Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

redirects and random commercials

Started by spr1980 , Apr 11 2011 08:32 AM

  • Please log in to reply

#1
spr1980
Posted 11 April 2011 - 08:32 AM

spr1980

    New Member

  • Member
  • Pip
  • 5 posts
i have redirects on my searches and audio adds that play in the background at any time.also have internet script errors that pop up every couple minutes. the commecials and script errors come up even when i'm not surfing the net. I have tried the steps in the redirect forum but i can't get tdsskiller to open. i have tried to rename it and it still won't open. i ran superantispyware and malwarebytes but i still have the problem. any help would be appreciated. Here is the otl.

OTL logfile created on: 4/11/2011 8:16:30 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steve\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.85 Gb Total Space | 355.13 Gb Free Space | 78.08% Space Free | Partition Type: NTFS
Drive D: | 10.91 Gb Total Space | 4.13 Gb Free Space | 37.89% Space Free | Partition Type: NTFS
Drive F: | 1.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Y: | 455.48 Gb Total Space | 302.26 Gb Free Space | 66.36% Space Free | Partition Type: NTFS
Drive Z: | 455.48 Gb Total Space | 302.26 Gb Free Space | 66.36% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/07 07:44:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/03/16 17:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/02/24 16:18:19 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/13 19:22:04 | 005,252,936 | ---- | M] (SpareBackup, Inc.) -- C:\Program Files\Spare Backup\SpareBackup.exe
PRC - [2007/09/05 11:25:56 | 000,455,968 | ---- | M] () -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/04/26 14:55:08 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2007/04/26 14:51:44 | 001,019,904 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2007/04/17 18:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe


========== Modules (SafeList) ==========

MOD - [2011/04/07 07:44:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2008/05/14 14:45:17 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/09/05 11:25:56 | 000,455,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/27 01:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)


========== Driver Services (SafeList) ==========

DRV - [2011/02/20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/23 10:38:58 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/10/25 16:47:00 | 008,226,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/17 10:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/05 09:47:28 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/09/05 09:47:20 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/09/05 01:40:56 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/05/28 20:06:00 | 001,174,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2007/05/28 20:05:52 | 000,096,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/05/28 20:05:48 | 000,159,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/05/28 20:05:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/05/28 20:05:42 | 000,129,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/05/28 20:05:30 | 000,525,608 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/05/28 20:05:24 | 000,518,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/05/28 20:05:08 | 000,073,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/05/28 20:05:04 | 000,171,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/05/28 20:05:00 | 001,324,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTEXFIFX.dll -- (CTEXFIFX.DLL)
DRV - [2007/04/27 07:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007/04/27 07:40:00 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...=DTP&M=2905989R
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...=DTP&M=2905989R
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...=DTP&M=2905989R

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...=DTP&M=2905989R
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4


