WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
rootkit.tdss
Started by
bbirali
, Jun 03 2010 12:22 PM
-
This topic is locked
45 replies to this topic
#1
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 03 June 2010 - 12:22 PM
Register to Remove
#2
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
Posted 03 June 2010 - 01:08 PM
My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.
If you have already received help elsewhere please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
Extract the file and run it.
If TDSSKiller asks you to close all programs please allow it to do so.
Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
If TDSSKiller asks to reboot your computer please allow it to do so.
Please post the content of that log TDSSKiller
NEXT:
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
NEXT:
Please make sure you include the following items in your next post:
If you have already received help elsewhere please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
- Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
- Please make sure to carefully read any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have destructive effects. - If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
- These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
- Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
- If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
- Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
- I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together
Because of this, you must reply within three days failure to reply will result in the topic being closed! - Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here.
- Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
- Download TDSSKiller and save it to your Desktop.
Extract the file and run it.
If TDSSKiller asks you to close all programs please allow it to do so.
Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
If TDSSKiller asks to reboot your computer please allow it to do so.
Please post the content of that log TDSSKiller
NEXT:
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
NEXT:
Please make sure you include the following items in your next post:
1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that is produced after running TDSSKiller.
3. The log that is produced after running the ComboFix scan.
4. An update on how your computer is currently running.
Proud Graduate of the WTT Classroom
#3
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 04 June 2010 - 08:47 AM
Thank you for the quick and elaborate replay. I didnot get a chance to do the stuff yesterday. I will do it today and give you all the results to you. Thank you once again for helping me with this virus.
#4
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
#5
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 04 June 2010 - 05:36 PM
Hello Sweet Tech
I did installed TDSS killer and ran it, here is the log i got. But the funny thing is my spyware doctor said, it still see the rootkit.tdss file 
I am goinng to send you the combofix log soon this evening.
Thanks
-Balaji
19:08:08:609 0840 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:08:08:609 0840 ================================================================================
19:08:08:609 0840 SystemInfo:
19:08:08:609 0840 OS Version: 5.1.2600 ServicePack: 3.0
19:08:08:609 0840 Product type: Workstation
19:08:08:609 0840 ComputerName: BALAJI
19:08:08:609 0840 UserName: Savitha Birali
19:08:08:609 0840 Windows directory: C:\WINDOWS
19:08:08:609 0840 Processor architecture: Intel x86
19:08:08:609 0840 Number of processors: 2
19:08:08:609 0840 Page size: 0x1000
19:08:08:609 0840 Boot type: Normal boot
19:08:08:609 0840 ================================================================================
19:08:09:046 0840 Initialize success
19:08:09:046 0840
19:08:09:046 0840 Scanning Services ...
19:08:09:156 0840 Raw services enum returned 438 services
19:08:09:171 0840 Suspicious serv PRAGMAduyabvstvx (h: 1, b: 0)
19:08:09:171 0840 Heur detect PRAGMAduyabvstvx
19:08:09:171 0840 RegNode HKLM\SYSTEM\ControlSet001\services\PRAGMAduyabvstvx infected by TDSS rootkit ... 19:08:09:171 0840 will be deleted on reboot
19:08:09:171 0840 RegNode HKLM\SYSTEM\ControlSet003\services\PRAGMAduyabvstvx infected by TDSS rootkit ... 19:08:09:171 0840 will be deleted on reboot
19:08:09:171 0840 File C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAd.sys infected by TDSS rootkit ... 19:08:09:171 0840 will be deleted on reboot
19:08:09:171 0840 File C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAc.dll infected by TDSS rootkit ... 19:08:09:187 0840 will be deleted on reboot
19:08:09:187 0840 File pragmaserf infected by TDSS rootkit ... 19:08:09:187 0840 will be deleted on reboot
19:08:09:187 0840 File pragmabbr infected by TDSS rootkit ... 19:08:09:187 0840 will be deleted on reboot
19:08:09:187 0840 Suspicious serv PRAGMAexevnpcvko (h: 1, b: 0)
19:08:09:187 0840
19:08:09:187 0840 Hidden service detected!
