Solved PC Performance Analysis and Stability Malware / registry repairs?

Status
Not open for further replies.
L

LaptopWrecked

Posts: 39   +0
Hi.

I have been infected by this malware. Had to create a new user account to access my programs. Most desktop icons gone. Program list missing. Documents missing access to them, but still there if I go to the new adminstrator account.

Have begun 7 steps of fixing to create damage logs from the other help thread.

Ran RKILL and MBAM.EXE to clean malware from running, but system still damaged.

GMER log below:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-10 03:24:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721060G9AT00 rev.MC3OA40M
Running: 0mnpk6mt.exe; Driver: C:\DOCUME~1\FIXASU~1.000\LOCALS~1\Temp\kxtdykoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79BD4D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79BD520]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!SetScrollInfo 7E419056 5 Bytes JMP 00688BF0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!GetScrollInfo 7E42DFE2 5 Bytes JMP 00688B40 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00688CC0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 00688B80 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00688C30 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 00688BB0 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 00688C70 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)
.text C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe[552] USER32.dll!EnableScrollBar 7E468005 5 Bytes JMP 00688B00 C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (VZAccess Manager/Smith Micro Software, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp TFilter.sys (TFilter Kernel Module/Avanquest North America, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{9F9FDD4A-11DE-0279-B037-7668911670D9}\InprocServer32@ C:\WINDOWS\system32\ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{9F9FDD4A-11DE-0279-B037-7668911670D9}\InprocServer32@ThreadingModel Both

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\XXXXXXXXXX\Application Data\Macromedia\Flash Player\#SharedObjects\HN5V2ALN\www.acousticguitar.com.\flowplayer.commercial-3.1.5.swf 0 bytes
File C:\Documents and Settings\XXXXXXXXXX\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.acousticguitar.com.\settings.sol 93 bytes

---- EOF - GMER 1.0.15 ----



THANKS!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
3 Malwarebytes scans

I did these before coming to this forum for help. Sorry if I didn't follow directions exactly. Still only able to use computer as a newly created administrator account. My other account is messed up still. Files seem to load back even after cleaning with Malwarebytes.

SCAN 1 ********************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2011 12:45:48 PM
mbam-log-2011-06-02 (12-45-48).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 216024
Time elapsed: 47 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\xxxxxxxxxx\Local Settings\Temp\0.5043336028533728.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


SCAN 2 ************************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/8/2010 8:32:50 AM
mbam-log-2010-06-08 (08-32-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 219491
Time elapsed: 1 hour(s), 16 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.


SCAN 3 *********************************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/9/2010 2:33:22 PM
mbam-log-2010-06-09 (14-33-22).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 219645
Time elapsed: 1 hour(s), 12 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I could not get dds.scr to run to completion. Not sure exactly how to disable scripts? Offline, I turned off my firewall, Avanquest SystemSuite9 Anti-virus and active protection to run it, but it hangs and shows ###########################

Then computer completely freezees. Suggestions to run that scan?
 