[2010/09/15 07:33:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/09/15 08:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ruc2swoe.default\extensions
[2011/04/06 19:09:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ruc2swoe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/06 19:09:23 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ruc2swoe.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/09/15 07:42:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ruc2swoe.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011/02/07 07:43:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2011/04/09 08:59:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [a-squared] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steve\Pictures\IMG00046.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steve\Pictures\IMG00046.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2002/02/22 12:35:36 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/03/11 11:32:09 | 000,000,000 | ---D | M] - Y:\AutoCad Drawings -- [ NTFS ]
O32 - AutoRun File - [2010/01/26 16:16:47 | 000,041,432 | ---- | M] () - Y:\AutoCAD_Symbols.zip -- [ NTFS ]
O33 - MountPoints2\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008/02/10 02:22:52 | 000,053,400 | R--- | M] (Autodesk, Inc.)
O33 - MountPoints2\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\Shell - "" = AutoRun
O33 - MountPoints2\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\Shell\AutoRun\command - "" = L:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sh4native Sh4Removal) - C:\Windows\System32\sh4native.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 12:38:18 | 000,000,000 | ---D | C] -- C:\Rooter$
[2011/04/10 09:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2011/04/10 09:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2011/04/10 09:55:29 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Anti-Malware
[2011/04/10 09:55:02 | 099,965,256 | ---- | C] (Emsi Software GmbH ) -- C:\Users\Steve\Desktop\EmsisoftAntiMalwareSetup.exe
[2011/04/10 09:36:54 | 001,917,592 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2011/04/10 09:31:07 | 012,502,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.17.exe
[2011/04/09 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/09 14:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/09 14:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/09 14:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/09 14:19:09 | 010,846,616 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2011/04/09 14:01:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2011/04/09 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\tdsskiller
[2011/04/09 13:44:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/09 08:59:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/04/08 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/08 13:38:19 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Steve\Desktop\Rooter.exe
[2011/04/07 17:24:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\GooredFix Backups
[2011/04/07 17:24:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Steve\Desktop\GooredFix.exe
[2011/04/07 16:56:55 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTM.exe
[2011/04/07 16:55:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/07 16:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/07 16:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/04/07 07:43:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/04/07 07:38:42 | 001,484,376 | ---- | C] (SpeedingUpMyPC ) -- C:\Users\Steve\Desktop\speedingupmypc.exe
[2008/05/04 18:35:53 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2008/02/21 14:20:00 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/04/11 08:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 08:16:40 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 08:16:40 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 07:43:29 | 000,002,523 | ---- | M] () -- C:\Users\Steve\Desktop\HiJackThis.lnk
[2011/04/11 06:31:38 | 000,143,872 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/11 06:21:29 | 000,599,286 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/11 06:21:29 | 000,102,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/11 06:17:00 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile
[2011/04/11 06:16:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 06:16:41 | 000,000,304 | -HS- | M] () -- C:\Windows\tasks\bxmztccn.job
[2011/04/11 06:16:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/11 06:16:36 | 3488,858,112 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/10 17:52:11 | 000,064,752 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000009-00001102-00000005-60071102}.rfx
[2011/04/10 17:52:11 | 000,054,408 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000009-00001102-00000005-60071102}.rfx
[2011/04/10 17:52:11 | 000,054,408 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000009-00001102-00000005-60071102}.rfx
[2011/04/10 16:06:37 | 000,002,633 | ---- | M] () -- C:\Users\Steve\Desktop\Microsoft Office Outlook 2007.lnk
[2011/04/10 09:55:42 | 000,000,912 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/04/10 09:55:42 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/04/10 09:55:01 | 099,965,256 | ---- | M] (Emsi Software GmbH ) -- C:\Users\Steve\Desktop\EmsisoftAntiMalwareSetup.exe
[2011/04/10 09:46:07 | 000,327,523 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/04/10 09:45:42 | 000,202,848 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/04/10 09:37:10 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/04/10 09:37:02 | 001,917,592 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2011/04/10 09:31:07 | 012,502,472 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.17.exe
[2011/04/09 14:19:54 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/09 14:19:09 | 010,846,616 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2011/04/09 14:01:20 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\tdsskiller.exe
[2011/04/09 13:57:31 | 001,263,721 | ---- | M] () -- C:\Users\Steve\Desktop\tdsskiller.zip
[2011/04/09 13:44:06 | 001,402,880 | ---- | M] () -- C:\Users\Steve\Desktop\HijackThis.msi
[2011/04/09 09:04:32 | 000,573,834 | ---- | M] () -- C:\Users\Steve\Desktop\333_6319_DOF%20v2.1.4%20Catalog%2012.1%20LIVE%20New.pdf
[2011/04/09 08:59:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/08 13:38:20 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Steve\Desktop\Rooter.exe
[2011/04/08 06:45:59 | 000,011,506 | -HS- | M] () -- C:\Users\Steve\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
[2011/04/08 06:45:59 | 000,011,506 | -HS- | M] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
[2011/04/07 17:24:35 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Steve\Desktop\GooredFix.exe
