Solve : svchost.exe grabs CPU & memory; browser gets redirected? – InterviewSolution

InterviewSolution

1.	Solve : svchost.exe grabs CPU & memory; browser gets redirected?
Answer» I'm not finding that file in that location. There is an overlay.xul and an overlay.js in C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content\ In the directory tree you suggest I have actually TWO branches with 2 files in each: C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul and ...\ffjcext.js AND C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul and ...\ffjcext.js Curiously the 2 files in the latter branch (bolded) have a create and mod date of 10/15/2010 - right about the time that I ran my first scans for my first post here. I've no clue if that is significant. I'm running Firefox 3.5.15 -- Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.15) Gecko/20101026 Firefox/3.5.15) So I'm not going to delete anything just yet - awaiting your instruction. Ok. I'm going to consult my mentor on this. No problem! I just appreciate the help - it's pretty clear how much you're doing on here with everyone so - I'm good! I can wait. SuperDave, My son was home for the weekend and without my knowledge he had a look at my PC and ran TDSSKiller. I'll post the log below. After TDSS rebooted the PC we've not seen any of the previous problems! That svchost process is staying at 28Kb and I spent 30 minutes doing searches on Google with no redirects. The Avast Network shield has not picked up any redirects. It's been about 6 hours now so I'm hoping it's really fixed! If there is anything else you can suggest or recommend for checking or cleanup or whatever - I'll try it. TDSSKiller log: 2010/11/07 13:02:42.0062TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49 2010/11/07 13:02:42.0062================================================================================ 2010/11/07 13:02:42.0062SystemInfo: 2010/11/07 13:02:42.0062 2010/11/07 13:02:42.0062OS Version: 5.1.2600 ServicePack: 2.0 2010/11/07 13:02:42.0062Product type: Workstation 2010/11/07 13:02:42.0062ComputerName: COMPUTERROOM 2010/11/07 13:02:42.0062UserName: WILLIAM Brophy 2010/11/07 13:02:42.0062Windows directory: C:\WINDOWS 2010/11/07 13:02:42.0062System windows directory: C:\WINDOWS 2010/11/07 13:02:42.0062Processor architecture: Intel x86 2010/11/07 13:02:42.0062Number of processors: 1 2010/11/07 13:02:42.0062Page size: 0x1000 2010/11/07 13:02:42.0062Boot type: Normal boot 2010/11/07 13:02:42.0062================================================================================ 2010/11/07 13:02:43.0078Initialize success 2010/11/07 13:02:56.0671================================================================================ 2010/11/07 13:02:56.0671Scan started 2010/11/07 13:02:56.0671Mode: Manual; 2010/11/07 13:02:56.0671================================================================================ 2010/11/07 13:02:57.0406Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys 2010/11/07 13:02:57.0578ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/07 13:02:57.0687ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/07 13:02:57.0796aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 2010/11/07 13:02:57.0953aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2010/11/07 13:02:58.0062AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2010/11/07 13:02:58.0171agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/11/07 13:02:58.0703aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys 2010/11/07 13:02:58.0781aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys 2010/11/07 13:02:58.0921aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys 2010/11/07 13:02:59.0046aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys 2010/11/07 13:02:59.0156aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys 2010/11/07 13:02:59.0265AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/07 13:02:59.0343atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/07 13:02:59.0515Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/07 13:02:59.0609audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/07 13:02:59.0718BASFND (ce218c09caf41537ceb5a872a019a7e2) C:\WINDOWS\system32\Drivers\BASFND.sys 2010/11/07 13:02:59.0828Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/07 13:03:00.0187cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/07 13:03:00.0343Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/07 13:03:00.0437Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/07 13:03:00.0546Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/07 13:03:01.0062Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/07 13:03:01.0187dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/07 13:03:01.0343dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/07 13:03:01.0453dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/07 13:03:01.0593DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/07 13:03:01.0765drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/07 13:03:01.0859dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 2010/11/07 13:03:02.0031E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2010/11/07 13:03:02.0187Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/07 13:03:02.0312Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/07 13:03:02.0421Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/07 13:03:02.0531Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/07 13:03:02.0640FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/11/07 13:03:02.0734Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/07 13:03:02.0828Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/07 13:03:03.0062FW1 (7441f96680ac1fad27ae34ff8076d594) C:\WINDOWS\system32\DRIVERS\fw.sys 2010/11/07 13:03:03.0265Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/07 13:03:03.0390hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/07 13:03:03.0531HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 2010/11/07 13:03:03.0687HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 2010/11/07 13:03:03.0859HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/07 13:03:04.0140i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/07 13:03:04.0218Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/07 13:03:04.0390IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/07 13:03:04.0453intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/07 13:03:04.0562Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/11/07 13:03:04.0687IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/07 13:03:04.0781IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/07 13:03:04.0890IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/07 13:03:05.0000IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/07 13:03:05.0140IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/07 13:03:05.0265isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/07 13:03:05.0359Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/07 13:03:05.0437kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/11/07 13:03:05.0531kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/07 13:03:05.0640KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/07 13:03:05.0906mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/11/07 13:03:06.0015mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys 2010/11/07 13:03:06.0140mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys 2010/11/07 13:03:06.0265mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys 2010/11/07 13:03:06.0375mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 2010/11/07 13:03:06.0484mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 2010/11/07 13:03:06.0593mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/07 13:03:06.0687Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/07 13:03:06.0796MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/07 13:03:06.0875Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/07 