That's fine for now.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2011/06/10 18:00:46.0131 0752 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 18:00:46.0146 0752 ================================================================================
2011/06/10 18:00:46.0146 0752 SystemInfo:
2011/06/10 18:00:46.0146 0752
2011/06/10 18:00:46.0146 0752 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/10 18:00:46.0146 0752 Product type: Workstation
2011/06/10 18:00:46.0146 0752 ComputerName: ASUS-P1-W3V
2011/06/10 18:00:46.0146 0752 UserName:xxxxxxxxxx
2011/06/10 18:00:46.0146 0752 Windows directory: C:\WINDOWS
2011/06/10 18:00:46.0146 0752 System windows directory: C:\WINDOWS
2011/06/10 18:00:46.0146 0752 Processor architecture: Intel x86
2011/06/10 18:00:46.0146 0752 Number of processors: 1
2011/06/10 18:00:46.0146 0752 Page size: 0x1000
2011/06/10 18:00:46.0146 0752 Boot type: Normal boot
2011/06/10 18:00:46.0146 0752 ================================================================================
2011/06/10 18:00:47.0381 0752 Initialize success
2011/06/10 18:00:50.0224 0740 ================================================================================
2011/06/10 18:00:50.0224 0740 Scan started
2011/06/10 18:00:50.0224 0740 Mode: Manual;
2011/06/10 18:00:50.0224 0740 ================================================================================
2011/06/10 18:00:51.0209 0740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/10 18:00:51.0287 0740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/10 18:00:51.0349 0740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/10 18:00:51.0537 0740 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/10 18:00:51.0615 0740 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/10 18:00:51.0677 0740 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/06/10 18:00:52.0037 0740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/10 18:00:52.0193 0740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/10 18:00:52.0443 0740 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/10 18:00:52.0896 0740 ati2mtag (56a1effde2b68b59e82905e083b9d77f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/10 18:00:53.0099 0740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/10 18:00:53.0162 0740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/10 18:00:53.0271 0740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/10 18:00:53.0474 0740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/10 18:00:53.0568 0740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/10 18:00:53.0615 0740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/10 18:00:53.0662 0740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/10 18:00:53.0740 0740 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/10 18:00:53.0974 0740 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/10 18:00:54.0146 0740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/10 18:00:54.0224 0740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/10 18:00:54.0474 0740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/10 18:00:54.0537 0740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/10 18:00:54.0615 0740 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/10 18:00:54.0834 0740 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/10 18:00:54.0927 0740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/10 18:00:54.0974 0740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/10 18:00:55.0021 0740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/10 18:00:55.0068 0740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/10 18:00:55.0256 0740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/10 18:00:55.0318 0740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/10 18:00:55.0396 0740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/10 18:00:55.0459 0740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/10 18:00:55.0662 0740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/10 18:00:55.0724 0740 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/10 18:00:55.0787 0740 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/10 18:00:55.0849 0740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/10 18:00:56.0084 0740 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/10 18:00:56.0115 0740 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/10 18:00:56.0193 0740 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/10 18:00:56.0271 0740 HSFHWAZL (88da551b653fce4fc56f9389a5c858b7) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/10 18:00:56.0537 0740 HSF_DP (0d90b6c780156723e0991752ad94d278) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/10 18:00:56.0802 0740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/10 18:00:56.0974 0740 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/10 18:00:57.0037 0740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/10 18:00:57.0381 0740 IntcAzAudAddService (1b96769762470002a9386e61beb03eb6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/10 18:00:57.0662 0740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/10 18:00:57.0709 0740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/10 18:00:57.0756 0740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/10 18:00:57.0787 0740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/10 18:00:57.0834 0740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/10 18:00:57.0896 0740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/10 18:00:58.0099 0740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/10 18:00:58.0162 0740 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/10 18:00:58.0209 0740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/10 18:00:58.0287 0740 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/10 18:00:58.0474 0740 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/06/10 18:00:58.0599 0740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/10 18:00:58.0959 0740 KFilter (2785516a3bf99541aa968515178eced0) C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys
2011/06/10 18:00:59.0162 0740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/10 18:00:59.0224 0740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/10 18:00:59.0349 0740 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/10 18:00:59.0584 0740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/10 18:00:59.0646 0740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/10 18:00:59.0709 0740 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/10 18:00:59.0865 0740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/10 18:00:59.0927 0740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/10 18:01:00.0021 0740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/10 18:01:00.0099 0740 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/10 18:01:00.0302 0740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/10 18:01:00.0349 0740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/10 18:01:00.0396 0740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/10 18:01:00.0427 0740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/10 18:01:00.0459 0740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/10 18:01:00.0521 0740 MTsensor (c3ef8fcf41b02bf8538bc448e8cf563f) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/06/10 18:01:00.0724 0740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/10 18:01:00.0771 0740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/10 18:01:00.0834 0740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/10 18:01:00.0865 0740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/10 18:01:01.0068 0740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/10 18:01:01.0131 0740 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/10 18:01:01.0177 0740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/10 18:01:01.0240 0740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
 
See...
the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt
Click to expand...
Open that file and post it back here.
Maybe, you missed a part of the log.
 
More complete?



