Errors svchost on Vista

Solved
By Aldie89
Mar 27, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    I'm having some major problems with my laptop. Since a few days I've been getting an error regarding the svchost.exe. After researching a little it apparently had to do with the BITS. I then installed SP2 for Vista, which is my OS, and the problem seemed gone.

    However, its been 2 days now and I keep getting several warnings from AVG about Trojan's and other infections. (idibcos.dll + svchost.exe ID:1452 + windows\temp\toey\setup.exe)

    When I do a complete scan, it doesn't find anything though..Can someone please help me? I've added the HijackThis log to this message

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot!

    Please note: We do not use HijackThis to 'screen' for malware.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    I apologize. Here are the logs:

    =========================================================
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 6188

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18882

    28-3-2011 3:01:19
    mbam-log-2011-03-28 (03-01-19).txt

    Scantype: Snelle scan
    Objecten gescand: 156109
    Verstreken tijd: 15 minuut/minuten, 32 seconde(n)

    Geheugenprocessen geïnfecteerd: 1
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 1
    Registerwaarden geïnfecteerd: 1
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 3

    Geheugenprocessen geïnfecteerd:
    c:\Windows\Temp\toey\setup.exe (Spyware.Passwords.XGen) -> 5420 -> Unloaded process successfully.

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kkuqafiya (Trojan.Agent.U) -> Value: Kkuqafiya -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    c:\Windows\Temp\toey\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
    c:\Users\Aldie\AppData\Local\Temp\mnsawoecxr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Aldie\AppData\Local\Temp\655F.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
    =========================================================

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-03-28 03:28:36
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0040
    Running: GMER antivirusding.exe; Driver: C:\Users\Aldie\AppData\Local\Temp\kgryafow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHY2120BH_______________________0040020B#4&18a8a25f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    =========================================================
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Aldie at 3:35:59,02 on ma 28-03-2011
    Internet Explorer: 8.0.6001.18882
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1014.64 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATK Hotkey\Hcontrol.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\ATK Hotkey\ATKOSD.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\wsqmcons.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Temp File Cleaner DB Toolbar\TbHelper2.exe
    C:\Program Files\Temp File Cleaner DB Toolbar\TbHelper2.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F34A9685-7B10-4707-9259-AB47851B9D2F}
    mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F34A9685-7B10-4707-9259-AB47851B9D2F}
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
    uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\temp file cleaner db toolbar\tbhelper.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
    BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Temp File Cleaner DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Ontvang alles met FlashGet - c:\program files\flashget\jc_all.htm
    IE: &Ontvang met FlashGet - c:\program files\flashget\jc_link.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL
    IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab
    TCP: {D6F411AB-AA17-448E-83C8-56B9627202F1} = 145.18.40.50,145.18.68.50
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-13 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-13 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-13 243024]
    R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\drivers\vfilter.sys [2010-3-15 17920]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2010-3-12 252416]
    S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2010-3-15 13824]
    .
    =============== Created Last 30 ================
    .
    2011-03-28 01:09:09 -------- d-----w- c:\program files\Temp File Cleaner DB Toolbar
    2011-03-28 01:08:56 -------- d-----w- c:\program files\Temp File Cleaner
    2011-03-28 01:02:27 54016 ----a-w- c:\windows\system32\drivers\soetb.sys
    2011-03-27 23:15:55 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2011-03-27 23:15:44 -------- d-----w- c:\program files\Panda Security
    2011-03-26 19:11:04 -------- d-----w- c:\windows\system32\vi-VN
    2011-03-26 19:11:04 -------- d-----w- c:\windows\system32\eu-ES
    2011-03-26 19:11:04 -------- d-----w- c:\windows\system32\ca-ES
    2011-03-26 18:56:03 928768 ----a-w- c:\windows\system32\scavenge.dll
    2011-03-26 18:55:56 57856 ----a-w- c:\windows\system32\compcln.exe
    2011-03-26 18:50:59 958464 ----a-w- c:\program files\microsoft games\minesweeper\MineSweeper.exe
    2011-03-26 18:49:12 -------- d-----w- C:\a6c08d8a28d464788021fc4831638b
    2011-03-26 18:11:44 -------- d-----w- C:\3b18313747c795b94d352ee3
    2011-03-26 18:07:12 -------- d-----w- C:\a7be2023a43f00fb412f9971f2d7b199
    2011-03-26 17:20:07 6656 ----a-w- c:\windows\system32\sdspres.dll
    2011-03-26 17:19:57 193024 ----a-w- c:\windows\system32\recdisc.exe
    2011-03-26 17:18:41 28160 ----a-w- c:\windows\system32\sxproxy.dll
    2011-03-26 17:11:59 87552 ----a-w- c:\windows\system32\msoert2.dll
    2011-03-26 17:10:57 44032 ----a-w- c:\windows\system32\dssec.dll
    2011-03-26 17:07:01 -------- d-----w- C:\474fa51d5b571d3b2f10bf04f8178678
    2011-03-26 16:43:05 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-18 13:47:03 -------- d-----w- c:\windows\pss
    2011-03-18 01:10:36 -------- d-----w- C:\perflogs
    2011-03-15 14:18:46 -------- d--h--w- c:\progra~2\Common Files
    2011-03-04 19:49:15 -------- d-----w- c:\users\aldie\appdata\roaming\Belastingdienst
    2011-03-04 19:48:21 -------- d-----w- c:\program files\Belastingdienst
    .
    ==================== Find3M ====================
    .
    2011-03-26 18:16:00 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-03-26 18:15:45 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2010-12-29 14:04:29 12872 ----a-w- c:\windows\system32\bootdelete.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85EA7439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85ead7d0]; MOV EAX, [0x85ead84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81C8C962] -> \Device\Harddisk0\DR0[0x858063D0]
    3 CLASSPNP[0x827108B3] -> ntkrnlpa!IofCallDriver[0x81C8C962] -> [0x83D65860]
    5 acpi[0x806916BC] -> ntkrnlpa!IofCallDriver[0x81C8C962] -> [0x8470F030]
    \Driver\iaStor[0x85E8FD28] -> IRP_MJ_CREATE -> 0x85EA7439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHY2120BH_______________________0040020B#4&18a8a25f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 234441646 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 3:38:29,48 ===============
  4. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Is there anyone that can tell me what to do next?
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Peple don't usually get so impatient in one day. But now that my internet has come back up, I can once again attempt to get to everyone.

    Bootkit Remover:

    Download bootkitremover.rar and save to your desktop.
    1. Extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. (Use 7-Zip if you don't have an extraction program, )
    2. Double-click on the remover.exe file to run the program.
      NOTE: The tool should be run from a command line with Administrator privileges.
    3. Scanning should be completed quickly
    4. Paste the output in your next reply.
    [​IMG]
    =====================================
    We'll handle this first, then do some further scans.
  6. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Thanks for your help!

    Here's the result from the bootkit remover:

    [​IMG]
  7. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    My laptop is now showing bluescreens once every day. I also keep getting threat detections from AVG in svchost.exe. Apart from that it's just really troublesome when windows keeps going back to win98 style =(
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Could I have the log please from the Bootkit Remover?

    Question: Our steps call for you to run a program called TFC- Temporary File Cleaner: TFC

    As far as I know, the program deletes itself when through. But you system has multiple entries for C:\Program Files\Temp File Cleaner DB Toolbar\TbHelper2.exe Did you install this from somewhere? Where? Why would a temp file cleaner need a database?

    I note you also have the same problem posted for help here:: http://forums.techguy.org/virus-other-malware-removal/988481-windows-service-svchost-exe-error.html.
    If you are going to continue here, please inform the other site so they can close your thread. Going back and forth with directions from two forums is not what you want to do for the system.