[2011/04/07 17:08:51 | 000,465,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/07 16:56:40 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTM.exe
[2011/04/07 16:51:22 | 000,000,913 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/07 16:51:14 | 000,000,733 | ---- | M] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2011/04/07 16:51:14 | 000,000,714 | ---- | M] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2011/04/07 07:44:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/04/07 07:38:50 | 001,484,376 | ---- | M] (SpeedingUpMyPC ) -- C:\Users\Steve\Desktop\speedingupmypc.exe
[2011/04/06 17:12:34 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~45473544r
[2011/04/06 17:12:34 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~45473544
[2011/04/06 17:01:05 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~45211400r
[2011/04/06 17:01:05 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~45211400
[2011/04/01 13:27:00 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\Peachtree Complete Accounting 2009.lnk
[2011/04/01 11:37:52 | 000,126,562 | ---- | M] () -- C:\Windows\PeachWLog.XML
[2011/04/01 11:36:38 | 000,001,762 | ---- | M] () -- C:\Windows\PCW160.ini
[2011/04/01 11:33:34 | 000,066,560 | ---- | M] (Smithware, Inc.) -- C:\Windows\System32\s2dtconv.dll
[2011/04/01 11:33:34 | 000,024,576 | ---- | M] (Smithware, Inc.) -- C:\Windows\System32\Sbtrvd32.dll
[2011/03/30 08:04:29 | 000,469,472 | -H-- | M] () -- C:\Users\Steve\Documents\stevehousetdwg.dwg
[2011/03/16 09:07:25 | 000,004,237 | -H-- | M] () -- C:\Users\Steve\Documents\HANLEY.pdf

========== Files Created - No Company Name ==========

[2011/04/10 16:01:26 | 3488,858,112 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/10 09:55:42 | 000,000,912 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2011/04/10 09:55:42 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2011/04/10 09:46:07 | 000,327,523 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/04/10 09:45:42 | 000,202,848 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/04/10 09:37:10 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/04/09 14:19:54 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/09 13:57:19 | 001,263,721 | ---- | C] () -- C:\Users\Steve\Desktop\tdsskiller.zip
[2011/04/09 13:44:28 | 000,002,523 | ---- | C] () -- C:\Users\Steve\Desktop\HiJackThis.lnk
[2011/04/08 15:04:36 | 001,402,880 | ---- | C] () -- C:\Users\Steve\Desktop\HijackThis.msi
[2011/04/07 18:09:23 | 000,011,506 | -HS- | C] () -- C:\Users\Steve\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
[2011/04/07 18:09:23 | 000,011,506 | -HS- | C] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
[2011/04/07 16:51:22 | 000,000,913 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/07 16:51:14 | 000,000,733 | ---- | C] () -- C:\Users\Steve\Desktop\NTREGOPT.lnk
[2011/04/07 16:51:14 | 000,000,714 | ---- | C] () -- C:\Users\Steve\Desktop\ERUNT.lnk
[2011/04/06 17:12:34 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45473544r
[2011/04/06 17:12:34 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~45473544
[2011/04/06 17:01:05 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45211400r
[2011/04/06 17:01:05 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~45211400
[2011/03/16 09:07:25 | 000,004,237 | -H-- | C] () -- C:\Users\Steve\Documents\HANLEY.pdf
[2011/02/05 17:21:45 | 000,000,120 | -H-- | C] () -- C:\Users\Steve\AppData\Local\Bxizinohaz.dat
[2011/02/05 17:21:45 | 000,000,000 | -H-- | C] () -- C:\Users\Steve\AppData\Local\Ixoyox.bin
[2011/01/28 18:04:12 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/09/15 07:33:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/12 17:44:41 | 000,014,232 | ---- | C] () -- C:\Windows\System32\sh4native.exe
[2010/08/12 15:51:49 | 000,000,680 | -H-- | C] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2010/08/12 14:23:01 | 000,000,036 | -H-- | C] () -- C:\Users\Steve\AppData\Roaming\skynet.dat
[2010/08/12 14:22:53 | 000,000,074 | -H-- | C] () -- C:\Users\Steve\AppData\Roaming\sh4.dat
[2010/08/12 14:22:53 | 000,000,001 | -H-- | C] () -- C:\Users\Steve\AppData\Roaming\sh3.dat
[2010/04/09 18:55:47 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/23 10:23:23 | 000,839,680 | ---- | C] () -- C:\Windows\System32\AxEImage.dll
[2010/03/23 10:23:23 | 000,663,552 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2010/03/23 10:23:23 | 000,491,520 | ---- | C] () -- C:\Windows\System32\pdfimages.exe
[2010/03/23 10:23:23 | 000,006,139 | ---- | C] () -- C:\Windows\System32\code1.dat
[2009/07/23 10:38:58 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2009/05/07 16:13:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/07 16:13:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/20 09:29:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2008/06/30 11:46:24 | 000,143,872 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/05 10:59:41 | 000,079,360 | ---- | C] () -- C:\Windows\System32\acdbres.dll
[2008/05/05 10:30:42 | 000,013,608 | R--- | C] () -- C:\Windows\System32\srvany.exe
[2008/05/04 18:35:53 | 000,321,512 | -H-- | C] () -- C:\Windows\System32\ctdlang.dat
[2008/05/04 18:35:53 | 000,321,512 | ---- | C] () -- C:\Windows\System32\ctdlang(18978).dat
[2008/05/04 18:35:53 | 000,056,405 | -H-- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2008/05/04 18:35:53 | 000,056,405 | ---- | C] () -- C:\Windows\System32\ctdnlstr(18979).dat
[2008/05/04 18:35:53 | 000,046,604 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2008/05/04 18:35:53 | 000,016,384 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2008/05/04 18:35:53 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008/05/04 17:52:02 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/04/18 18:10:00 | 000,001,762 | ---- | C] () -- C:\Windows\PCW160.ini
[2008/02/21 14:20:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ENLOCSTR.EXE
[2008/02/21 14:20:00 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2008/02/21 13:56:48 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/02/21 13:56:42 | 000,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/02/21 13:56:42 | 000,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/20 21:23:38 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2007/08/29 02:07:32 | 000,001,714 | ---- | C] () -- C:\Windows\PCW150.INI_upg2009
[2007/03/21 07:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\System32\mmc.exe.config
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,465,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,599,286 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,102,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 19:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 12 April 2011 - 12:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 


:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O32 - AutoRun File - [2004/04/30 04:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2008/02/10 02:22:52 | 000,053,400 | R--- | M] (Autodesk, Inc.)
O33 - MountPoints2\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\Shell - "" = AutoRun
O33 - MountPoints2\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\Shell\AutoRun\command - "" = L:\LaunchU3.exe
[2011/04/07 18:09:23 | 000,011,506 | -HS- | C] () -- C:\Users\Steve\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
[2011/04/07 18:09:23 | 000,011,506 | -HS- | C] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
[2011/04/06 17:12:34 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45473544r
[2011/04/06 17:12:34 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~45473544
[2011/04/06 17:01:05 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~45211400r
[2011/04/06 17:01:05 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~45211400
[2011/02/05 17:21:45 | 000,000,120 | -H-- | C] () -- C:\Users\Steve\AppData\Local\Bxizinohaz.dat
[2011/02/05 17:21:45 | 000,000,000 | -H-- | C] () -- C:\Users\Steve\AppData\Local\Ixoyox.bin

:Files
C:\Windows\tasks\bxmztccn.job
C:\Users\Steve\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
C:\ProgramData\~45473544r
C:\ProgramData\~45473544
C:\ProgramData\~45211400r
C:\ProgramData\~45211400
C:\Users\Steve\AppData\Local\Bxizinohaz.dat
C:\Users\Steve\AppData\Local\Ixoyox.bin
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#3
spr1980
Posted 12 April 2011 - 02:15 PM

spr1980

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks for your help and the quick response.

here are the logs.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Windows\System32\BAE.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
D:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{040c6d2f-e0ac-11dc-bb16-806e6f6e6963}\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad7de42d-eb5b-11df-b772-00e0b8e6df66}\ not found.
File L:\LaunchU3.exe not found.
C:\Users\Steve\AppData\Local\o0117nc2nv5tpb633d15bq765wo1 moved successfully.
C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1 moved successfully.
C:\ProgramData\~45473544r moved successfully.
C:\ProgramData\~45473544 moved successfully.
C:\ProgramData\~45211400r moved successfully.
C:\ProgramData\~45211400 moved successfully.
C:\Users\Steve\AppData\Local\Bxizinohaz.dat moved successfully.
C:\Users\Steve\AppData\Local\Ixoyox.bin moved successfully.
========== FILES ==========
C:\Windows\tasks\bxmztccn.job moved successfully.
File\Folder C:\Users\Steve\AppData\Local\o0117nc2nv5tpb633d15bq765wo1 not found.
File\Folder C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1 not found.
File\Folder C:\ProgramData\~45473544r not found.
File\Folder C:\ProgramData\~45473544 not found.
File\Folder C:\ProgramData\~45211400r not found.
File\Folder C:\ProgramData\~45211400 not found.
File\Folder C:\Users\Steve\AppData\Local\Bxizinohaz.dat not found.
File\Folder C:\Users\Steve\AppData\Local\Ixoyox.bin not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Steve
->Temp folder emptied: 83765510 bytes
->Temporary Internet Files folder emptied: 47955833 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 37796 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136700 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1377112 bytes

Total Files Cleaned = 127.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04122011_070337

Files\Folders moved on Reboot...
File move failed. F:\setup.exe scheduled to be moved on reboot.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SG0OX09Y\like[4].htm moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJ4AQ13J\xd_proxy[1].htm moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACTTJAAK\page__p__1994276__fromsearch__1[1].htm moved successfully.
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6341