19:08:09:187 0840 Service name: PRAGMAexevnpcvko
19:08:09:187 0840 Image path: \systemroot\PRAGMAexevnpcvko\PRAGMAd.sys
19:08:09:187 0840 Type "delete" (without quotes) to delete it: 19:09:01:218 0840
19:09:01:218 0840 By user detect PRAGMAexevnpcvko
19:09:01:218 0840 RegNode HKLM\SYSTEM\ControlSet001\services\PRAGMAexevnpcvko infected by TDSS rootkit ... 19:09:01:218 0840 will be deleted on reboot
19:09:01:218 0840 RegNode HKLM\SYSTEM\ControlSet003\services\PRAGMAexevnpcvko infected by TDSS rootkit ... 19:09:01:218 0840 will be deleted on reboot
19:09:01:218 0840 File C:\WINDOWS\PRAGMAexevnpcvko\PRAGMAd.sys infected by TDSS rootkit ... 19:09:01:218 0840 will be deleted on reboot
19:09:01:218 0840
19:09:01:218 0840 Scanning Drivers ...
19:09:01:546 0840 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:09:01:656 0840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:09:01:718 0840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:09:01:828 0840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:09:01:890 0840 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:09:02:015 0840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:09:02:078 0840 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
19:09:02:125 0840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:09:02:125 0840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:09:02:312 0840 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:09:02:484 0840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:09:02:546 0840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:09:02:609 0840 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:09:02:656 0840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:09:02:734 0840 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:09:02:796 0840 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:09:02:812 0840 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:09:02:890 0840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:09:02:968 0840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:09:03:109 0840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:09:03:125 0840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:09:03:187 0840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:09:03:281 0840 cfwids (2703bb4f7cee9bf6726b7aafc9e688d4) C:\WINDOWS\system32\drivers\cfwids.sys
19:09:03:406 0840 CO_Mon (9dbd4a34f6f292ab4ddc3b209ec07c2f) C:\WINDOWS\system32\Drivers\CO_Mon.sys
19:09:03:453 0840 Disk (6ce11233a6300b89de2a49c9554f0630) C:\WINDOWS\system32\DRIVERS\disk.sys
19:09:03:453 0840 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: 6ce11233a6300b89de2a49c9554f0630, Fake md5: 044452051f3e02e7963599fc8f4f3e25
19:09:03:453 0840 File "C:\WINDOWS\system32\DRIVERS\disk.sys" infected by TDSS rootkit ... 19:09:06:546 0840 Backup copy found, using it..
19:09:06:562 0840 will be cured on next reboot
19:09:06:828 0840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:09:06:953 0840 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
19:09:06:984 0840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:09:07:031 0840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:09:07:078 0840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:09:07:156 0840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:09:07:296 0840 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
19:09:07:390 0840 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:09:07:421 0840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:09:07:484 0840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:09:07:546 0840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:09:07:609 0840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:09:07:703 0840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:09:07:781 0840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:09:07:859 0840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:09:07:906 0840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:09:07:937 0840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:09:08:015 0840 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
19:09:08:062 0840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:09:08:093 0840 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
19:09:08:125 0840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:09:08:250 0840 HSFHWAZL (dfadd76b2efdf49b81e5ebfa691d5131) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:09:08:296 0840 HSF_DP (a5997c70a8df5f4e5c60fff7429823e9) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:09:08:421 0840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:09:08:484 0840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:09:08:640 0840 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\drivers\iaStor.sys
19:09:08:687 0840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:09:08:937 0840 IntcAzAudAddService (44792ccbc7b41b42ec068c6416d17de1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:09:09:109 0840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:09:09:140 0840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:09:09:218 0840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:09:09:250 0840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:09:09:328 0840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:09:09:359 0840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:09:09:531 0840 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
19:09:09:562 0840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:09:09:593 0840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:09:09:609 0840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:09:09:640 0840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:09:09:718 0840 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
19:09:09:765 0840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:09:09:843 0840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:09:10:000 0840 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:09:10:062 0840 mfeapfk (1189a284e10177ca767bacc6b8d009e2) C:\WINDOWS\system32\drivers\mfeapfk.sys
19:09:10:156 0840 mfeavfk (8739f14f5f3b5953d51dc5dafad08e5f) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:09:10:234 0840 mfebopk (905a0c6675d61efc74221ef858007476) C:\WINDOWS\system32\drivers\mfebopk.sys
19:09:10:312 0840 mfefirek (12da99b1d3a70baf9894bb41f6f5726f) C:\WINDOWS\system32\drivers\mfefirek.sys
19:09:10:437 0840 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys
19:09:10:515 0840 mfendisk (363c53d42247b8046e6ae551fd9ad813) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:09:10:531 0840 mfendiskmp (363c53d42247b8046e6ae551fd9ad813) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:09:10:593 0840 mferkdet (0d582dd5e018e7f93057db3ce7dd9af4) C:\WINDOWS\system32\drivers\mferkdet.sys