    I can see multiple entries that need to be removed as the system is badly infected. One you need to be aware of is a malware password stealer. All your passwords should be changed immediately. Then when and if we get the system clean, they should be changed again. In the meantime, if you have any financial transactions on the internet, they should be closely monitored.

    I want you to run Combifix. In order to do that, you will need to remove AVG. The following will help you do that and also gives a choice of 2 free, good AV programs you can put on the system temporarily:

    Download AppRemover and save to the desktop]
    How to Use AppRemover to Remove a Complete Security Application
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      http://www.appremover.com/about/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
      [*] Check the AVG program you want to uninstall
      [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]

      Temporary AV:
      [url=http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914][b][color=blue]Avira-AntiVir-Personal-Free-Antivirus[/b][/color][/url]
      [URL="http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button"][B][COLOR="RoyalBlue"]Avast Free Version[/COLOR][/B][/URL]

      Your AVG is v9 and they are now up to v2011, so I'm not even sure it's current
      =============================================
      [b]Download Combofix from [url=http://www.bleepingcomputer.com/download/anti-virus/combofix]HERE[/url] or [url=http://www.forospyware.com/sUBs/ComboFix.exe]HERE[/b][/url] and save to the desktop[list]
      [*]Double click combofix.exe & follow the prompts.
      [*] ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      [b]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/b]
      [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      [*]Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [*]Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [img]http://img.photobucket.com/albums/v706/ried7/whatnext.png
    5. .Click on Yes, to continue scanning for malware
    6. .If Combofix asks you to update the program, allow
    7. .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    8. .Close any open browsers.
    9. .Double click combofix.exe[​IMG] & follow the prompts to run.
    10. When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ======================================
  9. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    I have no idea what the TFC toolbar is doing there. I believe I downloaded it from one of the links in the Preliminary Virus and Malware Removal thread at this forum. I'm currently trying to run combofix but i keep getting a blue screen saying DRIVER_IRQL_NOT_LESS_OR_EQUAL
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The TFC we run here doesn't leave toolbars or databases.

    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    aldie.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    3. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    *************************************
    Once you've gotten one of them to run, immediately run

    mcirish.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.
  11. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Unfortunately rKill won't work at all. I've tried it over a dozen times in safe mode. Disabled anti-virus. Nothing works and everytime a blue screen appears. The exehelper works fine though.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, let's run this and see if it will find enough so you can run Combofix:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Please post the log.
    • A reboot is required after disinfection.
  13. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Alright, I scanned with TDSSKiller and it found an infection on the harddrive. I selected Quarantine. Here's the log:

    \HardDisk0 - copied to quarantine
    \HardDisk0\TDLFS\cfg.ini - copied to quarantine
    \HardDisk0\TDLFS\mbr - copied to quarantine
    \HardDisk0\TDLFS\bckfg.tmp - copied to quarantine
    \HardDisk0\TDLFS\cmd.dll - copied to quarantine
    \HardDisk0\TDLFS\ldr16 - copied to quarantine
    \HardDisk0\TDLFS\ldr32 - copied to quarantine
    \HardDisk0\TDLFS\ldr64 - copied to quarantine
    \HardDisk0\TDLFS\drv64 - copied to quarantine
    \HardDisk0\TDLFS\cmd64.dll - copied to quarantine
    \HardDisk0\TDLFS\drv32 - copied to quarantine
    \HardDisk0\TDLFS\keywords - copied to quarantine
  14. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Wait, or am I just supposed to let the utility cure this infection (including a reboot)?
  15. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Nevermind, I did a cure and it rebooted. Afterwards it said that there was no infection found. So I assume the TDSSKiller did succeed in removing it. What's next?

    And do I need to delete the files that were first quarantined from the TDSSKiller_Quarantine folder?
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You still have an open thread running here: http://forums.techguy.org/virus-other-malware-removal/988481-windows-service-svchost-exe-error.html

    Please advise them you are getting help here so they can free up the malware helper.
    ======================================
    1. Please paste in the Bootkit Remover log- the one you left the screen shot for instead.
    2. Please paste the entire log from TDSKiller into your next reply. Do not break out the entries you think I need to see from logs.
    3. Please uninstall or disable the Vuze Remote Toolbar
    4. Please uninstall the temp file cleaner db toolbar
    5. Attempt the Combifix scan again. Try to rename combofix.txt to aldie.txt IF that doesn't work, try the scan in Safe Mode. Now that TDSKiller has found and removed rootkits, it should run now.
    6. Please update Java. Current version is v6u24. You have v6u0. Check here-Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
  17. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Okay, I've made sure the other thread can be closed.

    Also I have updated Java and removed the toolbars.

    Bootkit Remover log:
    .\debug.cpp(238) : Debug log started at 06.04.2011 - 16:08:42
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.0
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    .\boot_cleaner.cpp(1060) :
    .\boot_cleaner.cpp(1061) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1062) : --------------------------------------------
    .\boot_cleaner.cpp(1106) : 111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1112) :
    .\boot_cleaner.cpp(1151) : Done;

    Here's the log from the TDSSKiller:

    2011/04/06 15:07:56.0574 5944 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/06 15:07:57.0011 5944 ================================================================================
    2011/04/06 15:07:57.0011 5944 SystemInfo:
    2011/04/06 15:07:57.0011 5944
    2011/04/06 15:07:57.0011 5944 OS Version: 6.0.6002 ServicePack: 2.0
    2011/04/06 15:07:57.0011 5944 Product type: Workstation
    2011/04/06 15:07:57.0011 5944 ComputerName: PC_VAN_ALDIE
    2011/04/06 15:07:57.0011 5944 UserName: Aldie
    2011/04/06 15:07:57.0011 5944 Windows directory: C:\Windows
    2011/04/06 15:07:57.0011 5944 System windows directory: C:\Windows
    2011/04/06 15:07:57.0011 5944 Processor architecture: Intel x86
    2011/04/06 15:07:57.0011 5944 Number of processors: 2
    2011/04/06 15:07:57.0011 5944 Page size: 0x1000
    2011/04/06 15:07:57.0011 5944 Boot type: Normal boot
    2011/04/06 15:07:57.0011 5944 ================================================================================
    2011/04/06 15:07:57.0775 5944 Initialize success
    2011/04/06 15:08:07.0775 2476 ================================================================================
    2011/04/06 15:08:07.0775 2476 Scan started
    2011/04/06 15:08:07.0775 2476 Mode: Manual;
    2011/04/06 15:08:07.0775 2476 ================================================================================
    2011/04/06 15:08:09.0975 2476 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/04/06 15:08:10.0068 2476 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/06 15:08:10.0131 2476 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/04/06 15:08:10.0162 2476 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/06 15:08:10.0333 2476 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/04/06 15:08:10.0443 2476 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/04/06 15:08:10.0536 2476 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/04/06 15:08:10.0723 2476 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/04/06 15:08:10.0770 2476 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/04/06 15:08:10.0848 2476 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/04/06 15:08:10.0895 2476 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/04/06 15:08:10.0926 2476 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/04/06 15:08:10.0989 2476 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/04/06 15:08:11.0082 2476 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/04/06 15:08:11.0145 2476 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/04/06 15:08:11.0160 2476 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/04/06 15:08:11.0254 2476 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/04/06 15:08:11.0332 2476 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/04/06 15:08:11.0425 2476 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
    2011/04/06 15:08:11.0519 2476 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
    2011/04/06 15:08:11.0597 2476 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
    2011/04/06 15:08:11.0659 2476 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
    2011/04/06 15:08:11.0769 2476 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/06 15:08:11.0862 2476 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/04/06 15:08:12.0034 2476 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/04/06 15:08:12.0237 2476 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/06 15:08:12.0299 2476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/06 15:08:12.0346 2476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/06 15:08:12.0408 2476 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/04/06 15:08:12.0439 2476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/06 15:08:12.0564 2476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/06 15:08:12.0595 2476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/04/06 15:08:12.0642 2476 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/04/06 15:08:12.0705 2476 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/06 15:08:12.0767 2476 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/06 15:08:12.0845 2476 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/04/06 15:08:12.0970 2476 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/04/06 15:08:13.0063 2476 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/06 15:08:13.0126 2476 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/04/06 15:08:13.0204 2476 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/06 15:08:13.0329 2476 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/06 15:08:13.0391 2476 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/04/06 15:08:13.0485 2476 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
    2011/04/06 15:08:13.0625 2476 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
    2011/04/06 15:08:13.0734 2476 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/06 15:08:13.0843 2476 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/04/06 15:08:13.0968 2476 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
    2011/04/06 15:08:14.0077 2476 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/06 15:08:14.0171 2476 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/06 15:08:14.0280 2476 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/04/06 15:08:14.0452 2476 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/04/06 15:08:14.0514 2476 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/04/06 15:08:14.0686 2476 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/04/06 15:08:14.0748 2476 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/04/06 15:08:14.0920 2476 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/06 15:08:14.0998 2476 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/06 15:08:15.0045 2476 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/04/06 15:08:15.0076 2476 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/06 15:08:15.0154 2476 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/06 15:08:15.0294 2476 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/06 15:08:15.0357 2476 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/06 15:08:15.0435 2476 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/06 15:08:15.0513 2476 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/06 15:08:15.0637 2476 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/04/06 15:08:15.0700 2476 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/04/06 15:08:15.0825 2476 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    2011/04/06 15:08:16.0043 2476 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/06 15:08:16.0277 2476 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/04/06 15:08:17.0634 2476 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/04/06 15:08:17.0884 2476 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/06 15:08:17.0977 2476 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/04/06 15:08:18.0305 2476 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/04/06 15:08:18.0757 2476 igfx (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/04/06 15:08:19.0101 2476 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/04/06 15:08:19.0693 2476 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/04/06 15:08:20.0099 2476 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/04/06 15:08:20.0395 2476 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/06 15:08:20.0645 2476 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/06 15:08:20.0957 2476 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/06 15:08:21.0175 2476 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/06 15:08:21.0285 2476 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/04/06 15:08:21.0565 2476 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/04/06 15:08:21.0846 2476 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/06 15:08:22.0065 2476 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/06 15:08:22.0158 2476 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/04/06 15:08:22.0299 2476 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/06 15:08:22.0657 2476 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    2011/04/06 15:08:23.0032 2476 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
    2011/04/06 15:08:23.0219 2476 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
    2011/04/06 15:08:23.0531 2476 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/06 15:08:23.0843 2476 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/06 15:08:23.0999 2476 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/06 15:08:24.0186 2476 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/06 15:08:24.0327 2476 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/06 15:08:24.0451 2476 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/04/06 15:08:24.0607 2476 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/04/06 15:08:24.0779 2476 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/04/06 15:08:25.0138 2476 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/06 15:08:25.0309 2476 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/06 15:08:25.0793 2476 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    2011/04/06 15:08:26.0339 2476 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/06 15:08:26.0745 2476 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/04/06 15:08:27.0197 2476 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/06 15:08:27.0587 2476 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/06 15:08:27.0930 2476 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/06 15:08:28.0398 2476 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/06 15:08:28.0585 2476 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/06 15:08:28.0710 2476 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/06 15:08:28.0960 2476 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/04/06 15:08:29.0085 2476 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/04/06 15:08:29.0225 2476 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/04/06 15:08:29.0303 2476 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/06 15:08:29.0677 2476 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/06 15:08:30.0052 2476 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/06 15:08:30.0395 2476 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/06 15:08:30.0691 2476 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/06 15:08:30.0769 2476 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/06 15:08:30.0847 2476 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/06 15:08:30.0988 2476 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/04/06 15:08:31.0050 2476 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/04/06 15:08:31.0144 2476 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/06 15:08:31.0253 2476 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/04/06 15:08:31.0425 2476 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/06 15:08:31.0846 2476 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/06 15:08:32.0158 2476 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/06 15:08:32.0236 2476 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/06 15:08:32.0423 2476 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/06 15:08:32.0579 2476 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/06 15:08:32.0953 2476 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/04/06 15:08:33.0312 2476 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/04/06 15:08:33.0484 2476 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/06 15:08:33.0749 2476 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/06 15:08:33.0936 2476 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/04/06 15:08:34.0139 2476 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/04/06 15:08:34.0186 2476 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/04/06 15:08:34.0311 2476 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/04/06 15:08:34.0545 2476 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/06 15:08:34.0966 2476 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/04/06 15:08:35.0091 2476 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/04/06 15:08:35.0371 2476 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/04/06 15:08:35.0418 2476 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/04/06 15:08:35.0512 2476 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/04/06 15:08:35.0637 2476 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/04/06 15:08:35.0777 2476 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/06 15:08:36.0105 2476 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/04/06 15:08:36.0292 2476 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/06 15:08:36.0510 2476 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/04/06 15:08:36.0900 2476 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/06 15:08:37.0306 2476 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/04/06 15:08:37.0852 2476 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/06 15:08:38.0179 2476 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/06 15:08:38.0429 2476 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/06 15:08:38.0538 2476 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/06 15:08:38.0725 2476 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/06 15:08:38.0803 2476 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/06 15:08:38.0913 2476 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/06 15:08:39.0162 2476 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/06 15:08:39.0349 2476 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/06 15:08:39.0521 2476 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/06 15:08:39.0630 2476 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/06 15:08:39.0724 2476 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/04/06 15:08:39.0755 2476 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/04/06 15:08:39.0895 2476 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/04/06 15:08:40.0005 2476 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/06 15:08:40.0083 2476 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    2011/04/06 15:08:40.0145 2476 RTL8187B (67e7822975985016fdce01635fbdbbf9) C:\Windows\system32\DRIVERS\RTL8187B.sys
    2011/04/06 15:08:40.0317 2476 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/06 15:08:40.0504 2476 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/04/06 15:08:40.0582 2476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/06 15:08:40.0722 2476 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/04/06 15:08:40.0769 2476 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/04/06 15:08:40.0925 2476 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/04/06 15:08:41.0097 2476 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/06 15:08:41.0128 2476 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/06 15:08:41.0159 2476 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/06 15:08:41.0190 2476 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/04/06 15:08:41.0268 2476 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/04/06 15:08:41.0315 2476 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/06 15:08:41.0362 2476 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/06 15:08:41.0440 2476 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/06 15:08:41.0565 2476 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/04/06 15:08:41.0658 2476 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/06 15:08:41.0845 2476 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/06 15:08:41.0986 2476 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/06 15:08:42.0095 2476 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/06 15:08:42.0204 2476 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/06 15:08:42.0360 2476 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/06 15:08:42.0438 2476 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/06 15:08:42.0532 2476 SynTP (baa29028e7db52837198465c5c53a2f0) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/06 15:08:42.0735 2476 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
    2011/04/06 15:08:42.0984 2476 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/06 15:08:43.0109 2476 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/06 15:08:43.0374 2476 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/04/06 15:08:43.0499 2476 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/06 15:08:43.0624 2476 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/06 15:08:43.0733 2476 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/06 15:08:43.0827 2476 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/06 15:08:44.0185 2476 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2011/04/06 15:08:44.0263 2476 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/06 15:08:44.0341 2476 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/06 15:08:44.0388 2476 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/06 15:08:44.0435 2476 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/04/06 15:08:44.0809 2476 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/06 15:08:45.0012 2476 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/06 15:08:45.0090 2476 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/04/06 15:08:45.0137 2476 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/04/06 15:08:45.0231 2476 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/06 15:08:45.0309 2476 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/06 15:08:45.0371 2476 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
    2011/04/06 15:08:45.0418 2476 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/04/06 15:08:45.0589 2476 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/06 15:08:45.0636 2476 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/06 15:08:45.0683 2476 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/04/06 15:08:45.0714 2476 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/04/06 15:08:45.0761 2476 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/06 15:08:45.0823 2476 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/06 15:08:45.0979 2476 vflt (cfc13848193cc11717aac8d457032d02) C:\Windows\system32\DRIVERS\vfilter.sys
    2011/04/06 15:08:46.0011 2476 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/06 15:08:46.0057 2476 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/04/06 15:08:46.0104 2476 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/04/06 15:08:46.0151 2476 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/04/06 15:08:46.0182 2476 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/04/06 15:08:46.0276 2476 vnet (eb47e758aa487814fc720a7ffc094a50) C:\Windows\system32\DRIVERS\virtualnet.sys
    2011/04/06 15:08:46.0401 2476 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/04/06 15:08:46.0463 2476 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/06 15:08:46.0541 2476 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/04/06 15:08:46.0603 2476 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/06 15:08:46.0681 2476 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/04/06 15:08:46.0728 2476 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/06 15:08:46.0744 2476 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/06 15:08:46.0884 2476 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/04/06 15:08:46.0947 2476 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/06 15:08:47.0087 2476 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/06 15:08:47.0196 2476 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/06 15:08:47.0290 2476 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/06 15:08:47.0383 2476 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/06 15:08:47.0399 2476 ================================================================================
    2011/04/06 15:08:47.0399 2476 Scan finished
    2011/04/06 15:08:47.0399 2476 ================================================================================
    2011/04/06 15:08:47.0415 4184 Detected object count: 1
    2011/04/06 15:10:17.0551 4184 \HardDisk0 - copied to quarantine
    2011/04/06 15:10:17.0598 4184 \HardDisk0\TDLFS\cfg.ini - copied to quarantine
    2011/04/06 15:10:17.0614 4184 \HardDisk0\TDLFS\mbr - copied to quarantine
    2011/04/06 15:10:17.0614 4184 \HardDisk0\TDLFS\bckfg.tmp - copied to quarantine
    2011/04/06 15:10:17.0629 4184 \HardDisk0\TDLFS\cmd.dll - copied to quarantine
    2011/04/06 15:10:17.0629 4184 \HardDisk0\TDLFS\ldr16 - copied to quarantine
    2011/04/06 15:10:17.0629 4184 \HardDisk0\TDLFS\ldr32 - copied to quarantine
    2011/04/06 15:10:17.0645 4184 \HardDisk0\TDLFS\ldr64 - copied to quarantine
    2011/04/06 15:10:17.0661 4184 \HardDisk0\TDLFS\drv64 - copied to quarantine
    2011/04/06 15:10:17.0661 4184 \HardDisk0\TDLFS\cmd64.dll - copied to quarantine
    2011/04/06 15:10:17.0676 4184 \HardDisk0\TDLFS\drv32 - copied to quarantine
    2011/04/06 15:10:17.0692 4184 \HardDisk0\TDLFS\keywords - copied to quarantine
    2011/04/06 15:10:17.0692 4184 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Quarantine
  18. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    And then I scanned again because it still showed an infection and chose for 'cure' in stead of 'copy to quarantine'