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

4/12/2011 8:12:09 AM
mbam-log-2011-04-12 (08-12-09).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 305814
Time elapsed: 36 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ComboFix 11-04-11.04 - Steve 04/12/2011 10:00:00.1.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3327.2310 [GMT -5:00]
Running from: c:\users\Steve\Desktop\george.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\george.exe
c:\george.exe\023.dat
c:\george.exe\023v.dat
c:\george.exe\023w7.dat
c:\george.exe\AppDataFile.cfx
c:\george.exe\AppDataFolder.cfx
c:\george.exe\appinit.bad
c:\george.exe\asp.str
c:\george.exe\Assoc.cmd
c:\george.exe\ATTRIB.cfxxe
c:\george.exe\Auto-RC.cmd
c:\george.exe\av.cmd
c:\george.exe\av.vbs
c:\george.exe\AWF.cmd
c:\george.exe\badclsid.c
c:\george.exe\Boot-Rk.cmd
c:\george.exe\Boot.bat
c:\george.exe\BootDrv.vbs
c:\george.exe\c.bat
c:\george.exe\Catch-sub.cmd
c:\george.exe\catchme.cfxxe
c:\george.exe\CCS.bat
c:\george.exe\CF-Script.cmd
c:\george.exe\CF27586.cfxxe
c:\george.exe\CFVersionOld
c:\george.exe\CHCP.bat
c:\george.exe\clsid.c
c:\george.exe\cmd.cfxxe
c:\george.exe\Combobatch.bat
c:\george.exe\ComboFix-Download.cfxxe
c:\george.exe\Create.cmd
c:\george.exe\Creg.dat
c:\george.exe\CregC.cmd
c:\george.exe\CregC.dat
c:\george.exe\CSCRIPT.cfxxe
c:\george.exe\CSet.cmd
c:\george.exe\dd.cfxxe
c:\george.exe\ddsDo.sed
c:\george.exe\DelClsid.bat
c:\george.exe\DelClsid64.bat
c:\george.exe\DesktopFile.cfx
c:\george.exe\DisclaimED.dat
c:\george.exe\DPF.str
c:\george.exe\DrvRun.vbs
c:\george.exe\dumphive.cfxxe
c:\george.exe\embedded.sed
c:\george.exe\en-US\ATTRIB.cfxxe.mui
c:\george.exe\en-US\CF27586.cfxxe.mui
c:\george.exe\en-US\cmd.cfxxe.mui
c:\george.exe\en-US\CSCRIPT.cfxxe.mui
c:\george.exe\en-US\PING.cfxxe.mui
c:\george.exe\en-US\REGT.cfxxe.mui
c:\george.exe\en-US\ROUTE.cfxxe.mui
c:\george.exe\ERDNT.e_e
c:\george.exe\ERDNTDOS.LOC
c:\george.exe\ERDNTWIN.LOC
c:\george.exe\ERUNT.cfxxe
c:\george.exe\ERUNT.LOC
c:\george.exe\Exe.reg
c:\george.exe\extract.cfxxe
c:\george.exe\FavoriteFolder.cfx
c:\george.exe\FavoritesFile.cfx
c:\george.exe\FD-SV.cmd
c:\george.exe\ffdefstr.dll
c:\george.exe\FileKill.cfxxe
c:\george.exe\files.pif
c:\george.exe\Fin.dat
c:\george.exe\FIND3M.bat
c:\george.exe\FIXLSP.bat
c:\george.exe\FKMGen.cmd
c:\george.exe\GetHive.cmd
c:\george.exe\grep.cfxxe
c:\george.exe\gsar.cfxxe
c:\george.exe\handle.cfxxe
c:\george.exe\HDPEInfo.cfxxe
c:\george.exe\hidec.exe
c:\george.exe\history.bat
c:\george.exe\hwid.pif
c:\george.exe\iexplore.exe
c:\george.exe\image001.gif
c:\george.exe\Imefile.dat
c:\george.exe\Install-RC.cmd
c:\george.exe\katch.cmd
c:\george.exe\Kill-All.cmd
c:\george.exe\Lang.bat
c:\george.exe\List-B.bat
c:\george.exe\List-C.bat
c:\george.exe\List-D.bat
c:\george.exe\List.bat
c:\george.exe\lnkread.vbs
c:\george.exe\LocalAppDataFile.cfx
c:\george.exe\LocalAppDataFolder.cfx
c:\george.exe\LocalService.dat
c:\george.exe\LocalServiceNetworkRestricted.dat
c:\george.exe\LocalSettingsFile.cfx
c:\george.exe\LocalSystemNetworkRestricted.dat
c:\george.exe\mbr.cfxxe
c:\george.exe\mbr.chk
c:\george.exe\md5sum.pif
c:\george.exe\MoveIt.bat
c:\george.exe\mtee.cfxxe
c:\george.exe\MtPt00
c:\george.exe\MUI
c:\george.exe\mynul.dat
c:\george.exe\N_\11543
c:\george.exe\N_\1218
c:\george.exe\N_\13054
c:\george.exe\N_\17794
c:\george.exe\N_\18563
c:\george.exe\N_\21631
c:\george.exe\N_\550
c:\george.exe\N_\7136
c:\george.exe\N_\8223
c:\george.exe\N_\9287
c:\george.exe\ncmd.com
c:\george.exe\ND_.bat
c:\george.exe\ND_64.bat
c:\george.exe\ndis_combofix.dat
c:\george.exe\netsvc.bad.dat
c:\george.exe\netsvc.dat
c:\george.exe\netsvc.vista.dat
c:\george.exe\netsvc.xp.dat
c:\george.exe\NetworkService.dat
c:\george.exe\NewCFUser
c:\george.exe\NirCmd.cfxxe
c:\george.exe\NircmdB.exe
c:\george.exe\NirCmdC.cfxxe
c:\george.exe\NIRKMD.cfxxe
c:\george.exe\NlsLanguageDefault
c:\george.exe\NT-OS.cmd
c:\george.exe\NULL
c:\george.exe\OSid.vbs
c:\george.exe\OsVer
c:\george.exe\P.cmd
c:\george.exe\pausep.cfxxe
c:\george.exe\PersonalFile.cfx
c:\george.exe\PersonalFolder.cfx
c:\george.exe\PEV.cfxxe
c:\george.exe\pev.exe
c:\george.exe\pevb.cfxxe
c:\george.exe\PING.cfxxe
c:\george.exe\Policies.dat
c:\george.exe\powp.dat
c:\george.exe\Prep.inf
c:\george.exe\ProfilesFile.cfx
c:\george.exe\ProfilesFolder.cfx
c:\george.exe\ProgramsFile.cfx
c:\george.exe\ProgramsFolder.cfx
c:\george.exe\Purity.dat
c:\george.exe\PV.cfxxe
c:\george.exe\pv.com
c:\george.exe\RBoot.dat
c:\george.exe\RCLink.dat
c:\george.exe\REGDACL.sed
c:\george.exe\RegDo.sed
c:\george.exe\region.dat
c:\george.exe\RegScan.cmd
c:\george.exe\RegScan64.cmd
c:\george.exe\Resident.txt
c:\george.exe\restore_pt.vbs
c:\george.exe\Rkey.cmd
c:\george.exe\rmbr.cfxxe
c:\george.exe\rogues.dat
c:\george.exe\ROUTE.cfxxe
c:\george.exe\run2.sed
c:\george.exe\Rust.str
c:\george.exe\s0rt.cfxxe
c:\george.exe\safeboot.dat
c:\george.exe\safeboot.def.dat
c:\george.exe\safeboot.def.vista.dat
c:\george.exe\Safeboot.def.w7.dat
c:\george.exe\sed.cfxxe
c:\george.exe\SetEnvmt.bat
c:\george.exe\setpath.cfxxe
c:\george.exe\SF.exe
c:\george.exe\sfx.cmd
c:\george.exe\SnapShot.cmd
c:\george.exe\SRestore.cmd
c:\george.exe\srizbi.md5
c:\george.exe\Start_dat