19:09:10:671 0840 mfetdi2k (457ec2a45508a57c2664d68e0b3cf3b0) C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:09:10:750 0840 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:09:10:843 0840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:09:10:921 0840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:09:10:953 0840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:09:11:015 0840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:09:11:046 0840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:09:11:234 0840 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:09:11:250 0840 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:09:11:281 0840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:09:11:406 0840 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:09:11:484 0840 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:09:11:500 0840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:09:11:593 0840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:09:11:671 0840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:09:11:734 0840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:09:11:796 0840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:09:11:859 0840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:09:11:875 0840 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:09:11:968 0840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:09:12:015 0840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:09:12:062 0840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:09:12:109 0840 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:09:12:187 0840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:09:12:203 0840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:09:12:218 0840 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:09:12:218 0840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:09:12:250 0840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:09:12:281 0840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:09:12:312 0840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:09:12:343 0840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:09:12:437 0840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:09:12:578 0840 nv (d38646b9f5936e401ef1d87fc10b6eb2) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:09:12:750 0840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:09:12:765 0840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:09:12:812 0840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:09:12:843 0840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:09:12:921 0840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:09:12:984 0840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:09:13:000 0840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:09:13:031 0840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:09:13:062 0840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:09:13:140 0840 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
19:09:13:234 0840 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
19:09:13:343 0840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:09:13:421 0840 PRAGMAduyabvstvx (6b1fc50e54b19d7214a63f952ea1e872) C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAd.sys
19:09:13:421 0840 Suspicious file (Hidden): C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAd.sys. md5: 6b1fc50e54b19d7214a63f952ea1e872
19:09:13:468 0840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:09:13:562 0840 PStrip (bcf8d075fad718fea8ef6e281331a56e) C:\WINDOWS\system32\drivers\pstrip.sys
19:09:13:656 0840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:09:13:750 0840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:09:13:812 0840 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
19:09:14:000 0840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:09:14:031 0840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:09:14:046 0840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:09:14:078 0840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:09:14:093 0840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:09:14:156 0840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:09:14:171 0840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:09:14:234 0840 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:09:14:250 0840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:09:14:312 0840 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:09:14:375 0840 SecBulk (9bc5bea36861e8897f5daa8bb81efd6d) C:\WINDOWS\system32\Drivers\SECBULK.sys
19:09:14:484 0840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:09:14:562 0840 Ser2pl (2d7ebbee1addaa91704db206205073d3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
19:09:14:625 0840 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:09:14:687 0840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:09:14:718 0840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:09:14:796 0840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:09:14:953 0840 smrt (27d6be8e961ab9df26ec5ce823b68b7f) C:\WINDOWS\system32\DRIVERS\smrt.sys
19:09:15:046 0840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:09:15:078 0840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:09:15:156 0840 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:09:15:218 0840 SSFS0BB9 (99b126a088c12ec5d6c4fd4d7e9a6e73) C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
19:09:15:296 0840 SSHRMD (eb4af1adb05bc67d4ef5e22db4a3e410) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
19:09:15:312 0840 SSIDRV (5aee9e4a2eaabe0e29e1f2b2d0938a95) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
19:09:15:375 0840 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\WINDOWS\system32\Drivers\sskbfd.sys
19:09:15:406 0840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:09:15:437 0840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:09:15:453 0840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:09:15:531 0840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:09:15:625 0840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:09:15:703 0840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:09:15:750 0840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:09:15:781 0840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:09:15:875 0840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:09:15:953 0840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:09:16:031 0840 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:09:16:109 0840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:09:16:187 0840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:09:16:203 0840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:09:16:250 0840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:09:16:343 0840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:09:16:359 0840 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:09:16:421 0840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:09:16:468 0840 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:09:16:484 0840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:09:16:562 0840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:09:16:625 0840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:09:16:781 0840 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:09:16:890 0840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:09:16:937 0840 winachsf (cdc87dc4d727a1c0c7cfaf82e58b0e7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:09:17:062 0840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:09:17:125 0840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:09:17:203 0840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:09:17:296 0840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:09:17:390 0840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:09:17:390 0840 Reboot required for cure complete..