    2011/04/06 15:12:59.0992 4812 Scan started
    2011/04/06 15:12:59.0992 4812 Mode: Manual;
    2011/04/06 15:12:59.0992 4812 ================================================================================
    2011/04/06 15:13:00.0522 4812 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/04/06 15:13:00.0600 4812 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/06 15:13:00.0631 4812 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/04/06 15:13:00.0662 4812 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/06 15:13:00.0678 4812 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/04/06 15:13:00.0772 4812 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/04/06 15:13:00.0865 4812 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/04/06 15:13:00.0990 4812 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    2011/04/06 15:13:01.0052 4812 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/04/06 15:13:01.0130 4812 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/04/06 15:13:01.0162 4812 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/04/06 15:13:01.0193 4812 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/04/06 15:13:01.0224 4812 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/04/06 15:13:01.0271 4812 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/04/06 15:13:01.0318 4812 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/04/06 15:13:01.0427 4812 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/04/06 15:13:01.0489 4812 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
    2011/04/06 15:13:01.0520 4812 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
    2011/04/06 15:13:01.0552 4812 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
    2011/04/06 15:13:01.0598 4812 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
    2011/04/06 15:13:01.0661 4812 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
    2011/04/06 15:13:01.0692 4812 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
    2011/04/06 15:13:01.0739 4812 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/06 15:13:01.0879 4812 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/04/06 15:13:01.0942 4812 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/04/06 15:13:02.0035 4812 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/06 15:13:02.0082 4812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/06 15:13:02.0129 4812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/06 15:13:02.0176 4812 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/04/06 15:13:02.0222 4812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/06 15:13:02.0347 4812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/06 15:13:02.0378 4812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/04/06 15:13:02.0410 4812 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/04/06 15:13:02.0472 4812 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/06 15:13:02.0519 4812 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/06 15:13:02.0581 4812 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/04/06 15:13:02.0659 4812 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/04/06 15:13:02.0800 4812 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/06 15:13:02.0831 4812 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/04/06 15:13:02.0893 4812 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/06 15:13:02.0940 4812 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/06 15:13:02.0987 4812 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/04/06 15:13:03.0034 4812 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
    2011/04/06 15:13:03.0190 4812 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
    2011/04/06 15:13:03.0252 4812 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/06 15:13:03.0330 4812 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/04/06 15:13:03.0377 4812 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
    2011/04/06 15:13:03.0533 4812 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/06 15:13:03.0595 4812 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/06 15:13:03.0673 4812 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/04/06 15:13:03.0720 4812 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/04/06 15:13:03.0782 4812 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/04/06 15:13:03.0876 4812 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/04/06 15:13:04.0032 4812 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/04/06 15:13:04.0063 4812 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/06 15:13:04.0126 4812 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/06 15:13:04.0172 4812 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/04/06 15:13:04.0204 4812 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/06 15:13:04.0266 4812 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/06 15:13:04.0313 4812 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/06 15:13:04.0438 4812 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/06 15:13:04.0516 4812 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/06 15:13:04.0578 4812 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/06 15:13:04.0640 4812 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/04/06 15:13:04.0687 4812 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/04/06 15:13:04.0718 4812 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    2011/04/06 15:13:04.0765 4812 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/06 15:13:04.0906 4812 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/04/06 15:13:04.0937 4812 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/04/06 15:13:04.0984 4812 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/06 15:13:05.0046 4812 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/04/06 15:13:05.0108 4812 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/04/06 15:13:05.0296 4812 igfx (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/04/06 15:13:05.0342 4812 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/04/06 15:13:05.0483 4812 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/04/06 15:13:05.0545 4812 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/04/06 15:13:05.0576 4812 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/06 15:13:05.0670 4812 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/06 15:13:05.0779 4812 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/06 15:13:05.0810 4812 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/06 15:13:05.0857 4812 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/04/06 15:13:05.0888 4812 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/04/06 15:13:05.0966 4812 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/06 15:13:06.0060 4812 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/06 15:13:06.0138 4812 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/04/06 15:13:06.0200 4812 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/06 15:13:06.0232 4812 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    2011/04/06 15:13:06.0278 4812 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys
    2011/04/06 15:13:06.0310 4812 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys
    2011/04/06 15:13:06.0403 4812 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/06 15:13:06.0528 4812 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/06 15:13:06.0622 4812 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/06 15:13:06.0653 4812 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/06 15:13:06.0668 4812 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/06 15:13:06.0746 4812 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/04/06 15:13:06.0778 4812 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/04/06 15:13:06.0902 4812 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/04/06 15:13:06.0980 4812 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/06 15:13:07.0027 4812 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/06 15:13:07.0074 4812 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    2011/04/06 15:13:07.0121 4812 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/06 15:13:07.0168 4812 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/04/06 15:13:07.0199 4812 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/06 15:13:07.0324 4812 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/06 15:13:07.0402 4812 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/06 15:13:07.0464 4812 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/06 15:13:07.0526 4812 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/06 15:13:07.0636 4812 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/06 15:13:07.0698 4812 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/04/06 15:13:07.0760 4812 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/04/06 15:13:07.0854 4812 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/04/06 15:13:07.0916 4812 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/06 15:13:08.0072 4812 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/06 15:13:08.0104 4812 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/06 15:13:08.0135 4812 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/06 15:13:08.0182 4812 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/06 15:13:08.0228 4812 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/06 15:13:08.0275 4812 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/06 15:13:08.0322 4812 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
    2011/04/06 15:13:08.0384 4812 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/04/06 15:13:08.0494 4812 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/06 15:13:08.0572 4812 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/04/06 15:13:08.0618 4812 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/06 15:13:08.0650 4812 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/06 15:13:08.0681 4812 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/06 15:13:08.0728 4812 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/06 15:13:08.0759 4812 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/06 15:13:08.0868 4812 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/06 15:13:08.0962 4812 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/04/06 15:13:09.0040 4812 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/04/06 15:13:09.0118 4812 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/06 15:13:09.0211 4812 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/06 15:13:09.0336 4812 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/04/06 15:13:09.0398 4812 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/04/06 15:13:09.0461 4812 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/04/06 15:13:09.0508 4812 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/04/06 15:13:09.0539 4812 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/06 15:13:09.0742 4812 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    2011/04/06 15:13:09.0820 4812 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/04/06 15:13:09.0882 4812 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/04/06 15:13:09.0944 4812 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/04/06 15:13:10.0038 4812 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/04/06 15:13:10.0163 4812 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/04/06 15:13:10.0194 4812 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/06 15:13:10.0256 4812 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/04/06 15:13:10.0381 4812 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/06 15:13:10.0428 4812 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/04/06 15:13:10.0490 4812 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/06 15:13:10.0568 4812 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/04/06 15:13:10.0678 4812 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/06 15:13:10.0724 4812 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/06 15:13:10.0756 4812 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/06 15:13:10.0802 4812 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/06 15:13:10.0865 4812 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/06 15:13:10.0896 4812 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/06 15:13:10.0943 4812 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/06 15:13:11.0005 4812 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/06 15:13:11.0083 4812 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/06 15:13:11.0192 4812 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/06 15:13:11.0255 4812 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/06 15:13:11.0302 4812 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    2011/04/06 15:13:11.0333 4812 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    2011/04/06 15:13:11.0364 4812 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    2011/04/06 15:13:11.0442 4812 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/06 15:13:11.0504 4812 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    2011/04/06 15:13:11.0536 4812 RTL8187B (67e7822975985016fdce01635fbdbbf9) C:\Windows\system32\DRIVERS\RTL8187B.sys
    2011/04/06 15:13:11.0645 4812 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/06 15:13:11.0707 4812 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/04/06 15:13:11.0754 4812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/06 15:13:11.0801 4812 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/04/06 15:13:11.0848 4812 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/04/06 15:13:11.0894 4812 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/04/06 15:13:11.0957 4812 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/06 15:13:12.0004 4812 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/06 15:13:12.0144 4812 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/06 15:13:12.0191 4812 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/04/06 15:13:12.0269 4812 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    2011/04/06 15:13:12.0331 4812 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/06 15:13:12.0425 4812 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/06 15:13:12.0565 4812 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/06 15:13:12.0628 4812 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/04/06 15:13:12.0721 4812 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/06 15:13:12.0815 4812 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/06 15:13:12.0893 4812 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/06 15:13:12.0986 4812 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/06 15:13:13.0064 4812 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/06 15:13:13.0142 4812 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/06 15:13:13.0220 4812 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/06 15:13:13.0314 4812 SynTP (baa29028e7db52837198465c5c53a2f0) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/06 15:13:13.0423 4812 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
    2011/04/06 15:13:13.0501 4812 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/06 15:13:13.0595 4812 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/06 15:13:13.0673 4812 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    2011/04/06 15:13:13.0751 4812 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/06 15:13:13.0813 4812 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/06 15:13:13.0876 4812 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/06 15:13:13.0954 4812 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/06 15:13:14.0094 4812 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    2011/04/06 15:13:14.0219 4812 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/06 15:13:14.0281 4812 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/06 15:13:14.0328 4812 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/06 15:13:14.0437 4812 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    2011/04/06 15:13:14.0546 4812 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/06 15:13:14.0624 4812 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/06 15:13:14.0687 4812 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/04/06 15:13:14.0796 4812 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/04/06 15:13:14.0858 4812 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/06 15:13:15.0014 4812 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/06 15:13:15.0061 4812 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
    2011/04/06 15:13:15.0186 4812 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/04/06 15:13:15.0264 4812 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/06 15:13:15.0342 4812 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/06 15:13:15.0404 4812 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/04/06 15:13:15.0467 4812 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/04/06 15:13:15.0576 4812 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/06 15:13:15.0623 4812 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/06 15:13:15.0748 4812 vflt (cfc13848193cc11717aac8d457032d02) C:\Windows\system32\DRIVERS\vfilter.sys
    2011/04/06 15:13:15.0826 4812 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/06 15:13:15.0888 4812 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/04/06 15:13:15.0982 4812 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/04/06 15:13:16.0028 4812 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/04/06 15:13:16.0106 4812 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    2011/04/06 15:13:16.0200 4812 vnet (eb47e758aa487814fc720a7ffc094a50) C:\Windows\system32\DRIVERS\virtualnet.sys
    2011/04/06 15:13:16.0262 4812 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/04/06 15:13:16.0387 4812 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/06 15:13:16.0496 4812 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/04/06 15:13:16.0606 4812 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/06 15:13:16.0684 4812 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/04/06 15:13:16.0777 4812 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/06 15:13:16.0793 4812 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/06 15:13:16.0871 4812 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/04/06 15:13:16.0964 4812 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/06 15:13:17.0167 4812 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/06 15:13:17.0308 4812 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/06 15:13:17.0401 4812 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/06 15:13:17.0479 4812 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/06 15:13:17.0495 4812 ================================================================================
    2011/04/06 15:13:17.0495 4812 Scan finished
    2011/04/06 15:13:17.0495 4812 ================================================================================
    2011/04/06 15:13:17.0510 3248 Detected object count: 1
    2011/04/06 15:13:22.0565 3248 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/06 15:13:22.0565 3248 \HardDisk0 - ok
    2011/04/06 15:13:22.0612 3248 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/06 15:19:56.0293 6068 Deinitialize success
  19. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    Finally I was able to run Combofix! Here is the result (partly in dutch):