c:\george.exe\StartMenuFile.cfx
c:\george.exe\StartMenuFolder.cfx
c:\george.exe\StartUpFile.cfx
c:\george.exe\SuppScan.cmd
c:\george.exe\svc_wht.dat
c:\george.exe\SvcDrv.vbs
c:\george.exe\svchost.dat
c:\george.exe\svchost.vista.dat
c:\george.exe\svchost.vista.x64.dat
c:\george.exe\svchost.w7.dat
c:\george.exe\svchost.w7.x64.dat
c:\george.exe\SWREG.cfxxe
c:\george.exe\swreg.exe
c:\george.exe\swsc.cfxxe
c:\george.exe\swxcacls.cfxxe
c:\george.exe\system_ini.dat
c:\george.exe\tail.cfxxe
c:\george.exe\TemplatesFile.cfx
c:\george.exe\TemplatesFolder.cfx
c:\george.exe\toolbar.sed
c:\george.exe\Update-CF.cmd
c:\george.exe\VerCF.bat
c:\george.exe\VInfo
c:\george.exe\VInfo2
c:\george.exe\Vipev.dat
c:\george.exe\Vista.krl
c:\george.exe\Vista.mac
c:\george.exe\vistaMcode.dat
c:\george.exe\vistareg.dat
c:\george.exe\VolSnp.dat
c:\george.exe\vun.dat
c:\george.exe\VwinTemp.dacl
c:\george.exe\w_sock.dll
c:\george.exe\w2k_sock.dll
c:\george.exe\w2kreg.dat
c:\george.exe\w7Mcode.dat
c:\george.exe\w7reg.dat
c:\george.exe\Wmi_rem.vbs
c:\george.exe\xpmcode.dat
c:\george.exe\xpreg.dat
c:\george.exe\XPSBoot.reg
c:\george.exe\zDomain.dat
c:\george.exe\zhsvc.dat
c:\george.exe\zip.cfxxe
c:\users\Steve\AppData\Roaming\scdata
c:\users\Steve\AppData\Roaming\scdata\images\i1.gif
c:\users\Steve\AppData\Roaming\scdata\images\i2.gif
c:\users\Steve\AppData\Roaming\scdata\images\i3.gif
c:\users\Steve\AppData\Roaming\scdata\images\j1.gif
c:\users\Steve\AppData\Roaming\scdata\images\j2.gif
c:\users\Steve\AppData\Roaming\scdata\images\j3.gif
c:\users\Steve\AppData\Roaming\scdata\images\jj1.gif
c:\users\Steve\AppData\Roaming\scdata\images\jj2.gif
c:\users\Steve\AppData\Roaming\scdata\images\jj3.gif
c:\users\Steve\AppData\Roaming\scdata\images\l1.gif
c:\users\Steve\AppData\Roaming\scdata\images\l2.gif
c:\users\Steve\AppData\Roaming\scdata\images\l3.gif
c:\users\Steve\AppData\Roaming\scdata\images\pix.gif
c:\users\Steve\AppData\Roaming\scdata\images\t1.gif
c:\users\Steve\AppData\Roaming\scdata\images\t2.gif
c:\users\Steve\AppData\Roaming\scdata\images\Thumbs.db
c:\users\Steve\AppData\Roaming\scdata\images\up1.gif
c:\users\Steve\AppData\Roaming\scdata\images\up2.gif
c:\users\Steve\AppData\Roaming\scdata\images\w1.gif
c:\users\Steve\AppData\Roaming\scdata\images\w11.gif
c:\users\Steve\AppData\Roaming\scdata\images\w2.gif
c:\users\Steve\AppData\Roaming\scdata\images\w3.jpg
c:\users\Steve\AppData\Roaming\scdata\images\word.doc
c:\users\Steve\AppData\Roaming\scdata\images\wt1.gif
c:\users\Steve\AppData\Roaming\scdata\images\wt2.gif
c:\users\Steve\AppData\Roaming\scdata\images\wt3.gif
c:\users\Steve\AppData\Roaming\skynet.dat
c:\users\Steve\GoToAssistDownloadHelper.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :D
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-12 15:06 . 2011-04-12 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-12 13:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 13:39 . 2011-04-12 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 13:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-12 12:03 . 2011-04-12 12:03 -------- d-----w- C:\_OTL
2011-04-10 17:38 . 2011-04-10 17:38 -------- d-----w- C:\Rooter$
2011-04-10 14:55 . 2011-04-12 14:39 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-04-09 19:19 . 2011-04-09 19:19 -------- d-----w- c:\users\Steve\AppData\Roaming\SUPERAntiSpyware.com
2011-04-09 19:19 . 2011-04-09 19:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-09 19:19 . 2011-04-12 12:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-09 18:44 . 2011-04-09 18:44 388096 ----a-r- c:\users\Steve\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-09 13:59 . 2011-04-09 13:59 -------- d-----w- C:\_OTM
2011-04-08 20:05 . 2011-04-08 20:05 -------- d-----w- c:\program files\Trend Micro
2011-04-07 21:51 . 2011-04-07 21:51 -------- d-----w- c:\program files\ERUNT
2011-04-01 16:31 . 2011-03-23 15:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95AC9298-5282-478E-90F5-1331DAE86C48}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-01 16:33 . 2010-04-10 00:00 66560 ----a-w- c:\windows\system32\s2dtconv.dll
2011-04-01 16:33 . 2010-04-10 00:00 24576 ----a-w- c:\windows\system32\Sbtrvd32.dll
2011-02-02 23:11 . 2010-08-12 19:39 222080 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-25 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-25 81920]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-26 23552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-10-02 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-26 30192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2007-09-05 455968]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CO_Mon
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 13:53]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 13:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=2905989R
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 10:06
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3972)
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
.
Completion time: 2011-04-12 10:08:08
ComboFix-quarantined-files.txt 2011-04-12 15:08
.
Pre-Run: 379,873,775,616 bytes free
Post-Run: 379,814,109,184 bytes free
.
- - End Of File - - EF56C0B9533A89E36EFFE9B27BB7CD66