19:09:17:468 0840 Cure on reboot scheduled successfully
19:09:17:468 0840
19:09:17:468 0840 Completed
19:09:17:468 0840
19:09:17:468 0840 Results:
19:09:17:468 0840 Registry objects infected / cured / cured on reboot: 4 / 0 / 4
19:09:17:468 0840 File objects infected / cured / cured on reboot: 6 / 0 / 6
19:09:17:468 0840
19:09:17:468 0840 KLMD(ARK) unloaded successfully
I am goinng to send you the combofix log soon this evening.
Thanks
-Balaji
19:08:08:609 0840 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:08:08:609 0840 ================================================================================
19:08:08:609 0840 SystemInfo:
19:08:08:609 0840 OS Version: 5.1.2600 ServicePack: 3.0
19:08:08:609 0840 Product type: Workstation
19:08:08:609 0840 ComputerName: BALAJI
19:08:08:609 0840 UserName: Savitha Birali
19:08:08:609 0840 Windows directory: C:\WINDOWS
19:08:08:609 0840 Processor architecture: Intel x86
19:08:08:609 0840 Number of processors: 2
19:08:08:609 0840 Page size: 0x1000
19:08:08:609 0840 Boot type: Normal boot
19:08:08:609 0840 ================================================================================
19:08:09:046 0840 Initialize success
19:08:09:046 0840
19:08:09:046 0840 Scanning Services ...
19:08:09:156 0840 Raw services enum returned 438 services
19:08:09:171 0840 Suspicious serv PRAGMAduyabvstvx (h: 1, b: 0)
19:08:09:171 0840 Heur detect PRAGMAduyabvstvx
19:08:09:171 0840 RegNode HKLM\SYSTEM\ControlSet001\services\PRAGMAduyabvstvx infected by TDSS rootkit ... 19:08:09:171 0840 will be deleted on reboot
19:08:09:171 0840 RegNode HKLM\SYSTEM\ControlSet003\services\PRAGMAduyabvstvx infected by TDSS rootkit ... 19:08:09:171 0840 will be deleted on reboot
19:08:09:171 0840 File C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAd.sys infected by TDSS rootkit ... 19:08:09:171 0840 will be deleted on reboot
19:08:09:171 0840 File C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAc.dll infected by TDSS rootkit ... 19:08:09:187 0840 will be deleted on reboot
19:08:09:187 0840 File pragmaserf infected by TDSS rootkit ... 19:08:09:187 0840 will be deleted on reboot
19:08:09:187 0840 File pragmabbr infected by TDSS rootkit ... 19:08:09:187 0840 will be deleted on reboot
19:08:09:187 0840 Suspicious serv PRAGMAexevnpcvko (h: 1, b: 0)
19:08:09:187 0840
19:08:09:187 0840 Hidden service detected!
19:08:09:187 0840 Service name: PRAGMAexevnpcvko
19:08:09:187 0840 Image path: \systemroot\PRAGMAexevnpcvko\PRAGMAd.sys
19:08:09:187 0840 Type "delete" (without quotes) to delete it: 19:09:01:218 0840
19:09:01:218 0840 By user detect PRAGMAexevnpcvko
19:09:01:218 0840 RegNode HKLM\SYSTEM\ControlSet001\services\PRAGMAexevnpcvko infected by TDSS rootkit ... 19:09:01:218 0840 will be deleted on reboot
19:09:01:218 0840 RegNode HKLM\SYSTEM\ControlSet003\services\PRAGMAexevnpcvko infected by TDSS rootkit ... 19:09:01:218 0840 will be deleted on reboot
19:09:01:218 0840 File C:\WINDOWS\PRAGMAexevnpcvko\PRAGMAd.sys infected by TDSS rootkit ... 19:09:01:218 0840 will be deleted on reboot
19:09:01:218 0840
19:09:01:218 0840 Scanning Drivers ...
