01.0794 2456   Boot (0x1200) (c33fbef5b685e87d909df93abe6ecd59) \Device\Harddisk0\DR0\Partition1
2011/08/13 09:01:01.0810 2456   ================================================================================
2011/08/13 09:01:01.0810 2456   Scan finished
2011/08/13 09:01:01.0810 2456   ================================================================================
2011/08/13 09:01:01.0825 4492   Detected object count: 1
2011/08/13 09:01:01.0825 4492   Actual detected object count: 1
2011/08/13 09:01:19.0360 4492   C:\Windows\system32\drivers\ndis.sys - processing error
2011/08/13 09:01:19.0360 4492   Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Cure

Zoltarian · « **Reply #5 on:** August 13, 2011, 01:15:34 PM »

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Andy at 9:06:40 on 2011-08-13
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSEARCH PAGE = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [Acer Tour Reminder]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [SUPERAntiSpyware] "D:\SUPERAntiSpyware.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Acer Tour]
mRun: [PLFSet] "rundll32.exe" c:\windows\PLFSet.dll,PLFDefSetting
mRun: [eRecoveryService]
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "d:\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "d:\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [Ckoqi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\dnrvip.dll",Startup
dRunOnce: [nChApKf15400] c:\programdata\nchapkf15400\nChApKf15400.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{301D842A-C7D9-4159-A152-DE9D516F19BC} : DhcpNameServer = 192.168.15.1
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-08-12 15:26:03   2829   ----a-w-   c:\windows\War3Unin.pif
2011-08-12 15:26:03   139264   ----a-w-   c:\windows\War3Unin.exe
2011-08-12 14:30:08   --------   d-----w-   c:\program files\TeamViewer
2011-08-12 02:32:09   --------   d-----w-   c:\users\andy\appdata\roaming\Malwarebytes
2011-08-12 02:31:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 02:31:49   --------   d-----w-   c:\programdata\Malwarebytes
2011-08-12 02:31:44   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-10 02:10:25   500840   ----a-w-   c:\windows\system32\drivers\ndis.sys
2011-08-08 14:15:09   --------   d-sh--w-   C:\found.009
2011-08-08 13:46:08   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-08-08 13:46:05   54104   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-08-08 13:44:52   40112   ----a-w-   c:\windows\avastSS.scr
2011-08-08 13:44:33   --------   d-----w-   c:\programdata\AVAST Software
2011-08-08 13:44:33   --------   d-----w-   c:\program files\AVAST Software
2011-08-05 22:54:09   --------   d-----w-   c:\users\andy\appdata\roaming\ConsumerSoft
2011-08-05 22:54:03   --------   d-----w-   c:\program files\ConsumerSoft
2011-07-30 15:44:15   --------   d-----w-   c:\program files\Lavasoft
2011-07-19 15:31:07   --------   d-----w-   c:\users\andy\appdata\local\LogMeIn Hamachi
.
==================== Find3M ====================
.
.
============= FINISH: 9:09:51.60 ===============

Zoltarian · « **Reply #6 on:** August 13, 2011, 01:23:07 PM »

here is the vipped folder

Corrine · « **Reply #7 on:** August 13, 2011, 06:51:08 PM »

Hi, Zoltarian.

The file you attached was a second copy of DDS.txt. Please copy/paste Attach.txt (do not zip and attach) as a reply.

Thanks.

Zoltarian · « **Reply #8 on:** August 13, 2011, 07:15:15 PM »

