Author Topic: Virus on My Computer! (Read 1922 times)

Cara · « **on:** April 11, 2011, 04:51:47 AM »

Please help me!

I believe I have gotten some Giftload virus on my computer. A spybot scan was able to detect it but cant remove it.
I did a Malware bytes scan and it told me it has found nothing but yet my computer begins to act strangely:

My windows looks "different".. the font is weird and not what I am used to.

....I am not capable of getting online unless I am in safe mode, and I believe the virus still exists under safe mode as well. I changed the proxy settings but still I get advertisements on Explorer without even clicking a link.

.... when I try to get help, it shuts down and restarts on me continuosly.

..... I was so fed up, I attempted to just reinstall Vista, but it wont even let me boot the cd, no matter what I have tried.

I hope someone can help me!

Thanks so much.

Cara · « **Reply #1 on:** April 11, 2011, 04:54:08 AM »

When I try to run the RSIT, it says Line 3601 Autoit Error and Subscript used with non-Array variable.

I dont even knowhathat means!!!

Cara · « **Reply #2 on:** April 11, 2011, 05:09:53 AM »

It seems as if nothing I was instructed to run will work.
The Security Check is just stuck at "Preparing done" and has given me nothing else.

The root Repeal only tells me : could not Read sytem Registry, please contact the author, and SSdt dumping error.

Corrine · « **Reply #3 on:** April 11, 2011, 03:52:28 PM »

Hi, Cara. Welcome to LandzDown Forum.

We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Giftload rootkit is particularly nasty and extremely difficult to remove. Let's see if this will provide a log. Please download DDS.scr by sUBs from one of the following links and save it to your desktop.
Link 1
Link 2

Double-Click dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Cara · « **Reply #4 on:** April 11, 2011, 07:03:35 PM »

Hi Corrine.

I am unable to try it now b/c the computer keeps shutting down on its own right after I get to the desktop. Its as if the virus "knows" Im trying to get rid of it!

I will turn the computer off for a few hours and then try it again when I get home from work. I hope someone is around at that time.

Thanks in advance.

Cara · « **Reply #5 on:** April 12, 2011, 01:22:05 PM »