    ComboFix 11-04-05.02 - Aldie 06-04-2011 18:25:26.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1014.278 [GMT 2:00]
    Gestart vanuit: c:\users\Aldie\Desktop\Aldie.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$xntuninstall643$
    c:\windows\$xntuninstall643$\apUninstall.exe
    c:\windows\$XNTUninstall643$\mbdwt.dll
    c:\windows\$xntuninstall643$\xgoir.dll
    c:\windows\$xntuninstall643$\zrpt.xml
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_RL
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-06 to 2011-04-06 ))))))))))))))))))))))))))))))
    .
    .
    2011-04-06 16:38 . 2011-04-06 16:43 -------- d-----w- c:\users\Aldie\AppData\Local\temp
    2011-04-06 16:38 . 2011-04-06 16:38 -------- d-----w- c:\users\Youssef\AppData\Local\temp
    2011-04-06 13:10 . 2011-04-06 13:10 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-04-04 16:39 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-04 16:39 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-04 16:39 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-04 16:39 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-04 16:39 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-04 16:39 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-04 16:38 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-04-04 16:38 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\programdata\AVAST Software
    2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\program files\AVAST Software
    2011-03-29 11:09 . 2011-03-29 11:09 -------- d-----w- c:\program files\Common Files\Java
    2011-03-29 11:08 . 2011-03-29 11:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-28 01:08 . 2011-03-28 01:09 -------- d-----w- c:\program files\Temp File Cleaner
    2011-03-27 23:15 . 2011-04-04 16:31 -------- d-----w- c:\program files\Panda Security
    2011-03-26 19:11 . 2011-03-26 19:11 -------- d-----w- c:\windows\system32\ca-ES
    2011-03-26 19:11 . 2011-03-26 19:11 -------- d-----w- c:\windows\system32\eu-ES
    2011-03-26 19:11 . 2011-03-26 19:11 -------- d-----w- c:\windows\system32\vi-VN
    2011-03-26 18:56 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
    2011-03-26 18:55 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
    2011-03-26 18:50 . 2009-04-10 22:28 52224 ----a-w- c:\windows\system32\mmci.dll
    2011-03-26 18:49 . 2011-03-26 18:49 -------- d-----w- C:\a6c08d8a28d464788021fc4831638b
    2011-03-26 18:11 . 2011-03-26 18:11 -------- d-----w- C:\3b18313747c795b94d352ee3
    2011-03-26 18:07 . 2011-03-26 18:07 -------- d-----w- C:\a7be2023a43f00fb412f9971f2d7b199
    2011-03-26 17:20 . 2008-01-18 22:36 6656 ----a-w- c:\windows\system32\sdspres.dll
    2011-03-26 17:19 . 2008-01-18 22:33 193024 ----a-w- c:\windows\system32\recdisc.exe
    2011-03-26 17:18 . 2008-01-18 22:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
    2011-03-26 17:11 . 2008-01-18 22:38 215096 ----a-w- c:\program files\Windows Defender\MsMpCom.dll
    2011-03-26 17:10 . 2008-01-18 22:34 44032 ----a-w- c:\windows\system32\dssec.dll
    2011-03-26 17:07 . 2011-03-26 17:07 -------- d-----w- C:\474fa51d5b571d3b2f10bf04f8178678
    2011-03-26 16:43 . 2011-03-26 16:43 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-18 01:10 . 2011-03-26 18:29 -------- d-----w- C:\perflogs
    2011-03-15 14:18 . 2011-03-15 14:18 -------- d--h--w- c:\programdata\Common Files
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-26 18:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-03-26 18:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-01-15 13:59 . 2011-01-15 13:59 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    2010-06-13 17:10 2734688 ----a-w- c:\program files\Veoh_Web_Player\tbVeoh.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CD90BF73-20F6-44EF-993D-BB920303BD2E}"= "c:\program files\Veoh_Web_Player\tbVeoh.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-06-27 436088]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "Skytel"="Skytel.exe" [2007-06-15 1826816]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
    2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
    2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 136176]
    R3 AJ;AJ;c:\users\Aldie\AppData\Local\Temp\AJ.exe [x]
    R3 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-02-28 49152]
    R3 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-03-14 716800]
    R3 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-02-28 536576]
    R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-03-14 13824]
    R3 YCFYBZV;YCFYBZV;c:\users\Aldie\AppData\Local\Temp\YCFYBZV.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-03-14 17920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 16:39]
    .
    2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 16:39]
    .
    .
    ------- Bijkomende Scan -------
    .
    mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F34A9685-7B10-4707-9259-AB47851B9D2F}
    IE: &Ontvang alles met FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Ontvang met FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {D6F411AB-AA17-448E-83C8-56B9627202F1} = 145.18.40.50,145.18.68.50
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    BHO-{C348BB9A-995C-404A-8185-76325B4BED9F} - c:\windows\$XNTUninstall643$\mbdwt.dll
    BHO-{F96A7C1E-38CA-4F0A-9D2D-A42C226BCDC8} - c:\windows\$XNTUninstall643$\xgoir.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-bipro - c:\windows\$XNTUninstall643$\mbdwt.dll
    AddRemove-$XNTUninstall643$ - c:\windows\$XNTUninstall643$\apUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-06 18:43
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????4p?5-???????????P?????????
    .
    scannen van verborgen bestanden ...
    .
    .
    c:\users\Aldie\AppData\Local\Temp\catchme.dll 53248 bytes executable
    C:\## aswSnx private storage
    .
    Scan succesvol afgerond
    verborgen bestanden: 2
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files\ATK Hotkey\ASLDRSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\ATK Hotkey\Hcontrol.exe
    c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\ATK Hotkey\ATKOSD.exe
    c:\windows\system32\conime.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-04-06 18:51:43 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-04-06 16:51
    .
    Pre-Run: 23.344.746.496 bytes beschikbaar
    Post-Run: 23.327.358.976 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 784E90F9F57C8C4BEF14B445A20DAEB1
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it: Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\users\Aldie\AppData\Local\Temp\AJ.exe
    c:\users\Aldie\AppData\Local\Temp\YCFYBZV.exe
    C:\Program Files\Temp File Cleaner DB Toolbar\TbHelper2.exe
    Folder::
    c:\users\Aldie\AppData\Local\temp
    c:\users\Youssef\AppData\Local\temp
    C:\TDSSKiller_Quarantine
    c:\program files\Temp File Cleaner
    c:\program files\Panda Security
    c:\program files\Temp File Cleaner DB Toolbar
    FileLook::
    c:\windows\system32\ca-ES
    c:\windows\system32\eu-ES
    c:\windows\system32\vi-VN
    DirLook::
    C:\a6c08d8a28d464788021fc4831638b
    C:\3b18313747c795b94d352ee3
    C:\a7be2023a43f00fb412f9971f2d7b199
    C:\474fa51d5b571d3b2f10bf04f8178678
    DDS::
    uStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F34A9685-7B10-4707-9259-AB47851B9D2F}
    mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F34A9685-7B10-4707-9259-AB47851B9D2F}
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\temp file cleaner db toolbar\tbhelper.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
    TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\tbVeoh.dll
    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Temp File Cleaner DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"=-
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"=- 
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CD90BF73-20F6-44EF-993D-BB920303BD2E}"=-
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    Driver::
    AJ
    YCFYBZV
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    When finished, go on to next reply.
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    When you have finished running the script in Combofix and pasting the log in the reply, go on to the following:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =================================
    Note: You have some Toolbars on the system that are usually bundled with other unrelated software. They are usually pre-checked on a download screen. It's important that you examine all download screen and removed those pre-checked processes. I have removed them using the script.
  22. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    I can't seem to upload the entire log. ---- Directory of C:\474fa51d5b571d3b2f10bf04f8178678 ---- is really huge!