19:09:01:546 0840 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
19:09:01:656 0840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:09:01:718 0840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:09:01:828 0840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:09:01:890 0840 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:09:02:015 0840 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:09:02:078 0840 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
19:09:02:125 0840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:09:02:125 0840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:09:02:312 0840 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:09:02:484 0840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:09:02:546 0840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:09:02:609 0840 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
19:09:02:656 0840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:09:02:734 0840 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
19:09:02:796 0840 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
19:09:02:812 0840 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
19:09:02:890 0840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:09:02:968 0840 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:09:03:109 0840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:09:03:125 0840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:09:03:187 0840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:09:03:281 0840 cfwids (2703bb4f7cee9bf6726b7aafc9e688d4) C:\WINDOWS\system32\drivers\cfwids.sys
19:09:03:406 0840 CO_Mon (9dbd4a34f6f292ab4ddc3b209ec07c2f) C:\WINDOWS\system32\Drivers\CO_Mon.sys
19:09:03:453 0840 Disk (6ce11233a6300b89de2a49c9554f0630) C:\WINDOWS\system32\DRIVERS\disk.sys
19:09:03:453 0840 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: 6ce11233a6300b89de2a49c9554f0630, Fake md5: 044452051f3e02e7963599fc8f4f3e25
19:09:03:453 0840 File "C:\WINDOWS\system32\DRIVERS\disk.sys" infected by TDSS rootkit ... 19:09:06:546 0840 Backup copy found, using it..
19:09:06:562 0840 will be cured on next reboot
19:09:06:828 0840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:09:06:953 0840 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
19:09:06:984 0840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:09:07:031 0840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:09:07:078 0840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:09:07:156 0840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:09:07:296 0840 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
19:09:07:390 0840 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:09:07:421 0840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:09:07:484 0840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:09:07:546 0840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:09:07:609 0840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:09:07:703 0840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:09:07:781 0840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:09:07:859 0840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:09:07:906 0840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:09:07:937 0840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:09:08:015 0840 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
19:09:08:062 0840 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:09:08:093 0840 HidIr (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
19:09:08:125 0840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:09:08:250 0840 HSFHWAZL (dfadd76b2efdf49b81e5ebfa691d5131) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
19:09:08:296 0840 HSF_DP (a5997c70a8df5f4e5c60fff7429823e9) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:09:08:421 0840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:09:08:484 0840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:09:08:640 0840 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\drivers\iaStor.sys
19:09:08:687 0840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:09:08:937 0840 IntcAzAudAddService (44792ccbc7b41b42ec068c6416d17de1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:09:09:109 0840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:09:09:140 0840 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:09:09:218 0840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:09:09:250 0840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:09:09:328 0840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:09:09:359 0840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:09:09:531 0840 IrBus (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
19:09:09:562 0840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:09:09:593 0840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:09:09:609 0840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:09:09:640 0840 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:09:09:718 0840 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
19:09:09:765 0840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:09:09:843 0840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:09:10:000 0840 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:09:10:062 0840 mfeapfk (1189a284e10177ca767bacc6b8d009e2) C:\WINDOWS\system32\drivers\mfeapfk.sys
19:09:10:156 0840 mfeavfk (8739f14f5f3b5953d51dc5dafad08e5f) C:\WINDOWS\system32\drivers\mfeavfk.sys
19:09:10:234 0840 mfebopk (905a0c6675d61efc74221ef858007476) C:\WINDOWS\system32\drivers\mfebopk.sys
19:09:10:312 0840 mfefirek (12da99b1d3a70baf9894bb41f6f5726f) C:\WINDOWS\system32\drivers\mfefirek.sys
19:09:10:437 0840 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys
19:09:10:515 0840 mfendisk (363c53d42247b8046e6ae551fd9ad813) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:09:10:531 0840 mfendiskmp (363c53d42247b8046e6ae551fd9ad813) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
19:09:10:593 0840 mferkdet (0d582dd5e018e7f93057db3ce7dd9af4) C:\WINDOWS\system32\drivers\mferkdet.sys
19:09:10:671 0840 mfetdi2k (457ec2a45508a57c2664d68e0b3cf3b0) C:\WINDOWS\system32\drivers\mfetdi2k.sys
19:09:10:750 0840 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:09:10:843 0840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:09:10:921 0840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:09:10:953 0840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:09:11:015 0840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:09:11:046 0840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:09:11:234 0840 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:09:11:250 0840 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:09:11:281 0840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:09:11:406 0840 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:09:11:484 0840 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