DS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Passoue at 9:18:04.05 on Tue 04/12/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1386 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Passoue\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DLCQCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCQtime.dll,_RunDLLEntry@16
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
dRunOnce: [<NO NAME>] OSK.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-11 243024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-11 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-11 29584]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
S1 MpKsl1cda211b;MpKsl1cda211b;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl1cda211b.sys [2011-4-10 28752]
S1 MpKsl2528189e;MpKsl2528189e;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl2528189e.sys [2011-4-11 28752]
S1 MpKsl41b71cbf;MpKsl41b71cbf;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl41b71cbf.sys [2011-4-12 28752]
S1 MpKsl8fbfed62;MpKsl8fbfed62;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl8fbfed62.sys [2011-4-10 28752]
S1 MpKsl900c654e;MpKsl900c654e;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl900c654e.sys [2011-4-11 28752]
S1 MpKsl97a9146a;MpKsl97a9146a;c:\programdata\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl97a9146a.sys [2011-4-2 28752]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-4 1153368]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-11 431432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-6 30192]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2011-2-22 11264]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
.
=============== Created Last 30 ================
.
2011-04-12 13:03:13   28752   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl41b71cbf.sys
2011-04-11 06:38:04   --------   d-----w-   c:\program files\Eraser
2011-04-11 05:44:49   --------   d-----w-   c:\program files\AMD
2011-04-11 05:42:41   --------   d-----w-   c:\windows\system32\vmm32
2011-04-11 05:37:32   28752   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl2528189e.sys
2011-04-11 05:21:42   28752   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl900c654e.sys
2011-04-11 04:52:10   --------   d-----w-   c:\program files\trend micro
2011-04-11 03:51:30   28752   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\MpKsl8fbfed62.sys
2011-04-11 00:04:52   652296   ----a-w-   c:\progra~2\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-10 23:54:04   644360   ----a-w-   c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2011-04-10 23:53:48   416128   ----a-w-   c:\progra~2\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
2011-04-07 15:09:41   439632   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\{ad3c4284-b2aa-499b-89e3-d716fcb05c37}\gapaengine.dll
2011-04-05 15:21:08   --------   d-----w-   c:\windows\4-5-2011
2011-04-04 14:14:24   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-04-04 14:14:24   --------   d-----w-   c:\progra~2\Spybot - Search & Destroy
2011-04-03 06:04:34   439632   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-04-03 01:17:41   5890896   ----a-w-   c:\progra~2\microsoft\microsoft antimalware\definition updates\{e8415841-a69d-43fb-a41e-a79bfc928bf5}\mpengine.dll
2011-03-26 03:22:04   --------   d-----w-   c:\users\passoue\appdata\local\Apple Computer
2011-03-26 03:03:16   --------   d-----w-   c:\program files\iPod
2011-03-26 03:03:14   --------   d-----w-   c:\program files\iTunes
2011-03-26 03:03:14   --------   d-----w-   c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-26 02:58:49   --------   d-----w-   c:\program files\Bonjour
2011-03-15 05:05:13   429056   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-15 05:05:13   322560   ----a-w-   c:\windows\system32\sbe.dll
2011-03-15 05:05:12   177664   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-03-15 05:05:12   153088   ----a-w-   c:\windows\system32\sbeio.dll
2011-03-15 05:05:02   2067968   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-15 05:05:01   677888   ----a-w-   c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-03-07 14:59:02   724992   ----a-w-   c:\windows\iun6002.exe
2011-02-03 02:40:23   472808   ----a-w-   c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST332062 rev.3.AD -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85577439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8557d7d0]; MOV EAX, [0x8557d84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E84912] -> \Device\Harddisk0\DR0[0x85551030]
3 CLASSPNP[0x825358B3] -> ntkrnlpa!IofCallDriver[0x81E84912] -> [0x841F9140]
5 acpi[0x824146BC] -> ntkrnlpa!IofCallDriver[0x81E84912] -> [0x841F9920]
\Driver\nvstor32[0x85553B30] -> IRP_MJ_CREATE -> 0x85577439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000006d -> \??\SCSI#Disk&Ven_ST332062&Prod_0AS#4&228bd848&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:21:25.26 ===============

Cara · « **Reply #6 on:** April 12, 2011, 01:24:57 PM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/5/2007 10:15:32 PM
System Uptime: 4/12/2011 9:14:32 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 288 GiB total, 214.914 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.027 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
AMDAway INF
Aura YouTube Downloader 1.0.6
AVG Free 9.0
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
BufferChm
CDDRV_Installer
Dell DataSafe Online
Dell Driver Download Manager
Dell Resource CD
Dell Support Center
Dell System Customization Wizard
DellSupport
Destinations
DeviceDiscovery
Digital Voice Editor 3
DocProc
Eraser 6.0.8.2273
ERUNT 1.1j
Fax
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Garmin USB Drivers
Google Desktop
Google Toolbar for Internet Explorer
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Solution Center 13.0
HPProductAssistant
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
KhalSetup
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MosbyRQ (for Windows PCs) by Skyscape
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NVIDIA Drivers
NVIDIANetworkDiagnostic
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
Product Documentation Launcher
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SetPoint
smARTupdate
SolutionCenter
Sonic Activation Module
Spybot - Search & Destroy
Status
Toolbox
TrayApp
Tutor
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
URL Assistant
User's Guides
WebReg
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
.
==== End Of File ===========================

Corrine · « **Reply #7 on:** April 12, 2011, 02:10:56 PM »

TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

[/list]

Cara · « **Reply #8 on:** April 12, 2011, 02:27:37 PM »