2011/06/10 18:23:55.0881 2852 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/10 18:23:55.0896 2852 ================================================================================
2011/06/10 18:23:55.0896 2852 SystemInfo:
2011/06/10 18:23:55.0896 2852
2011/06/10 18:23:55.0896 2852 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/10 18:23:55.0896 2852 Product type: Workstation
2011/06/10 18:23:55.0896 2852 ComputerName: ASUS-P1-W3V
2011/06/10 18:23:55.0896 2852 UserName: fix
2011/06/10 18:23:55.0896 2852 Windows directory: C:\WINDOWS
2011/06/10 18:23:55.0896 2852 System windows directory: C:\WINDOWS
2011/06/10 18:23:55.0896 2852 Processor architecture: Intel x86
2011/06/10 18:23:55.0896 2852 Number of processors: 1
2011/06/10 18:23:55.0896 2852 Page size: 0x1000
2011/06/10 18:23:55.0896 2852 Boot type: Normal boot
2011/06/10 18:23:55.0896 2852 ================================================================================
2011/06/10 18:23:55.0974 2852 Initialize success
2011/06/10 18:24:03.0256 1468 ================================================================================
2011/06/10 18:24:03.0256 1468 Scan started
2011/06/10 18:24:03.0256 1468 Mode: Manual;
2011/06/10 18:24:03.0256 1468 ================================================================================
2011/06/10 18:24:03.0256 1468 ================================================================================
2011/06/10 18:24:03.0256 1468 Scan finished
2011/06/10 18:24:03.0256 1468 ================================================================================
2011/06/10 18:24:03.0271 3976 Detected object count: 0
2011/06/10 18:24:03.0271 3976 Actual detected object count: 0
2011/06/10 18:24:17.0177 2468 ================================================================================
2011/06/10 18:24:17.0177 2468 Scan started
2011/06/10 18:24:17.0177 2468 Mode: Manual;
2011/06/10 18:24:17.0177 2468 ================================================================================
2011/06/10 18:24:17.0568 2468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/10 18:24:17.0646 2468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/10 18:24:17.0709 2468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/10 18:24:17.0896 2468 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/10 18:24:17.0959 2468 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/10 18:24:18.0021 2468 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/06/10 18:24:18.0349 2468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/10 18:24:18.0474 2468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/10 18:24:18.0537 2468 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/10 18:24:18.0834 2468 ati2mtag (56a1effde2b68b59e82905e083b9d77f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/10 18:24:19.0052 2468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/10 18:24:19.0115 2468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/10 18:24:19.0162 2468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/10 18:24:19.0365 2468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/10 18:24:19.0427 2468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/10 18:24:19.0474 2468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/10 18:24:19.0662 2468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/10 18:24:19.0771 2468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/10 18:24:19.0834 2468 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/10 18:24:19.0959 2468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/10 18:24:20.0177 2468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/10 18:24:20.0287 2468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/10 18:24:20.0490 2468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/10 18:24:20.0568 2468 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/10 18:24:20.0631 2468 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/10 18:24:20.0881 2468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/10 18:24:20.0959 2468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/10 18:24:21.0006 2468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/10 18:24:21.0193 2468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/10 18:24:21.0256 2468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/10 18:24:21.0318 2468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/10 18:24:21.0474 2468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/10 18:24:21.0552 2468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/10 18:24:21.0631 2468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/10 18:24:21.0849 2468 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/10 18:24:21.0927 2468 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/10 18:24:22.0131 2468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/10 18:24:22.0193 2468 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/10 18:24:22.0271 2468 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/10 18:24:22.0334 2468 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/10 18:24:22.0521 2468 HSFHWAZL (88da551b653fce4fc56f9389a5c858b7) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/10 18:24:22.0631 2468 HSF_DP (0d90b6c780156723e0991752ad94d278) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/06/10 18:24:22.0881 2468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/10 18:24:23.0021 2468 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/10 18:24:23.0224 2468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/10 18:24:23.0396 2468 IntcAzAudAddService (1b96769762470002a9386e61beb03eb6) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/10 18:24:23.0615 2468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/10 18:24:23.0646 2468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/10 18:24:23.0677 2468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/10 18:24:23.0709 2468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/10 18:24:23.0740 2468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/10 18:24:23.0974 2468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/10 18:24:24.0021 2468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/10 18:24:24.0068 2468 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/10 18:24:24.0271 2468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/10 18:24:24.0334 2468 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/10 18:24:24.0396 2468 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/06/10 18:24:24.0443 2468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/10 18:24:24.0787 2468 KFilter (2785516a3bf99541aa968515178eced0) C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys
2011/06/10 18:24:25.0037 2468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/10 18:24:25.0099 2468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/10 18:24:25.0162 2468 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/10 18:24:25.0365 2468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/10 18:24:25.0412 2468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/10 18:24:25.0459 2468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/10 18:24:25.0490 2468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/10 18:24:25.0709 2468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/10 18:24:25.0771 2468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/10 18:24:25.0818 2468 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/10 18:24:26.0052 2468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/10 18:24:26.0084 2468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/10 18:24:26.0115 2468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/10 18:24:26.0146 2468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/10 18:24:26.0162 2468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/10 18:24:26.0224 2468 MTsensor (c3ef8fcf41b02bf8538bc448e8cf563f) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/06/10 18:24:26.0412 2468 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/10 