My bad:(
.
==== Installed Programs ======================
.
2007 Microsoft Office system
ABBYY FineReader 6.0 Sprint
Acer Assist
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AppCore
Apple Software Update
ATI Catalyst Install Manager
avast! Free Antivirus
Brother MFL-Pro Suite MFC-495CW
Business Contact Manager for Outlook 2007 SP2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
ccCommon
CCleaner
Coupon Printer for Windows
Curse Client
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
getPlus+(R) Download Manager for Corel
HDAUDIO Soft Data Fax Modem with SmartCP
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Launch Manager
League of Legends
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
MSRedist
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MySQL Connector/ODBC 3.51
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
O2Micro Flash Memory Card Reader Driver Installer(x86)
OGA Notifier 2.0.0048.0
Pando Media Booster
PaperPort Image Printer
PowerDVD
QuickTime
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spelling Dictionaries Support For Adobe Reader 8
Spy Sweeper
Spy Sweeper Core
SUPERAntiSpyware
SymNet
Synaptics Pointing Device Driver
TeamViewer 6
Trust to User (T2U) Admin
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977839)
Ventrilo Client
Warcraft III
Warcraft III: All Products
WinRAR archiver
World of Warcraft
.
==== End Of File ===========================

Corrine · « **Reply #9 on:** August 13, 2011, 07:34:03 PM »

Hi, Zoltarian.

This is the second set of logs that I have seen recently that did not show any "running processes" or "services/drivers". Obviously, the computer would not be running without both. When you access Task Manager are Processes and Services listed?

I see ComputerSoft in your log. Have you run its registry cleaner functions? That would explain the removal of key registry entries from your computer. If you or the program created an export of the registry prior to running, it needs to be restored. Registry cleaners do more damage than good.

You have extremely old/vulnerable versions of Java on the computer. Please go to add/remove programs and uninstall the following:

Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) 6 Update 7

Please download JavaRa and unzip it to your desktop.

Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
Click on Remove Older Versions to remove older versions of Java.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment 6u26.

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Following that, please shutdown/restart the computer and then let's see if you can run ComboFix. Please try in Normal Mode first. If that will not work, try Safe Mode.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.

Zoltarian · « **Reply #10 on:** August 14, 2011, 03:57:31 AM »

ComboFix 11-08-14.01 - Andy 08/13/2011 23:03:08.1.2 - x86
Running from: c:\users\Andy\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andy\AppData\Local\{015C9DD8-9DFA-4501-A5B9-D1689F59E86C}
c:\users\Andy\AppData\Local\{015C9DD8-9DFA-4501-A5B9-D1689F59E86C}\chrome.manifest
c:\users\Andy\AppData\Local\{015C9DD8-9DFA-4501-A5B9-D1689F59E86C}\chrome\content\_cfg.js
c:\users\Andy\AppData\Local\{015C9DD8-9DFA-4501-A5B9-D1689F59E86C}\chrome\content\overlay.xul
c:\users\Andy\AppData\Local\{015C9DD8-9DFA-4501-A5B9-D1689F59E86C}\install.rdf
c:\users\Andy\AppData\Roaming\Adobe\plugs
c:\users\Andy\Documents\~WRL1184.tmp
c:\users\Thomas\AppData\Roaming\Adobe\plugs
c:\users\Thomas\Documents\~WRL0065.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\tgctlsr.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 03:48 . 2011-08-14 03:50   --------   d-----w-   c:\users\Andy\AppData\Local\temp
2011-08-14 03:48 . 2011-08-14 03:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-08-14 03:48 . 2011-08-14 03:48   --------   d-----w-   c:\users\Thomas\AppData\Local\temp
2011-08-13 21:06 . 2011-08-13 21:05   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-08-13 14:45 . 2011-08-13 14:55   2829   ----a-w-   c:\windows\War3Unin.pif
2011-08-13 14:45 . 2011-08-13 14:55   139264   ----a-w-   c:\windows\War3Unin.exe
2011-08-12 14:30 . 2011-08-12 14:30   --------   d-----w-   c:\program files\TeamViewer
2011-08-12 02:32 . 2011-08-12 02:32   --------   d-----w-   c:\users\Andy\AppData\Roaming\Malwarebytes
2011-08-12 02:31 . 2011-07-06 23:52   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-12 02:31 . 2011-08-12 02:31   --------   d-----w-   c:\programdata\Malwarebytes
2011-08-12 02:31 . 2011-07-06 23:52   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-10 02:10 . 2006-11-02 09:51   500840   ----a-w-   c:\windows\system32\drivers\ndis.sys
2011-08-08 14:15 . 2011-08-08 14:15   --------   d-----w-   C:\found.009
2011-08-08 13:46 . 2011-07-04 11:32   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-08-08 13:46 . 2011-07-04 11:36   309848   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-08-08 13:46 . 2011-07-04 11:32   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-08-08 13:46 . 2011-07-04 11:35   43608   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-08-08 13:46 . 2011-07-04 11:36   441176   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2011-08-08 13:46 . 2011-07-04 11:32   54104   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2011-08-08 13:44 . 2011-07-04 11:43   40112   ----a-w-   c:\windows\avastSS.scr
2011-08-08 13:44 . 2011-07-04 11:43   199304   ----a-w-   c:\windows\system32\aswBoot.exe
2011-08-08 13:44 . 2011-08-08 13:44   --------   d-----w-   c:\programdata\AVAST Software
2011-08-08 13:44 . 2011-08-08 13:44   --------   d-----w-   c:\program files\AVAST Software
2011-08-05 22:54 . 2011-08-05 22:54   --------   d-----w-   c:\users\Andy\AppData\Roaming\ConsumerSoft
2011-08-05 22:54 . 2011-08-12 14:35   --------   d-----w-   c:\program files\ConsumerSoft
2011-08-03 01:03 . 2011-08-08 19:56   --------   d-----w-   c:\users\Thomas\riotsGamesLogs
2011-07-30 15:44 . 2011-07-30 16:02   --------   d-----w-   c:\program files\Lavasoft
2011-07-19 15:31 . 2011-07-19 15:39   --------   d-----w-   c:\users\Andy\AppData\Local\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 13:28 . 2011-02-06 17:31   0   ----a-w-   c:\users\Andy\AppData\Local\Akimikere.bin
.