2011/04/12 10:15:39.0675 2272   TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 10:15:39.0738 2272   ================================================================================
2011/04/12 10:15:39.0738 2272   SystemInfo:
2011/04/12 10:15:39.0738 2272
2011/04/12 10:15:39.0738 2272   OS Version: 6.0.6002 ServicePack: 2.0
2011/04/12 10:15:39.0738 2272   Product type: Workstation
2011/04/12 10:15:39.0738 2272   ComputerName: PASSOUE-PC
2011/04/12 10:15:39.0738 2272   UserName: Passoue
2011/04/12 10:15:39.0738 2272   Windows directory: C:\Windows
2011/04/12 10:15:39.0738 2272   System windows directory: C:\Windows
2011/04/12 10:15:39.0738 2272   Processor architecture: Intel x86
2011/04/12 10:15:39.0738 2272   Number of processors: 2
2011/04/12 10:15:39.0738 2272   Page size: 0x1000
2011/04/12 10:15:39.0738 2272   Boot type: Safe boot with network
2011/04/12 10:15:39.0738 2272   ================================================================================
2011/04/12 10:15:40.0065 2272   Initialize success
2011/04/12 10:15:59.0160 0964   ================================================================================
2011/04/12 10:15:59.0160 0964   Scan started
2011/04/12 10:15:59.0160 0964   Mode: Manual;
2011/04/12 10:15:59.0160 0964   ================================================================================
2011/04/12 10:16:00.0096 0964   ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/12 10:16:00.0158 0964   adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 10:16:00.0205 0964   adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 10:16:00.0252 0964   adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 10:16:00.0299 0964   adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 10:16:00.0408 0964   AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/12 10:16:00.0470 0964   agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/04/12 10:16:00.0517 0964   aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 10:16:00.0579 0964   aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2011/04/12 10:16:00.0626 0964   amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 10:16:00.0673 0964   amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2011/04/12 10:16:00.0704 0964   AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 10:16:00.0751 0964   AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/12 10:16:00.0813 0964   arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/12 10:16:00.0876 0964   arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 10:16:00.0985 0964   AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 10:16:01.0063 0964   atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/12 10:16:01.0157 0964   AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/04/12 10:16:01.0235 0964   AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/04/12 10:16:01.0281 0964   AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2011/04/12 10:16:01.0359 0964   BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/12 10:16:01.0453 0964   Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 10:16:01.0593 0964   bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 10:16:01.0640 0964   BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 10:16:01.0718 0964   BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 10:16:01.0812 0964   Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 10:16:01.0859 0964   BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 10:16:01.0890 0964   BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 10:16:01.0921 0964   BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/12 10:16:01.0983 0964   BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/12 10:16:02.0061 0964   BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 10:16:02.0124 0964   BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/12 10:16:02.0155 0964   BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/12 10:16:02.0217 0964   BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/12 10:16:02.0311 0964   btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
2011/04/12 10:16:02.0342 0964   btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
2011/04/12 10:16:02.0389 0964   btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/12 10:16:02.0436 0964   cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 10:16:02.0514 0964   cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 10:16:02.0561 0964   circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/12 10:16:02.0607 0964   CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/12 10:16:02.0670 0964   cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 10:16:02.0701 0964   Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/12 10:16:02.0732 0964   crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 10:16:02.0763 0964   Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 10:16:02.0826 0964   DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 10:16:02.0919 0964   disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/12 10:16:02.0982 0964   Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/12 10:16:03.0060 0964   Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/12 10:16:03.0122 0964   dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/12 10:16:03.0200 0964   drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 10:16:03.0309 0964   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/12 10:16:03.0356 0964   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/04/12 10:16:03.0419 0964   DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 10:16:03.0512 0964   e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/12 10:16:03.0575 0964   E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 10:16:03.0653 0964   Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/12 10:16:03.0731 0964   elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 10:16:03.0840 0964   exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/12 10:16:03.0887 0964   fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 10:16:03.0949 0964   fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 10:16:04.0027 0964   FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 10:16:04.0105 0964   Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 10:16:04.0152 0964   flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 10:16:04.0214 0964   FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 10:16:04.0261 0964   Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 10:16:04.0339 0964   gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 10:16:04.0433 0964   HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 10:16:04.0511 0964   HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/12 10:16:04.0557 0964   HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 10:16:04.0635 0964   HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 10:16:04.0713 0964   HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 10:16:04.0807 0964   HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 10:16:04.0854 0964   i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 10:16:04.0932 0964   i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 10:16:04.0979 0964   iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 10:16:05.0057 0964   ICDUSB3 (4b9f5768f6da1fd247198d91a07328d9) C:\Windows\system32\Drivers\ICDUSB3.sys