19:09:11:500 0840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:09:11:593 0840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:09:11:671 0840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:09:11:734 0840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:09:11:796 0840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:09:11:859 0840 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:09:11:875 0840 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:09:11:968 0840 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:09:12:015 0840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:09:12:062 0840 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:09:12:109 0840 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:09:12:187 0840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:09:12:203 0840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:09:12:218 0840 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:09:12:218 0840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:09:12:250 0840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:09:12:281 0840 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:09:12:312 0840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:09:12:343 0840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:09:12:437 0840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:09:12:578 0840 nv (d38646b9f5936e401ef1d87fc10b6eb2) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:09:12:750 0840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:09:12:765 0840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:09:12:812 0840 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:09:12:843 0840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:09:12:921 0840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:09:12:984 0840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:09:13:000 0840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:09:13:031 0840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:09:13:062 0840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:09:13:140 0840 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
19:09:13:234 0840 PD0620VID (ea296b87ba381c640b441d95f90785f8) C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
19:09:13:343 0840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:09:13:421 0840 PRAGMAduyabvstvx (6b1fc50e54b19d7214a63f952ea1e872) C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAd.sys
19:09:13:421 0840 Suspicious file (Hidden): C:\WINDOWS\PRAGMAduyabvstvx\PRAGMAd.sys. md5: 6b1fc50e54b19d7214a63f952ea1e872
19:09:13:468 0840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:09:13:562 0840 PStrip (bcf8d075fad718fea8ef6e281331a56e) C:\WINDOWS\system32\drivers\pstrip.sys
19:09:13:656 0840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:09:13:750 0840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:09:13:812 0840 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
19:09:14:000 0840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:09:14:031 0840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:09:14:046 0840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:09:14:078 0840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:09:14:093 0840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:09:14:156 0840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:09:14:171 0840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:09:14:234 0840 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:09:14:250 0840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:09:14:312 0840 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:09:14:375 0840 SecBulk (9bc5bea36861e8897f5daa8bb81efd6d) C:\WINDOWS\system32\Drivers\SECBULK.sys
19:09:14:484 0840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:09:14:562 0840 Ser2pl (2d7ebbee1addaa91704db206205073d3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
19:09:14:625 0840 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:09:14:687 0840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
19:09:14:718 0840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:09:14:796 0840 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:09:14:953 0840 smrt (27d6be8e961ab9df26ec5ce823b68b7f) C:\WINDOWS\system32\DRIVERS\smrt.sys
19:09:15:046 0840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:09:15:078 0840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:09:15:156 0840 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:09:15:218 0840 SSFS0BB9 (99b126a088c12ec5d6c4fd4d7e9a6e73) C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
19:09:15:296 0840 SSHRMD (eb4af1adb05bc67d4ef5e22db4a3e410) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
19:09:15:312 0840 SSIDRV (5aee9e4a2eaabe0e29e1f2b2d0938a95) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
19:09:15:375 0840 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\WINDOWS\system32\Drivers\sskbfd.sys
19:09:15:406 0840 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:09:15:437 0840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:09:15:453 0840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:09:15:531 0840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:09:15:625 0840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:09:15:703 0840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:09:15:750 0840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:09:15:781 0840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:09:15:875 0840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:09:15:953 0840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:09:16:031 0840 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:09:16:109 0840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:09:16:187 0840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:09:16:203 0840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:09:16:250 0840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:09:16:343 0840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:09:16:359 0840 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:09:16:421 0840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:09:16:468 0840 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:09:16:484 0840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:09:16:562 0840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:09:16:625 0840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:09:16:781 0840 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:09:16:890 0840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:09:16:937 0840 winachsf (cdc87dc4d727a1c0c7cfaf82e58b0e7c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:09:17:062 0840 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:09:17:125 0840 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:09:17:203 0840 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:09:17:296 0840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:09:17:390 0840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:09:17:390 0840 Reboot required for cure complete..