Code: [Select]

<pre>
c:\program files\Acer Assist\launcher .exe
c:\program files\Acer Registration\ACE1 .exe
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\Brother\Brmfcmon\BrMfcWnd .exe
c:\program files\Brother\ControlCenter3\brctrcen .exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\program files\CyberLink\PowerDVD\Language\Language .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Norton Internet Security\osCheck .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\ScanSoft\PaperPort\Ereg\Ereg .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Webroot\WebrootSecurity\SpySweeperUI .exe
c:\program files\Windows Defender\MSASCui .exe
</pre>

.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-01-19 . 9BDC71790FA08F0A0B5F10462B1BD0B1 . 529464 . . [6.0.6001.18000] . . c:\windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[-] 2006-11-02 09:51 . D370AF435C7DB8E307C9DC45521EB48D . 500840 . . [------] . . c:\windows\System32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-12 1232896]
"Acer Tour Reminder"="" [N/A]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [N/A]
"Acer Tour"="" [N/A]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"eRecoveryService"="" [N/A]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [N/A]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2011-07-06 1047656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nChApKf15400"="c:\programdata\nChApKf15400\nChApKf15400.exe" [N/A]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10d.exe" [2009-10-28 257440]
.
c:\users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-9-10 535336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 05:01 71216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;D:\SASDIFSV.SYS

R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2011-02-17 1201640]
R3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 nosGetPlusHelper;getPlus(R) Installer;c:\windows\System32\svchost.exe [2006-11-02 22016]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-08-26 29808]
S1 aswSnx;aswSnx;

S1 aswSP;aswSP;

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100112.001\IDSvix86.sys [2009-11-20 286768]
S2 aswFsBlk;aswFsBlk;