2011/04/12 10:16:05.0119 0964   iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 10:16:05.0213 0964   IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 10:16:05.0322 0964   intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2011/04/12 10:16:05.0384 0964   intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 10:16:05.0478 0964   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 10:16:05.0556 0964   IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 10:16:05.0618 0964   IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 10:16:05.0681 0964   IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 10:16:05.0743 0964   isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 10:16:05.0821 0964   iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 10:16:05.0837 0964   iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 10:16:05.0868 0964   iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 10:16:05.0946 0964   kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 10:16:06.0055 0964   kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/12 10:16:06.0149 0964   KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 10:16:06.0227 0964   LHidFilt (597d79382c154cedb638a65012925a23) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/12 10:16:06.0289 0964   lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 10:16:06.0320 0964   LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/12 10:16:06.0367 0964   LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 10:16:06.0383 0964   LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 10:16:06.0414 0964   LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 10:16:06.0461 0964   luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 10:16:06.0492 0964   megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/12 10:16:06.0570 0964   Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 10:16:06.0648 0964   monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 10:16:06.0710 0964   mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 10:16:06.0773 0964   mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 10:16:06.0819 0964   MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 10:16:06.0897 0964   MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/12 10:16:06.0960 0964   mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/12 10:16:07.0085 0964   MpKsl1cda211b (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl1cda211b.sys
2011/04/12 10:16:07.0085 0964   Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl1cda211b.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
2011/04/12 10:16:07.0085 0964   MpKsl1cda211b - detected Forged file (1)
2011/04/12 10:16:07.0147 0964   MpKsl2528189e (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl2528189e.sys
2011/04/12 10:16:07.0225 0964   MpKsl41b71cbf (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl41b71cbf.sys
2011/04/12 10:16:07.0443 0964   MpKsl8fbfed62 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl8fbfed62.sys
2011/04/12 10:16:07.0475 0964   MpKsl900c654e (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl900c654e.sys
2011/04/12 10:16:07.0521 0964   MpKsl97a9146a (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl97a9146a.sys
2011/04/12 10:16:07.0521 0964   Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl97a9146a.sys. Real md5: 5f53edfead46fa7adb78eee9ecce8fdf, Fake md5: 7702b27661f74715060586b65246b849
2011/04/12 10:16:07.0521 0964   MpKsl97a9146a - detected Forged file (1)
2011/04/12 10:16:07.0755 0964   MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/12 10:16:07.0833 0964   mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 10:16:07.0880 0964   Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 10:16:07.0958 0964   MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 10:16:08.0036 0964   mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 10:16:08.0067 0964   mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 10:16:08.0099 0964   mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 10:16:08.0145 0964   msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2011/04/12 10:16:08.0192 0964   msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 10:16:08.0270 0964   Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 10:16:08.0348 0964   msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 10:16:08.0442 0964   MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 10:16:08.0520 0964   MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 10:16:08.0567 0964   MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 10:16:08.0645 0964   MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 10:16:08.0723 0964   mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 10:16:08.0832 0964   MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 10:16:08.0894 0964   Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 10:16:08.0988 0964   NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 10:16:09.0050 0964   NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/12 10:16:09.0128 0964   NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 10:16:09.0206 0964   Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 10:16:09.0269 0964   NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 10:16:09.0347 0964   NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 10:16:09.0425 0964   NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 10:16:09.0503 0964   netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 10:16:09.0612 0964   nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 10:16:09.0674 0964   NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/12 10:16:09.0737 0964   Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 10:16:09.0815 0964   nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 10:16:09.0877 0964   Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 10:16:09.0939 0964   ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 10:16:09.0971 0964   Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 10:16:10.0064 0964   NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/12 10:16:10.0329 0964   nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 10:16:10.0532 0964   nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 10:16:10.0595 0964   nvrd32 (dcdecb11b5a8ad813fee68fd98c60e0a) C:\Windows\system32\drivers\nvrd32.sys
2011/04/12 10:16:10.0657 0964   nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/12 10:16:10.0704 0964   nvstor32 (215816305e18c3305ed3407fc375b3fd) C:\Windows\system32\drivers\nvstor32.sys