    ComboFix 11-04-11.01 - Aldie 11-04-2011 21:31:57.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1014.148 [GMT 2:00]
    Gestart vanuit: c:\users\Aldie\Desktop\Aldie.exe
    gebruikte Opdracht switches :: c:\users\Aldie\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    .
    FILE ::
    "c:\program files\Temp File Cleaner DB Toolbar\TbHelper2.exe"
    "c:\users\Aldie\AppData\Local\Temp\AJ.exe"
    "c:\users\Aldie\AppData\Local\Temp\YCFYBZV.exe"
    .
    /wow section - STAGE 3
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Panda Security
    c:\program files\Temp File Cleaner
    c:\program files\Temp File Cleaner\tempCleaner.exe
    c:\program files\Temp File Cleaner\uninstall.exe
    c:\program files\veoh_web_player\tbVeoh.dll
    C:\TDSSKiller_Quarantine
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\mbr0000\object.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\mbr0000\tsk0000.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\mbr0000\tsk0000.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\object.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\object.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0000.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0000.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0001.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0001.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0002.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0002.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0003.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0003.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0004.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0004.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0005.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0005.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0006.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0006.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0007.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0007.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0008.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0008.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0009.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0009.ini
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0010.dta
    c:\tdsskiller_quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0010.ini
    c:\users\Aldie\AppData\Local\temp
    c:\users\Aldie\AppData\Local\temp\MessengerCache\1h6QBUpjoA538+2Yac4pfmtKDDI=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\4KOFz+2VrwmBWS8SEkvnQjhGAFA=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\5DE3fEiHPDFt8Zg62Qirj9A12F9I=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\6GAq7Jef0e5kWhL1V+uc1l6j9fI=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\AQIIvjtMXwtJODshv0nsQmo8axc=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\AveCC+bKJjbEsUuHp2FjECEADaGE=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\b1+32FdxxEevt9uTrLJnjhuHo2FXk=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\BhamMoxeQD6uYpA49ep8kTujsKs=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\BK1rMvkiPTf1c+NaEZzWKwjGJ8U=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\dpwpuyM2FUo2FYN1bjmgb2Fpklzzy0=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\DYYkYdvYFe4X0Ieq7tT30+TuLAs=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\EguHdc3LvcvzHFEnJxjqqoZgivY=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\eTavVigvAxeaL1rhntc5dwNs43g=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\I2F29XGsJvOwHIKioS0Duiktgkio=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\JtYPrv4fwNwloFlkecfZEN6pyLo=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\KjSBqJELlRuD7OTubUiJhdjWTH0=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\kNOgJ7FGApLwsjbdMNGnY+0JTso=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\LkjCYhf63TVeMZ9UhRkQ+75Fim4=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\ObfQ7hPyVl5GoWse7BgqyUsFIY0=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\of2gw5U3O6wzsL12FiX7OWaZOXc0=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\OlYqEg1je9eIU2F3FJwcyGVqtZM8=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\P6CA2F4mWp6Auzx7KmN+2ZQqi2F7I=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\pFSc2EbSfrZVBcBlFSr60zKxES8=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\pj4S+Q5iwY6ip2eznF6yr2fh4cI=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\rJ++F5QcQEeuGvzF7Q3CidosXRM=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\RZW585t5UbA8LqXWQVoT8nYbOYA=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\TKmR6Sx0feIFM0Vs+LtwTW9eQ5Q=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\UEdoeG8IXttVEN9mX+ORRyE2Lfw=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\wgNtN+vbtP1nq0ODkRYg082z2CQ=
    c:\users\Aldie\AppData\Local\temp\MessengerCache\XHi4NEIKNgSU8Pd2F9OlfySc4GYk=
    c:\users\Youssef\AppData\Local\temp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_AJ
    -------\Service_YCFYBZV
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2011-03-11 to 2011-04-11 ))))))))))))))))))))))))))))))
    .
    .
    2011-04-11 19:50 . 2011-04-11 19:51 -------- d-----w- c:\users\Aldie\AppData\Local\Temp
    2011-04-04 16:39 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-04 16:39 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-04 16:39 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-04 16:39 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-04 16:39 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-04 16:39 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-04 16:38 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-04-04 16:38 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\programdata\AVAST Software
    2011-04-04 16:38 . 2011-04-04 16:38 -------- d-----w- c:\program files\AVAST Software
    2011-03-29 11:09 . 2011-03-29 11:09 -------- d-----w- c:\program files\Common Files\Java
    2011-03-29 11:08 . 2011-03-29 11:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-26 19:11 . 2011-03-26 19:11 -------- d-----w- c:\windows\system32\ca-ES
    2011-03-26 19:11 . 2011-03-26 19:11 -------- d-----w- c:\windows\system32\eu-ES
    2011-03-26 19:11 . 2011-03-26 19:11 -------- d-----w- c:\windows\system32\vi-VN
    2011-03-26 18:56 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
    2011-03-26 18:55 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
    2011-03-26 18:50 . 2009-04-10 22:28 52224 ----a-w- c:\windows\system32\mmci.dll
    2011-03-26 18:49 . 2011-03-26 18:49 -------- d-----w- C:\a6c08d8a28d464788021fc4831638b
    2011-03-26 18:11 . 2011-03-26 18:11 -------- d-----w- C:\3b18313747c795b94d352ee3
    2011-03-26 18:07 . 2011-03-26 18:07 -------- d-----w- C:\a7be2023a43f00fb412f9971f2d7b199
    2011-03-26 17:20 . 2008-01-18 22:36 6656 ----a-w- c:\windows\system32\sdspres.dll
    2011-03-26 17:19 . 2008-01-18 22:33 193024 ----a-w- c:\windows\system32\recdisc.exe
    2011-03-26 17:18 . 2008-01-18 22:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
    2011-03-26 17:11 . 2008-01-18 22:38 215096 ----a-w- c:\program files\Windows Defender\MsMpCom.dll
    2011-03-26 17:10 . 2008-01-18 22:34 44032 ----a-w- c:\windows\system32\dssec.dll
    2011-03-26 17:07 . 2011-03-26 17:07 -------- d-----w- C:\474fa51d5b571d3b2f10bf04f8178678
    2011-03-26 16:43 . 2011-03-26 16:43 -------- d-----w- c:\windows\system32\EventProviders
    2011-03-18 01:10 . 2011-03-26 18:29 -------- d-----w- C:\perflogs
    2011-03-15 14:18 . 2011-03-15 14:18 -------- d--h--w- c:\programdata\Common Files
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-26 18:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
    2011-03-26 18:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
    2011-01-15 13:59 . 2011-01-15 13:59 970504 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\3b18313747c795b94d352ee3 ----
    .
    2011-03-26 18:11 . 2011-03-26 18:12 558836931 ----a-w- c:\3b18313747c795b94d352ee3\windows6.0-kb936330-X86.cab
    2011-03-26 18:11 . 2011-03-26 18:11 4328183 ----a-w- c:\3b18313747c795b94d352ee3\windows6.0-kb938371-X86.cab
    2011-03-26 18:11 . 2011-03-26 18:11 563211 ----a-w- c:\3b18313747c795b94d352ee3\windows6.0-kb935509-X86.cab
    2011-03-26 18:11 . 2011-03-26 18:11 58845 ----a-w- c:\3b18313747c795b94d352ee3\windows6.0-kb937954-X86.cab
    2011-03-26 18:11 . 2011-03-26 18:11 4225182 ----a-w- c:\3b18313747c795b94d352ee3\windows6.0-kb937287-X86.cab