19:09:17:468 0840 Cure on reboot scheduled successfully
19:09:17:468 0840
19:09:17:468 0840 Completed
19:09:17:468 0840
19:09:17:468 0840 Results:
19:09:17:468 0840 Registry objects infected / cured / cured on reboot: 4 / 0 / 4
19:09:17:468 0840 File objects infected / cured / cured on reboot: 6 / 0 / 6
19:09:17:468 0840
19:09:17:468 0840 KLMD(ARK) unloaded successfully
#6
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 04 June 2010 - 05:42 PM
Hi Sweettech,
I also see this from the winPatrol i have " it says some changes are there, would you like to allow them or not for example
Run a DLL as an APP
c"\windows\system32\rundll32.exe c:\windows\system32.ieframe.dll, open url %I
to
rundll32.exe shdocvw.dll, openURL %I
any help on this
Thanks
-Balaji
#7
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
Posted 04 June 2010 - 06:15 PM
Allow those changes.
Download PragmaFix
Download Pragmafix by Noahdfear from here and save it in a place you can remember such as, your desktop.
Download PragmaFix
Download Pragmafix by Noahdfear from here and save it in a place you can remember such as, your desktop.
- Click on Pragmafix.exe to run it
- It shall produce PragmaFix.log in the C:\ folder.
- Please post the results here.
Proud Graduate of the WTT Classroom
#8
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 04 June 2010 - 06:17 PM
Hi,
when run the combofix,
it is saying
"Attempting to create a new System Restore Point"
and cursor is blinking right below it and nothing is happenning.
What is going on there?
thanks
balaji
#9
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
Posted 04 June 2010 - 06:22 PM
If it's been attempting to create a system restore point for more than 5 minutes please go ahead and exit out of it and run the pragmafix tool in my last post.
Proud Graduate of the WTT Classroom
#10
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 04 June 2010 - 08:20 PM
hi Sweettech,
here is the log from pgramafix
'No Embedded null keys found'
It seems my computer is booting up ok now and but the boot up is taking so long.
but wimpatrol still pops up the message i posted earlier.
Thanks
-Balaji
Register to Remove
#11
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
Posted 04 June 2010 - 08:22 PM
Download this version of combofix
Please download ComboFix from: Here to your Desktop.
**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
Please download ComboFix from: Here to your Desktop.
**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
- During the download, rename Combofix to the name provided in the image below:
- It is important you rename Combofix during the download, but not after.
- Please do not rename Combofix to other names, but only to the one indicated.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- Double click on the renamed version of ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.
Proud Graduate of the WTT Classroom
#12
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 05 June 2010 - 05:30 AM
hi SweetTech,
from the previous version of the comboFix, i have a folder created on my C drive called comboFix and it had all the c drive files in it. do you want me to remove that folder? is that necessary to keep it?
Thanks
-Balaji
#13
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
#14
bbirali
-
- Authentic Member
-
- 32 posts
Authentic Member
Posted 05 June 2010 - 12:41 PM
Hi SweetTech,
I want to ask you one curious question, Whenever i opened this forum and see your last posting the rename of the combofix is appeared to be different, why is that?
Which name i should use finally 
Thanks
Balaji
Thanks
Balaji
#15
SweetTech
-
- Authentic Member
-
- 3,368 posts
MalwareTeam Emeritus
Posted 05 June 2010 - 12:46 PM
It's suppose to be renamed differently each time.I want to ask you one curious question, Whenever i opened this forum and see your last posting the rename of the combofix is appeared to be different, why is that?
Which name i should use finally
You should use whatever name it gives you at the time of download.
Proud Graduate of the WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