2011/04/12 10:16:10.0751 0964   nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 10:16:10.0891 0964   ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/12 10:16:10.0953 0964   Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/12 10:16:11.0000 0964   partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 10:16:11.0109 0964   Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/12 10:16:11.0172 0964   pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/12 10:16:11.0234 0964   pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/12 10:16:11.0281 0964   pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 10:16:11.0359 0964   PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 10:16:11.0484 0964   PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 10:16:11.0546 0964   Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/12 10:16:11.0640 0964   PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 10:16:11.0687 0964   PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/12 10:16:11.0749 0964   ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 10:16:11.0811 0964   ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 10:16:11.0889 0964   QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 10:16:12.0014 0964   R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/12 10:16:12.0108 0964   RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 10:16:12.0155 0964   Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 10:16:12.0233 0964   RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 10:16:12.0279 0964   RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 10:16:12.0342 0964   rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 10:16:12.0404 0964   RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 10:16:12.0467 0964   rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 10:16:12.0498 0964   RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 10:16:12.0576 0964   RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 10:16:12.0669 0964   RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/12 10:16:12.0732 0964   RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/04/12 10:16:12.0857 0964   RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/12 10:16:12.0950 0964   ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/12 10:16:13.0122 0964   rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 10:16:13.0184 0964   sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 10:16:13.0262 0964   secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 10:16:13.0309 0964   Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/12 10:16:13.0356 0964   Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/12 10:16:13.0403 0964   sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 10:16:13.0481 0964   sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 10:16:13.0527 0964   sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 10:16:13.0574 0964   sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 10:16:13.0621 0964   sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 10:16:13.0699 0964   sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 10:16:13.0730 0964   SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 10:16:13.0777 0964   SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 10:16:13.0824 0964   Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 10:16:13.0886 0964   spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 10:16:13.0949 0964   srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 10:16:13.0980 0964   srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 10:16:14.0011 0964   srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 10:16:14.0089 0964   swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 10:16:14.0151 0964   Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 10:16:14.0183 0964   Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 10:16:14.0214 0964   Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 10:16:14.0292 0964   Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 10:16:14.0370 0964   Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 10:16:14.0385 0964   tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 10:16:14.0448 0964   TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 10:16:14.0495 0964   TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 10:16:14.0541 0964   tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 10:16:14.0588 0964   TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 10:16:14.0682 0964   tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 10:16:14.0744 0964   tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 10:16:14.0775 0964   tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 10:16:14.0931 0964   uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 10:16:15.0009 0964   udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 10:16:15.0119 0964   uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 10:16:15.0165 0964   uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 10:16:15.0181 0964   UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 10:16:15.0212 0964   ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 10:16:15.0306 0964   umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 10:16:15.0415 0964   usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 10:16:15.0446 0964   usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 10:16:15.0509 0964   usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 10:16:15.0555 0964   usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 10:16:15.0618 0964   usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/12 10:16:15.0680 0964   usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 10:16:15.0727 0964   usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 10:16:15.0774 0964   USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 10:16:15.0836 0964   usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 10:16:15.0883 0964   vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 10:16:15.0930 0964   VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 10:16:15.0977 0964   viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 10:16:15.0992 0964   ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/12 10:16:16.0055 0964   viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 10:16:16.0148 0964   volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 10:16:16.0211 0964   volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 10:16:16.0289 0964   volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 10:16:16.0351 0964   vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 10:16:16.0398 0964   WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 10:16:16.0445 0964   Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 10:16:16.0460 0964   Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 10:16:16.0523 0964   Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/12 10:16:16.0616 0964   Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 10:16:16.0741 0964   WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/12 10:16:16.0835 0964   WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/12 10:16:16.0913 0964   ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 10:16:16.0991 0964   WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 10:16:17.0053 0964   \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/12 10:16:17.0053 0964   ================================================================================
2011/04/12 10:16:17.0053 0964   Scan finished
2011/04/12 10:16:17.0053 0964   ================================================================================
2011/04/12 10:16:17.0069 2616   Detected object count: 3
2011/04/12 10:18:55.0908 2616   Forged file(MpKsl1cda211b) - User select action: Skip
2011/04/12 10:18:55.0908 2616   Forged file(MpKsl97a9146a) - User select action: Skip
2011/04/12 10:18:56.0017 2616   \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 10:18:56.0017 2616   \HardDisk0 - ok
2011/04/12 10:18:56.0017 2616   Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/12 10:19:00.0557 2520   Deinitialize success