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-06-27 436088]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
    "Skytel"="Skytel.exe" [2007-06-15 1826816]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
    2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
    2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
    .
    R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 136176]
    R3 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-02-28 49152]
    R3 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-03-14 716800]
    R3 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-02-28 536576]
    R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-03-14 13824]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-03-14 17920]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-06-01 252416]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 16:39]
    .
    2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-04 16:39]
    .
    .
    ------- Bijkomende Scan -------
    .
    IE: &Ontvang alles met FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Ontvang met FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: {D6F411AB-AA17-448E-83C8-56B9627202F1} = 145.18.40.50,145.18.68.50
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-Temp File Cleaner - c:\program files\Temp File Cleaner\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-11 21:51
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????4p?5-???????????P?????????
    .
    scannen van verborgen bestanden ...
    .
    .
    C:\## aswSnx private storage
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files\ATK Hotkey\ASLDRSrv.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\ATK Hotkey\Hcontrol.exe
    c:\program files\ATK Hotkey\ATKOSD.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2011-04-11 22:02:55 - machine werd herstart
    ComboFix-quarantined-files.txt 2011-04-11 20:02
    ComboFix2.txt 2011-04-06 16:51
    .
    Pre-Run: 20.815.470.592 bytes beschikbaar
    Post-Run: 20.272.414.720 bytes beschikbaar
    .
    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 748B678D5B86A2BFF3326E727F931D45
    .
  23. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    And here is the log from the Eset scan:

    C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0003.dta.vir probably a variant of Win32/Olmarik.ADZ trojan
    C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0005.dta.vir Win32/Olmarik.AFK trojan
    C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0006.dta.vir Win64/Olmarik.N trojan
    C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0007.dta.vir Win64/Olmarik.L trojan
    C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0008.dta.vir Win64/Olmarik.A trojan
    C:\Qoobox\Quarantine\C\TDSSKiller_Quarantine\06.04.2011_15.07.57\boot0000\tdlfs0000\tsk0009.dta.vir a variant of Win32/Olmarik.ARM trojan
    C:\Qoobox\Quarantine\C\Windows\$XNTUninstall643$\mbdwt.dll.vir a variant of Win32/Adware.Lifze.R application
    C:\Users\Aldie\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OEBD3KY\opa63_info[1].htm HTML/Iframe.B.Gen virus
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZB8YEWFK\lee_[1].php HTML/Iframe.B.Gen virus
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I need for you to scan some files as follows: Don't worry about those directories- this needs to be done first:
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org free on-line scan service
    • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:

      c:\windows\system32\userinit.exe

      c:\windows\explorer.exe

      c:\window\system32\svchost.exe


    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.