18:24:26.0459 2468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/10 18:24:26.0506 2468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/10 18:24:26.0537 2468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/10 18:24:26.0740 2468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/10 18:24:26.0787 2468 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/10 18:24:26.0818 2468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/10 18:24:26.0881 2468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/10 18:24:27.0099 2468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/10 18:24:27.0146 2468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/10 18:24:27.0209 2468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/10 18:24:27.0412 2468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/10 18:24:27.0490 2468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/10 18:24:27.0521 2468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/10 18:24:27.0568 2468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/10 18:24:27.0771 2468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/10 18:24:27.0818 2468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/10 18:24:27.0865 2468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/10 18:24:28.0115 2468 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/10 18:24:28.0193 2468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/10 18:24:28.0256 2468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/10 18:24:28.0599 2468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/10 18:24:28.0646 2468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/10 18:24:28.0709 2468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/10 18:24:28.0756 2468 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/10 18:24:29.0052 2468 R592 (1f459f1c726790f6ca34a0fb3d50292d) C:\WINDOWS\system32\DRIVERS\R592.sys
2011/06/10 18:24:29.0115 2468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/10 18:24:29.0193 2468 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/06/10 18:24:29.0396 2468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/10 18:24:29.0459 2468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/10 18:24:29.0506 2468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/10 18:24:29.0552 2468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/10 18:24:29.0740 2468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/10 18:24:29.0818 2468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/10 18:24:29.0865 2468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/10 18:24:30.0068 2468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/10 18:24:30.0162 2468 risdpntk (66ab0104acd972c415662941176932f5) C:\WINDOWS\system32\DRIVERS\risdpntk.sys
2011/06/10 18:24:30.0224 2468 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/10 18:24:30.0427 2468 s24trans (208491a652c79871737edfe629de2c45) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/10 18:24:30.0506 2468 sbaphd (bc10b9e76a5fd132e0a4a7925004bdf7) C:\WINDOWS\system32\drivers\sbaphd.sys
2011/06/10 18:24:30.0552 2468 sbapifs (cdfe59b67752d5a8f999dfcce1717f6d) C:\WINDOWS\system32\drivers\sbapifs.sys
2011/06/10 18:24:30.0802 2468 SBRE (c201db8a39293e51fd292be663ad6176) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/06/10 18:24:30.0865 2468 sbtis (d23b2615f9af5c8a6f74634344a5a216) C:\WINDOWS\system32\drivers\sbtis.sys
2011/06/10 18:24:31.0068 2468 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/10 18:24:31.0115 2468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/10 18:24:31.0162 2468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/10 18:24:31.0396 2468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/10 18:24:31.0459 2468 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/06/10 18:24:31.0631 2468 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2011/06/10 18:24:31.0834 2468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/10 18:24:31.0896 2468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/10 18:24:31.0959 2468 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/10 18:24:32.0162 2468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/10 18:24:32.0209 2468 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/10 18:24:32.0302 2468 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys
2011/06/10 18:24:32.0490 2468 SWMX00 (2bcdcf7e2a3a707e74ad4cdcb420225a) C:\WINDOWS\system32\DRIVERS\swmx00.sys
2011/06/10 18:24:32.0537 2468 SWNC5E00 (47edcd5fdd249e5273cb90e56be97a5d) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
2011/06/10 18:24:32.0677 2468 SynTP (7987c01d1bd0c413b12b3d3ed743d7f5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/10 18:24:32.0881 2468 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/10 18:24:32.0959 2468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/10 18:24:33.0006 2468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/10 18:24:33.0209 2468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/10 18:24:33.0256 2468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/10 18:24:33.0584 2468 TFilter (d7d74c07ca80352958f36c0b164a516b) C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys
2011/06/10 18:24:33.0802 2468 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/06/10 18:24:33.0865 2468 tosporte (09505abeae3de953442417a48256684a) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/06/10 18:24:33.0896 2468 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/06/10 18:24:33.0943 2468 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/06/10 18:24:34.0131 2468 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/06/10 18:24:34.0177 2468 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/06/10 18:24:34.0209 2468 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/06/10 18:24:34.0256 2468 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/06/10 18:24:34.0287 2468 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/06/10 18:24:34.0506 2468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/10 18:24:34.0584 2468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/10 18:24:34.0631 2468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/10 18:24:34.0834 2468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/10 18:24:34.0896 2468 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/10 18:24:34.0959 2468 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/10 18:24:35.0146 2468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/10 18:24:35.0193 2468 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/10 18:24:35.0224 2468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/10 18:24:35.0287 2468 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/10 18:24:35.0490 2468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/10 18:24:35.0552 2468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/10 18:24:35.0709 2468 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/06/10 18:24:35.0912 2468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/10 18:24:35.0974 2468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/10 18:24:36.0052 2468 winachsf (448f0de9b06386a4dd605d28c0cc5feb) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/10 18:24:36.0271 2468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/10 18:24:36.0334 2468 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/10 18:24:36.0365 2468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/10 18:24:36.0459 2468 yukonwxp (a81a1f8c2a50f72fda9c686aa85bf151) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
2011/06/10 18:24:36.0506 2468 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
2011/06/10 18:24:36.0693 2468 ================================================================================
2011/06/10 18:24:36.0693 2468 Scan finished
2011/06/10 18:24:36.0693 2468 ================================================================================
2011/06/10 18:24:36.0709 2996 Detected object count: 0
2011/06/10 18:24:36.0709 2996 Actual detected object count: 0
 