Corrine · « **Reply #9 on:** April 12, 2011, 04:19:00 PM »

Hi, Cara.

I hope you restarted the computer. If you didn't, please do so immediately. Not sure why you selected "skip" for the forged file.

In order to perform this next step, you must uninstall AVG from your computer.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: .

Now, please run ComboFix:

Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click "Yes" to continue scanning for malware.
When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Cara · « **Reply #10 on:** April 12, 2011, 04:38:34 PM »

I cant seem to uninstall AVG software it gives me error : @FinalDlg_InstFailTitle.
The AVg I have is outdated and I hvnt ran it a monthsss, but now I cant even remove it from the computer using Uninstall.

And yes I restarted my computer after I did the last step.

I ddnt realise I had to press Cure for all of them....

should I go back and redo it??

Corrine · « **Reply #11 on:** April 12, 2011, 04:49:05 PM »

Hi, Cara.

Let's see what ComboFix can do after removing AVG. Please use AppRemover to uninstall AVG: http://www.appremover.com/

Cara · « **Reply #12 on:** April 12, 2011, 04:57:25 PM »

Thank you Corrine!

The Combofix is running now on the Infected Computer.

Lets see...

Corrine · « **Reply #13 on:** April 12, 2011, 05:02:23 PM »

Excellent!

Cara · « **Reply #14 on:** April 12, 2011, 05:19:56 PM »