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2011-07-06 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{301D842A-C7D9-4159-A152-DE9D516F19BC}: DhcpNameServer = 192.168.15.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WebrootSpySweeperService
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - d:\\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 23:50
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2816705023-1504146133-4079707121-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:04,c3,cd,67,59,f4,33,bb,62,9a,f6,50,4f,5f,b2,19,67,a2,d7,3c,79,d7,41,
78,97,c7,1f,42,f3,cb,e0,d8,a4,f0,13,5a,f9,f6,9d,55,65,81,c8,31,db,ff,8a,9d,\
"??"=hex:09,69,8f,3f,f7,e5,87,50,1b,ba,8a,01,19,c8,86,d7
.
[HKEY_USERS\S-1-5-21-2816705023-1504146133-4079707121-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:03,c6,52,86,a6,ce,d9,e0,93,6e,36,5b,e5,04,13,30,f6,d4,ea,45,0d,
a9,e5,18,fd,a6,f5,5a,01,65,c0,a3,d8,da,91,54,e6,cc,5f,a6,ee,9f,97,3f,96,3f,\
"rkeysecu"=hex:56,de,5e,82,5a,7a,d5,7f,7e,fc,bd,ba,33,e7,21,64
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-13 23:55:29
ComboFix-quarantined-files.txt 2011-08-14 03:55
.
Pre-Run: 18,721,792,000 bytes free
Post-Run: 27,068,719,104 bytes free
.
- - End Of File - - D6899BD4E611DA132C05509CED57D571

Corrine · « **Reply #11 on:** August 14, 2011, 07:10:20 PM »

Hi, Zoltarian.

In addition to P2P programs being a major source of infection, note the following regarding Limewire:

Quote from: http://www.limewire.com/

LimeWire is under a court order dated October 26, 2010 to stop distributing the LimeWire software. A copy of the injunction can be found here. LimeWire LLC, its directors and officers, are taking all steps to comply with the injunction. We have very recently become aware of unauthorized applications on the internet purporting to use the LimeWire name. We demand that all persons using the LimeWire software, name, or trademark in order to upload or download copyrighted works in any manner cease and desist from doing so. We further remind you that the unauthorized uploading and downloading of copyrighted works is illegal. If you have downloaded LimeWire software in the past, files on your personal computers containing private or sensitive information may have been inadvertently shared and you should use your best efforts to remove the software from your computers.

Please go to Add/Remove programs and uninstall LimeWire.

I am still seeing both Avast and Norton in the log. Which antivirus are you using?

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:

Code: [Select]

File::
c:\users\Andy\AppData\Local\Akimikere.bin

Folder::
C:\found.009
c:\program files\LimeWire

Save this as CFScript.txt and place it on your desktop.
Close any open browsers.
Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

Zoltarian · « **Reply #12 on:** August 14, 2011, 07:37:45 PM »

Hellow i am using avast and thaught i had deleted norton but i guess not about limewire i dont see it in controll pannel unistall/change program but when i type lime in search and go to search all i find music files and if i try to delete 1 it says it is not found should i continue with the other steps?

Corrine · « **Reply #13 on:** August 14, 2011, 07:43:02 PM »

Thanks for that additional information, Zoltarian.

First, go to http://www.appremover.com/ and run the removal tool. That should get rid of the leftover Norton bits.

I've updated the ComboFix script to include the Limewire folder. If you already copied the script, please note the change.

Zoltarian · « **Reply #14 on:** August 14, 2011, 09:03:22 PM »

Hellow again on the ESET online scan after checking everything at 0% it said "Can not get update is proxy configured?" what should i do about this?

LandzDown Forum

News:

Author Topic: mega virus problems (Read 2074 times)

Zoltarian

mega virus problems

GR@PH;<'S

Re: mega virus problems

Zoltarian

Re: mega virus problems

Corrine

Re: mega virus problems

Zoltarian

Re: mega virus problems

Zoltarian

Re: mega virus problems

Zoltarian

Re: mega virus problems

Corrine

Re: mega virus problems

Zoltarian

Re: mega virus problems

Corrine

Re: mega virus problems

Zoltarian

Re: mega virus problems

Corrine

Re: mega virus problems

Zoltarian

Re: mega virus problems

Corrine

Re: mega virus problems

Zoltarian

Re: mega virus problems