Yes. Thank you :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thank you for the help. I cannot stay online right now. Hope to continue later tonight or tomorrow.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 18:38:50
-----------------------------
18:38:50.256 OS Version: Windows 5.1.2600 Service Pack 3
18:38:50.256 Number of processors: 1 586 0xD08
18:38:50.256 ComputerName: ASUS-P1-W3V UserName: fix
18:38:59.787 Initialize success
18:39:02.974 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:39:02.974 Disk 0 Vendor: HTS721060G9AT00 MC3OA40M Size: 57231MB BusType: 3
18:39:04.974 Disk 0 MBR read successfully
18:39:04.974 Disk 0 MBR scan
18:39:04.974 Disk 0 unknown MBR code
18:39:06.974 Disk 0 scanning sectors +117210240
18:39:07.068 Disk 0 scanning C:\WINDOWS\system32\drivers
18:39:19.287 Service scanning
18:39:20.396 Disk 0 trace - called modules:

18:39:20.412 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88bb8ef0]<< (THIS WAS HIGHLIGHTED IN RED LETTERS)

18:39:20.412 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a28fab8]
18:39:20.412 Scan finished successfully
18:39:42.974 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\MBR.dat"
18:39:42.974 The log file has been saved successfully to "C:\Documents and Settings\fix.ASUS-P1-W3V.000\Desktop\aswMBR.txt"
 
A bit more about the behavior of the main user account on my PC:

The desktop still loads with only 3 shortcuts: the Recycle Bin, My Documents, and IE7 (had a few dozen before). But My documents folder appears empty. And when I look under programs, it doesn't bring up anything. Still need to use the other user account to use the PC, but everything is still there and usable.

I will check back about 10 pm central U.S.

thanks for the help.
 
sorry for the delay.

Upon running combofix, the scan stalled and I could only do a power reset to get the computer to turn off. Upon restart, the malware started running on the second user logon I created to try to fix things. So I have gone back to running all the scans I did to clean up my original problem, only now with the second user account. Same stuff wrong, all programs hidden and desktop icons hidden. Makes it difficult to run scans without a lot of keystrokes.

I ran Malwarebytes and it returned 2 problems, registry keys that mbam.exe did not clean or change.

Will try to paste the report of that.

The bad registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) no action taken
HKEY_LOCAL_MACHINE\SOFTWARE/avsuite (Rogue.AntivirusSuite) no action taken

I have looked at those folders in registry editor. (HAVE NOT EDITED OR CHANGED ANYTHING) They just appear as empty folders.

Would you recommend running Combofix in safe mode?
 
Broni said:
...and the reason, you didn't fix those two issues is?
Click to expand...


I did not elect not to fix them. I just thought the malwarebytes program makes that decision. It didn't clean them, and it never asked me if it should. The program just reported that no action was taken.

Should I run it again and see if it cleans them?
 
Should it do the clean automatically, or is there something I should be doing manually?

Thanks again for the guidance. I have an errand, will not be back to post the results for a couple hours.
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 11:42:00 PM
mbam-log-2011-06-12 (23-42-00).txt

Scan type: Quick scan
Objects scanned: 212405
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back