ComboFix 11-04-11.04 - Passoue 04/12/2011 13:00:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1132 [GMT -4:00]
Running from: c:\users\Passoue\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Passoue\AppData\Local\{A03BA7B7-6842-48B4-A94D-F64A9BF2AFCC}
c:\users\Passoue\AppData\Local\{A03BA7B7-6842-48B4-A94D-F64A9BF2AFCC}\chrome.manifest
c:\users\Passoue\AppData\Local\{A03BA7B7-6842-48B4-A94D-F64A9BF2AFCC}\chrome\content\_cfg.js
c:\users\Passoue\AppData\Local\{A03BA7B7-6842-48B4-A94D-F64A9BF2AFCC}\chrome\content\overlay.xul
c:\users\Passoue\AppData\Local\{A03BA7B7-6842-48B4-A94D-F64A9BF2AFCC}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:11 . 2011-04-12 17:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-12 17:11 . 2011-04-12 17:11   --------   d-----w-   c:\users\Pouche\AppData\Local\temp
2011-04-12 17:11 . 2011-04-12 17:11   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2011-04-11 06:38 . 2011-04-11 06:38   --------   d-----w-   c:\program files\Eraser
2011-04-11 05:44 . 2011-04-11 05:44   --------   d-----w-   c:\program files\AMD
2011-04-11 05:42 . 2011-04-11 05:42   --------   d-----w-   c:\windows\system32\vmm32
2011-04-11 04:52 . 2011-04-11 05:01   --------   d-----w-   c:\program files\trend micro
2011-04-11 04:52 . 2011-04-11 04:52   --------   d-----w-   C:\rsit
2011-04-11 04:12 . 2011-04-11 04:13   --------   d-----w-   c:\users\oooooo
2011-04-11 04:04 . 2011-04-11 04:07   --------   d-----w-   c:\users\uuuu
2011-04-11 00:04 . 2011-04-11 00:04   652296   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-10 23:54 . 2011-04-10 23:54   644360   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-10 23:53 . 2011-04-10 23:53   416128   ----a-w-   c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-04-05 15:21 . 2011-04-05 15:21   --------   d-----w-   c:\windows\4-5-2011
2011-04-05 15:20 . 2011-04-05 15:20   --------   d-----w-   c:\program files\ERUNT
2011-04-04 14:14 . 2011-04-10 23:53   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-04-04 14:14 . 2011-04-04 14:14   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2011-04-03 03:15 . 2011-04-03 03:24   --------   d-----w-   c:\users\VIRUS
2011-04-02 22:49 . 2011-04-02 22:49   --------   d-----w-   c:\users\Pouche\AppData\Roaming\Malwarebytes
2011-03-26 03:22 . 2011-03-26 03:22   --------   d-----w-   c:\users\Passoue\AppData\Local\Apple Computer
2011-03-26 03:15 . 2011-03-26 03:25   --------   d-----w-   c:\users\Passoue\AppData\Roaming\Apple Computer
2011-03-26 03:05 . 2011-03-26 03:06   --------   d-----w-   c:\users\Pouche\AppData\Roaming\Apple Computer
2011-03-26 03:05 . 2011-03-26 03:05   --------   d-----w-   c:\users\Pouche\AppData\Local\Apple Computer
2011-03-26 03:03 . 2011-03-26 03:03   --------   d-----w-   c:\program files\iPod
2011-03-26 03:03 . 2011-03-26 03:04   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-26 03:03 . 2011-03-26 03:04   --------   d-----w-   c:\program files\iTunes
2011-03-26 03:01 . 2011-03-26 03:03   --------   d-----w-   c:\programdata\Apple Computer
2011-03-26 03:01 . 2011-03-26 03:01   --------   d-----w-   c:\users\Pouche\AppData\Local\Apple
2011-03-26 03:01 . 2011-03-26 03:01   --------   d-----w-   c:\program files\Apple Software Update
2011-03-26 02:58 . 2011-03-26 04:11   --------   d-----w-   c:\program files\Bonjour
2011-03-26 02:58 . 2011-03-26 03:07   --------   d-----w-   c:\programdata\Apple
2011-03-26 02:58 . 2011-03-26 03:03   --------   d-----w-   c:\program files\Common Files\Apple
2011-03-15 05:05 . 2010-12-29 18:28   322560   ----a-w-   c:\windows\system32\sbe.dll
2011-03-15 05:05 . 2010-12-29 18:28   429056   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-15 05:05 . 2010-12-29 18:28   153088   ----a-w-   c:\windows\system32\sbeio.dll
2011-03-15 05:05 . 2010-12-29 18:26   177664   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-03-15 05:05 . 2010-12-17 15:45   2067968   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-15 05:05 . 2010-12-17 13:54   677888   ----a-w-   c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 14:59 . 2011-03-07 14:59   724992   ----a-w-   c:\windows\iun6002.exe
2011-02-10 07:25 . 2011-02-08 17:15   0   ----a-w-   c:\users\Passoue\AppData\Local\Hvuzu.bin
2011-02-03 02:40 . 2010-06-23 00:13   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 05:55 . 2011-01-21 05:55   53248   ----a-r-   c:\users\Passoue\AppData\Roaming\Microsoft\Installer\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-15 4390912]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-22 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DLCQCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-10-16 106496]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Pouche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2007-9-5 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl1cda211b;MpKsl1cda211b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl1cda211b.sys