    We will go from here after I check the log.
  25. Aldie89

    Aldie89 Newcomer, in training Topic Starter Posts: 18

    I have performed the scan and was able to re-scan the explorer.exe and the svchost.exe file. As for the userinit.exe file, I couldn't click on the re-scan button because it wasn't highlighted. It just said it was already scanned and there were no software updates since that time. No viruses or malware had been found.


    VirSCAN.org Scanned Report :
    Scanned time : 2011/04/13 16:28:42 (CEST)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 2926592 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : d07d4c3038f3578ffce1c0237f2a1253
    SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
    Online report : http://virscan.org/report/8bf4bf1da7b62dcc19be8c02f9f565ac.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110413050556 2011-04-13 8.61 -
    AhnLab V3 2011.04.12.00 2011.04.12 2011-04-12 3.24 -
    AntiVir 8.2.4.206 7.11.6.93 2011-04-13 0.29 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.13 -
    Arcavir 2011 201103241627 2011-03-24 0.06 -
    Authentium 5.1.1 201104131024 2011-04-13 1.46 -
    AVAST! 4.7.4 110412-1 2011-04-12 0.14 -
    AVG 8.5.850 271.1.1/3571 2011-04-13 0.25 -
    BitDefender 7.90123.7111459 7.37065 2011-04-13 6.85 -
    ClamAV 0.96.5 12977 2011-04-13 0.41 -
    Comodo 4.0 8327 2011-04-13 2.19 -
    CP Secure 1.3.0.5 2011.04.07 2011-04-07 0.50 -
    Dr.Web 5.0.2.3300 2011.04.13 2011-04-13 11.71 -
    F-Prot 4.4.4.56 20110413 2011-04-13 1.46 -
    F-Secure 7.02.73807 2011.04.13.04 2011-04-13 0.16 -
    Fortinet 4.2.257 13.105 2011-04-12 4.68 -
    GData 22.66/22.32 20110413 2011-04-13 24.23 -
    ViRobot 20110413 2011.04.13 2011-04-13 0.91 -
    Ikarus T3.1.32.20.0 2011.04.13.78163 2011-04-13 5.64 -
    JiangMin 13.0.900 2011.03.30 2011-03-30 1.70 -
    Kaspersky 5.5.10 2011.04.13 2011-04-13 0.10 -
    KingSoft 2009.2.5.15 2011.4.13.14 2011-04-13 1.37 -
    McAfee 5400.1158 6314 2011-04-12 8.43 -
    Microsoft 1.6702 2011.04.12 2011-04-12 10.96 -
    NOD32 3.0.21 6035 2011-04-12 0.01 -
    Norman 6.07.08 6.07.00 2011-04-11 16.03 -
    Panda 9.05.01 2011.04.12 2011-04-12 2.66 -
    Trend Micro 9.200-1012 7.970.10 2011-04-13 0.04 -
    Quick Heal 11.00 2011.04.13 2011-04-13 1.98 -
    Rising 20.0 23.53.02.06 2011-04-13 3.00 -
    Sophos 3.18.0 4.64 2011-04-13 3.56 -
    Sunbelt 3.9.2488.2 9001 2011-04-12 4.68 -
    Symantec 1.3.0.24 20110411.003 2011-04-11 70.66 -
    nProtect 20110413.01 3353027 2011-04-13 40.17 -
    The Hacker 6.7.0.1 v00173 2011-04-12 5.72 -
    VBA32 3.12.14.3 20110412.2016 2011-04-12 9.50 -
    VirusBuster 5.2.0.28 13.6.302.1/49641312011-04-13 0.00 -



    VirSCAN.org Scanned Report :
    Scanned time : 2011/04/13 16:38:33 (CEST)
    Scanner results: Scanners did not find malware!
    File Name : svchost.exe
    File Size : 21504 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 3794b461c45882e06856f282eef025af
    SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
    Online report : http://virscan.org/report/9d1e200878953b5dbf5b835710238375.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110413050556 2011-04-13 5.24 -
    AhnLab V3 2011.04.12.00 2011.04.12 2011-04-12 5.68 -
    AntiVir 8.2.4.206 7.11.6.93 2011-04-13 0.28 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.13 -
    Arcavir 2011 201103241627 2011-03-24 0.04 -
    Authentium 5.1.1 201104131024 2011-04-13 1.50 -
    AVAST! 4.7.4 110412-1 2011-04-12 0.11 -
    AVG 8.5.850 271.1.1/3571 2011-04-13 1.15 -
    BitDefender 7.90123.7111459 7.37065 2011-04-13 8.07 -
    ClamAV 0.96.5 12977 2011-04-13 0.10 -
    Comodo 4.0 8327 2011-04-13 2.35 -
    CP Secure 1.3.0.5 2011.04.07 2011-04-07 0.04 -
    Dr.Web 5.0.2.3300 2011.04.13 2011-04-13 12.06 -
    F-Prot 4.4.4.56 20110413 2011-04-13 1.62 -
    F-Secure 7.02.73807 2011.04.13.04 2011-04-13 0.14 -
    Fortinet 4.2.257 13.105 2011-04-12 0.98 -
    GData 22.66/22.32 20110413 2011-04-13 26.04 -
    ViRobot 20110413 2011.04.13 2011-04-13 0.41 -
    Ikarus T3.1.32.20.0 2011.04.13.78163 2011-04-13 5.29 -
    JiangMin 13.0.900 2011.03.30 2011-03-30 3.02 -
    Kaspersky 5.5.10 2011.04.13 2011-04-13 0.10 -
    KingSoft 2009.2.5.15 2011.4.13.14 2011-04-13 4.25 -
    McAfee 5400.1158 6314 2011-04-12 9.36 -
    Microsoft 1.6702 2011.04.12 2011-04-12 6.09 -
    NOD32 3.0.21 6035 2011-04-12 0.01 -
    Norman 6.07.08 6.07.00 2011-04-11 30.04 -
    Panda 9.05.01 2011.04.12 2011-04-12 2.28 -
    Trend Micro 9.200-1012 7.970.10 2011-04-13 0.04 -
    Quick Heal 11.00 2011.04.13 2011-04-13 1.60 -
    Rising 20.0 23.53.02.06 2011-04-13 2.19 -
    Sophos 3.18.0 4.64 2011-04-13 3.60 -
    Sunbelt 3.9.2488.2 9001 2011-04-12 3.48 -
    Symantec 1.3.0.24 20110411.003 2011-04-11 63.03 -
    nProtect 20110413.01 3353027 2011-04-13 6.14 -
    The Hacker 6.7.0.1 v00173 2011-04-12 0.43 -
    VBA32 3.12.14.3 20110412.2016 2011-04-12 3.80 -
    VirusBuster 5.2.0.28 13.6.302.1/49641312011-04-13 0.00 -
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.