13:03:07.0046mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/07 13:03:07.0203MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/07 13:03:07.0453MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/07 13:03:07.0625MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/07 13:03:07.0812Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/07 13:03:07.0984MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/07 13:03:08.0109MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/07 13:03:08.0187MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/07 13:03:08.0281mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/07 13:03:08.0390Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/07 13:03:08.0484NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/07 13:03:08.0609NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/07 13:03:08.0687Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/07 13:03:08.0796NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/07 13:03:08.0937NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/07 13:03:09.0046NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/07 13:03:09.0140NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/07 13:03:09.0328Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/07 13:03:09.0484Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/07 13:03:09.0671Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/07 13:03:09.0859nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/11/07 13:03:10.0062NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/07 13:03:10.0171NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/07 13:03:10.0281OADevice (f759e5266a91e6a9ab5dd7939c6560b6) C:\WINDOWS\system32\drivers\OADriver.sys 2010/11/07 13:03:10.0375OAmon (fe6a66c9614de5e0f3e6b846a699fcae) C:\WINDOWS\system32\drivers\OAmon.sys 2010/11/07 13:03:10.0484OAnet (44bff97b3704475194380e563180b64e) C:\WINDOWS\system32\drivers\OAnet.sys 2010/11/07 13:03:10.0593OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 2010/11/07 13:03:10.0671OMVA (73c74eb8b231974b7a961fddd878ae01) C:\WINDOWS\system32\DRIVERS\OMVA.sys 2010/11/07 13:03:10.0796Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/07 13:03:10.0921PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/07 13:03:11.0046ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/07 13:03:11.0140PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/07 13:03:11.0281PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/07 13:03:11.0375Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/07 13:03:12.0468PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/07 13:03:12.0562Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/07 13:03:12.0921RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/07 13:03:13.0015Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/07 13:03:13.0109RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/07 13:03:13.0218Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/07 13:03:13.0312Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/07 13:03:13.0421RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/07 13:03:13.0531RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/07 13:03:13.0656redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/07 13:03:13.0843SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/11/07 13:03:13.0890SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/11/07 13:03:14.0015Scap (8c3d61bb8f35264e14fb76856fefad62) C:\WINDOWS\system32\DRIVERS\Scap.sys 2010/11/07 13:03:14.0125Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/07 13:03:14.0296serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/07 13:03:14.0390Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/07 13:03:14.0453Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/07 13:03:14.0640smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys 2010/11/07 13:03:14.0859splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/07 13:03:14.0984sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/07 13:03:15.0109Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/07 13:03:15.0328swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/07 13:03:15.0421swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/07 13:03:15.0890sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/07 13:03:16.0078SysProtDrv.sys (56f64c490aaa9519d677074eadb565d1) C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys 2010/11/07 13:03:16.0078Suspicious file (Forged): C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys. Real md5: 56f64c490aaa9519d677074eadb565d1, Fake md5: c88b251b625e73c1feef21b61f4ce74d 2010/11/07 13:03:16.0093SysProtDrv.sys - detected Forged file (1) 2010/11/07 13:03:16.0234Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/07 13:03:16.0390TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/07 13:03:16.0468TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/07 13:03:16.0562TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/07 13:03:16.0765Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/07 13:03:16.0968Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/07 13:03:17.0125usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/07 13:03:17.0203usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/07 13:03:17.0296usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/07 13:03:17.0406usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/07 13:03:17.0515usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/07 13:03:17.0609USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/07 13:03:17.0718usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/07 13:03:17.0812VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/11/07 13:03:17.0984VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/07 13:03:18.0093VPN-1 (793b9aed2fc908fdfc93f0afa07f59cf) C:\WINDOWS\System32\drivers\vpn.sys 2010/11/07 13:03:18.0312Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/07 13:03:18.0453wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/07 13:03:18.0593winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 2010/11/07 13:03:18.0859WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/07 13:03:18.0968WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/07 13:03:19.0078\HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/11/07 13:03:19.0078================================================================================ 2010/11/07 13:03:19.0078Scan finished 2010/11/07 13:03:19.0078================================================================================ 2010/11/07 13:03:19.0109Detected object count: 2 2010/11/07 13:03:44.0234SysProtDrv.sys (56f64c490aaa9519d677074eadb565d1) C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys 2010/11/07 13:03:44.0234Suspicious file (Forged): C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys. Real md5: 56f64c490aaa9519d677074eadb565d1, Fake md5: c88b251b625e73c1feef21b61f4ce74d 2010/11/07 13:03:44.0265C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys - quarantined 2010/11/07 13:03:44.0281Forged file(SysProtDrv.sys) - USER select action: Quarantine 2010/11/07 13:03:44.0375\HardDisk0\MBR - will be cured after reboot 2010/11/07 13:03:44.0375Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/11/07 13:03:52.0250Deinitialize success Well, that is good news. Let's do some cleanup. * Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box. * Now type commy /uninstall in the runbox * Make sure there's a space between commy and /Uninstall * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the clock settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ******************************* Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start** •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. ALSO STOP certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Following your advice! Thank you so much, SuperDave! I appreciate your patience and your efforts.

Discussion

No Comment Found

Related InterviewSolutions