R1 MpKsl2c35e152;MpKsl2c35e152;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71110B35-5F16-411E-B7AA-8A218A42A73B}\MpKsl2c35e152.sys

R1 MpKsl47375ab8;MpKsl47375ab8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCBA984A-40A2-4F22-A6A4-D9B88CD3885E}\MpKsl47375ab8.sys

R1 MpKsl4b9d4252;MpKsl4b9d4252;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFF7D1BB-BC05-4D24-B1DD-E991389B4D4D}\MpKsl4b9d4252.sys

R1 MpKsl7f8ef54a;MpKsl7f8ef54a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFF7D1BB-BC05-4D24-B1DD-E991389B4D4D}\MpKsl7f8ef54a.sys

R1 MpKsl880bf3a6;MpKsl880bf3a6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F64305BF-08AB-4DE3-9D0B-9731C0FA62EB}\MpKsl880bf3a6.sys

R1 MpKsl8a07eb09;MpKsl8a07eb09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{611F3B23-28C9-4C60-972D-A1FA0D74CFD5}\MpKsl8a07eb09.sys

R1 MpKsl97a9146a;MpKsl97a9146a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl97a9146a.sys

R1 MpKsla251679e;MpKsla251679e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FBFA3A6-C50E-4A4C-9B54-5863096728C5}\MpKsla251679e.sys

R1 MpKslae6e7016;MpKslae6e7016;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0398A1D2-618B-46C2-BC61-79305127536C}\MpKslae6e7016.sys

R1 MpKslb129cb65;MpKslb129cb65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFFB05A4-346B-4E4C-BA9E-29F4D8AA69EA}\MpKslb129cb65.sys

R1 MpKslbec9832a;MpKslbec9832a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65079D8B-8D55-4B9B-8FD2-D3CBB0C5EFBE}\MpKslbec9832a.sys

R1 MpKsldfcbbb6c;MpKsldfcbbb6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{407C721E-FD43-43E6-843D-DB62CA095D1A}\MpKsldfcbbb6c.sys

R1 MpKsle9fd661a;MpKsle9fd661a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4297BAE-EF1F-4384-9AA9-FAB90B8EBDCC}\MpKsle9fd661a.sys

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-22 30192]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [2008-08-18 11264]
S1 MpKsl2528189e;MpKsl2528189e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl2528189e.sys

S1 MpKsl41b71cbf;MpKsl41b71cbf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl41b71cbf.sys

S1 MpKsl8fbfed62;MpKsl8fbfed62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl8fbfed62.sys

S1 MpKsl900c654e;MpKsl900c654e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8415841-A69D-43FB-A41E-A79BFC928BF5}\MpKsl900c654e.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ     BthServ
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 13:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCQCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-12 13:14:54
ComboFix-quarantined-files.txt 2011-04-12 17:14
.
Pre-Run: 228,363,984,896 bytes free
Post-Run: 229,487,517,696 bytes free
.
- - End Of File - - B927B483211ED6825B75EF63B5D58E3B

LandzDown Forum

News:

Author Topic: Virus on My Computer! (Read 1922 times)

Cara

Virus on My Computer!

Cara

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Corrine

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Corrine

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Corrine

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Corrine

Re: Virus on My Computer!

Cara

Re: Virus on My Computer!

Corrine

Re: Virus on My Computer!

Cara

Combofix Log