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ELITEGROUP
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: GATEWAY
System Product Name: FX540X
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 161):
0x8203F000 \SystemRoot\system32\ntoskrnl.exe
0x8200C000 \SystemRoot\system32\hal.dll
0x8A801000 \SystemRoot\system32\kdcom.dll
0x8A809000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A869000 \SystemRoot\system32\PSHED.dll
0x8A87A000 \SystemRoot\system32\BOOTVID.dll
0x8A882000 \SystemRoot\system32\CLFS.SYS
0x8A8C3000 \SystemRoot\system32\CI.dll
0x8A9A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA1F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA2C000 \SystemRoot\system32\drivers\acpi.sys
0x8AA72000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8AA7B000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AA83000 \SystemRoot\system32\drivers\pci.sys
0x8AAAA000 \SystemRoot\System32\drivers\partmgr.sys
0x8AAB9000 \SystemRoot\system32\drivers\volmgr.sys
0x8AAC8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AB12000 \SystemRoot\system32\drivers\nvrd32.sys
0x8AB34000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AB55000 \SystemRoot\system32\drivers\pciide.sys
0x8AB5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AB6A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AB7A000 \SystemRoot\system32\drivers\nvraid.sys
0x8AB95000 \SystemRoot\system32\drivers\atapi.sys
0x8AB9D000 \SystemRoot\system32\drivers\ataport.SYS
0x8ABBB000 \SystemRoot\system32\drivers\nvstor32.sys
0x8AC0F000 \SystemRoot\system32\drivers\storport.sys
0x8AC50000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AC82000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC92000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AD03000 \SystemRoot\system32\drivers\ndis.sys
0x8AE0E000 \SystemRoot\system32\drivers\msrpc.sys
0x8AE39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE73000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF5C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B00D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B11C000 \SystemRoot\system32\drivers\wd.sys
0x8B124000 \SystemRoot\system32\drivers\volsnap.sys
0x8B15D000 \SystemRoot\System32\Drivers\spldr.sys
0x8B165000 \SystemRoot\System32\Drivers\mup.sys
0x8B174000 \SystemRoot\System32\drivers\ecache.sys
0x8B19B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B1BF000 \SystemRoot\system32\drivers\disk.sys
0x8B1D0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B23A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B245000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B24E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FC01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B25D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x903DA000 \SystemRoot\System32\drivers\watchdog.sys
0x903E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B2FC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B307000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B312000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B31C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B35A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B369000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B381000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B391000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AF77000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8B39F000 \SystemRoot\system32\drivers\portcls.sys
0x8B3CC000 \SystemRoot\system32\drivers\drmk.sys
0x90400000 \SystemRoot\system32\drivers\ks.sys
0x9042A000 \SystemRoot\system32\drivers\ctoss2k.sys
0x9045F000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x90467000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90483000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x904B1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x904BC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x904D3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x904DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90501000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90510000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90524000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90539000 \SystemRoot\system32\DRIVERS\parport.sys
0x90551000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x905DA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x905EA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x905EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x905F6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90603000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90637000 \SystemRoot\system32\drivers\ha20x2k.sys
0x90759000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9076A000 \SystemRoot\system32\drivers\emupia2k.sys
0x9079A000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x907C3000 \SystemRoot\system32\CTHWIUT.DLL
0x95009000 \SystemRoot\system32\CT20XUT.DLL
0x95035000 \SystemRoot\system32\CTEXFIFX.DLL
0x9517C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x95185000 \SystemRoot\System32\Drivers\Null.SYS
0x9518C000 \SystemRoot\System32\Drivers\Beep.SYS
0x95193000 \SystemRoot\System32\drivers\vga.sys
0x9519F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x951C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x951C8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x951D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x951DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x951E9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x951F2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x95208000 \SystemRoot\system32\DRIVERS\smb.sys
0x9521C000 \SystemRoot\system32\drivers\afd.sys
0x95264000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95296000 \SystemRoot\system32\DRIVERS\pacer.sys
0x952AC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x952BA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x952CD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x952EF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x952F5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x95331000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9533B000 \SystemRoot\system32\drivers\csc.sys
0x95395000 \SystemRoot\System32\Drivers\dfsc.sys
0x953AC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95C0B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95D06000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95D08000 \SystemRoot\system32\drivers\modem.sys
0x95D15000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95D2C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x95D39000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95D43000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95D55000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95D5E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95D6E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95D75000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95D82000 \SystemRoot\System32\Drivers\dump_nvrd32.sys
0x95DA4000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0x95DC5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9A4C0000 \SystemRoot\System32\win32k.sys
0x95DD6000 \SystemRoot\System32\drivers\Dxapi.sys
0x95DE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A6E0000 \SystemRoot\System32\TSDDD.dll
0x95DEF000 \SystemRoot\system32\drivers\luafv.sys
0x9A700000 \SystemRoot\System32\cdd.dll
0x95E0A000 \SystemRoot\system32\drivers\spsys.sys
0x95EB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95EC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95EF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95EFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95F10000 \SystemRoot\system32\drivers\HTTP.sys
0x95F7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95F9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95FB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95FC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x953C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B1D9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95FE8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x907D8000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2C0D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2C5B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA2C64000 \??\C:\Windows\system32\drivers\Haspnt.sys
0xA2C77000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xA2C8C000 \??\C:\Windows\system32\drivers\hardlock.sys
0xA2D34000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2D5C000 \SystemRoot\system32\drivers\peauth.sys
0xA2E3A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2E44000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2E50000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA2E65000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA2E77000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xA2E94000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xA2E96000 \??\C:\Users\Steve\AppData\Local\Temp\catchme.sys
0x77A40000 \Windows\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
528 csrss.exe
576 csrss.exe
584 C:\Windows\System32\wininit.exe
624 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\winlogon.exe
1124 C:\Windows\System32\audiodg.exe
1188 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\taskeng.exe
1760 C:\Windows\System32\spoolsv.exe
1788 C:\Windows\System32\svchost.exe
220 C:\Windows\System32\taskeng.exe
1968 C:\Windows\System32\svchost.exe
2052 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2088 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2112 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2168 C:\Windows\System32\svchost.exe
2204 C:\Windows\System32\svchost.exe
2256 C:\Windows\System32\SearchIndexer.exe
2620 WUDFHost.exe
3088 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3112 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3132 C:\Program Files\Spare Backup\SpareBackup.exe
3220 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
3336 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3400 C:\Windows\System32\CTxfispi.exe
3492 C:\Windows\ehome\ehtray.exe
3516 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3572 C:\Windows\ehome\ehmsas.exe
3624 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3872 C:\Windows\System32\mobsync.exe
2352 WmiPrvSE.exe
3540 C:\Program Files\Windows Media Player\wmpnetwk.exe
3108 C:\Windows\System32\wuauclt.exe
3916 C:\Windows\System32\dwm.exe
3972 C:\Windows\explorer.exe
1572 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1268 C:\Program Files\Internet Explorer\iexplore.exe
4036 C:\Program Files\Internet Explorer\iexplore.exe
3032 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3344 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
3544 C:\Windows\System32\SearchProtocolHost.exe
3528 C:\Windows\System32\SearchFilterHost.exe
3036 C:\Windows\System32\SearchProtocolHost.exe
3936 dllhost.exe
3208 dllhost.exe
3660 C:\Users\Steve\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ba232000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: NVIDIASTRIPE 465.76G, Rev:

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0


after running combofix it seems like it fixed it.when i ran combofix it had to reboot and when it restarted it had an error that said c:\windows\erdnt\autobackup\4-12-2011\ernt.inf below that it read registry back up will continue but no restore information for the erdnt program will be saved.this means that later restoration of the registry can only be done manually by using another os to copy back the files.

is this normal or do i need to copy some files from another computer?
  • 0

#4
RKinner
Posted 12 April 2011 - 02:23 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Yes, the OTL took out a lot of it and Combofix removed the last of it:

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

I'm not too worried about the error message. It's just something Combofix uses to allow you to undo its changes and we won't need it.

Could you repost the mbrcheck log and also the TDSSKiller log?


Ron
  • 0

#5
spr1980
Posted 12 April 2011 - 02:28 PM

spr1980

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
sorry forgot the tdsskiller log

2011/04/12 10:13:24.0494 3900 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 10:13:24.0712 3900 ================================================================================
2011/04/12 10:13:24.0712 3900 SystemInfo:
2011/04/12 10:13:24.0712 3900
2011/04/12 10:13:24.0712 3900 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/12 10:13:24.0712 3900 Product type: Workstation
2011/04/12 10:13:24.0712 3900 ComputerName: STEVE-PC
2011/04/12 10:13:24.0712 3900 UserName: Steve
2011/04/12 10:13:24.0712 3900 Windows directory: C:\Windows
2011/04/12 10:13:24.0712 3900 System windows directory: C:\Windows
2011/04/12 10:13:24.0712 3900 Processor architecture: Intel x86
2011/04/12 10:13:24.0712 3900 Number of processors: 4
2011/04/12 10:13:24.0712 3900 Page size: 0x1000
2011/04/12 10:13:24.0712 3900 Boot type: Normal boot
2011/04/12 10:13:24.0712 3900 ================================================================================
2011/04/12 10:13:24.0962 3900 Initialize success
2011/04/12 10:13:28.0425 3504 ================================================================================
2011/04/12 10:13:28.0425 3504 Scan started
2011/04/12 10:13:28.0425 3504 Mode: Manual;
2011/04/12 10:13:28.0425 3504 ================================================================================
2011/04/12 10:13:28.0784 3504 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/12 10:13:28.0846 3504 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 10:13:28.0878 3504 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 10:13:28.0924 3504 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 10:13:28.0956 3504 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 10:13:29.0034 3504 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/12 10:13:29.0096 3504 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/12 10:13:29.0190 3504 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 10:13:29.0236 3504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 10:13:29.0268 3504 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 10:13:29.0283 3504 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 10:13:29.0314 3504 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/12 10:13:29.0346 3504 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 10:13:29.0377 3504 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/12 10:13:29.0424 3504 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 10:13:29.0455 3504 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 10:13:29.0486 3504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 10:13:29.0502 3504 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/12 10:13:29.0595 3504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 10:13:29.0642 3504 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 10:13:29.0658 3504 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 10:13:29.0689 3504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 10:13:29.0720 3504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 10:13:29.0751 3504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 10:13:29.0767 3504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 10:13:29.0782 3504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 10:13:29.0798 3504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/12 10:13:29.0829 3504 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 10:13:29.0954 3504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 10:13:29.0985 3504 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 10:13:30.0016 3504 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 10:13:30.0048 3504 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/12 10:13:30.0063 3504 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 10:13:30.0110 3504 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/12 10:13:30.0126 3504 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 10:13:30.0141 3504 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 10:13:30.0204 3504 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/04/12 10:13:30.0266 3504 CT20XUT.DLL (633e415c47949bc4e42103de1d2068f6) C:\Windows\system32\CT20XUT.DLL
2011/04/12 10:13:30.0297 3504 ctac32k (86d4b0f60a358f1db9af3183893b670b) C:\Windows\system32\drivers\ctac32k.sys
2011/04/12 10:13:30.0344 3504 ctaud2k (17cffc32f44bbf401d85b42772ca46ae) C:\Windows\system32\drivers\ctaud2k.sys
2011/04/12 10:13:30.0391 3504 CTEXFIFX.DLL (76576132d1f02ec39a59d27c9fcc20ae) C:\Windows\system32\CTEXFIFX.DLL
2011/04/12 10:13:30.0422 3504 CTHWIUT.DLL (c11d4c293368c4b1c512b07bf88c9ce1) C:\Windows\system32\CTHWIUT.DLL
2011/04/12 10:13:30.0453 3504 ctprxy2k (b491a1e25b84f7956d1f760c3df89323) C:\Windows\system32\drivers\ctprxy2k.sys
2011/04/12 10:13:30.0469 3504 ctsfm2k (e6c74f946428486999456abb199b9509) C:\Windows\system32\drivers\ctsfm2k.sys
2011/04/12 10:13:30.0531 3504 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 10:13:30.0578 3504 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/12 10:13:30.0640 3504 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 10:13:30.0672 3504 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 10:13:30.0718 3504 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 10:13:30.0734 3504 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/12 10:13:30.0796 3504 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 10:13:30.0828 3504 emupia (cc99ded21d8c9043da12a02f641a9b25) C:\Windows\system32\drivers\emupia2k.sys
2011/04/12 10:13:30.0843 3504 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 10:13:30.0952 3504 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/12 10:13:30.0968 3504 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 10:13:31.0015 3504 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 10:13:31.0046 3504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 10:13:31.0077 3504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 10:13:31.0124 3504 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 10:13:31.0171 3504 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 10:13:31.0186 3504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 10:13:31.0233 3504 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/12 10:13:31.0249 3504 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 10:13:31.0374 3504 ha20x2k (f32150b22660543813719a77c366e522) C:\Windows\system32\drivers\ha20x2k.sys
2011/04/12 10:13:31.0436 3504 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\Windows\system32\drivers\hardlock.sys
2011/04/12 10:13:31.0483 3504 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
2011/04/12 10:13:31.0498 3504 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\drivers\hdaudbus.sys
2011/04/12 10:13:31.0530 3504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 10:13:31.0561 3504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 10:13:31.0608 3504 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 10:13:31.0654 3504 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 10:13:31.0701 3504 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 10:13:31.0748 3504 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 10:13:31.0795 3504 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 10:13:31.0826 3504 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 10:13:31.0873 3504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 10:13:31.0904 3504 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 10:13:31.0935 3504 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 10:13:31.0982 3504 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 10:13:32.0013 3504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 10:13:32.0044 3504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 10:13:32.0076 3504 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 10:13:32.0107 3504 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 10:13:32.0138 3504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 10:13:32.0169 3504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 10:13:32.0200 3504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 10:13:32.0232 3504 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/12 10:13:32.0278 3504 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 10:13:32.0325 3504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 10:13:32.0372 3504 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 10:13:32.0403 3504 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 10:13:32.0434 3504 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 10:13:32.0466 3504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 10:13:32.0497 3504 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 10:13:32.0544 3504 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 10:13:32.0575 3504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 10:13:32.0606 3504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 10:13:32.0668 3504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 10:13:32.0700 3504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 10:13:32.0715 3504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 10:13:32.0731 3504 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 10:13:32.0762 3504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 10:13:32.0793 3504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 10:13:32.0809 3504 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 10:13:32.0840 3504 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 10:13:32.0887 3504 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 10:13:32.0902 3504 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 10:13:32.0918 3504 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/12 10:13:32.0949 3504 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 10:13:32.0996 3504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 10:13:33.0027 3504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 10:13:33.0058 3504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 10:13:33.0074 3504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 10:13:33.0105 3504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 10:13:33.0136 3504 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 10:13:33.0168 3504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 10:13:33.0199 3504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 10:13:33.0214 3504 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 10:13:33.0261 3504 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 10:13:33.0292 3504 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/04/12 10:13:33.0308 3504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 10:13:33.0339 3504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 10:13:33.0355 3504 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 10:13:33.0386 3504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 10:13:33.0402 3504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 10:13:33.0433 3504 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 10:13:33.0480 3504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 10:13:33.0495 3504 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 10:13:33.0526 3504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 10:13:33.0573 3504 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 10:13:33.0604 3504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 10:13:33.0636 3504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 10:13:33.0838 3504 nvlddmkm (d3925a4dd80adb9ad1f01ffb89ef7cc5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 10:13:33.0916 3504 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 10:13:33.0948 3504 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
2011/04/12 10:13:33.0979 3504 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 10:13:34.0010 3504 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
2011/04/12 10:13:34.0026 3504 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 10:13:34.0104 3504 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/12 10:13:34.0150 3504 ossrv (2f737fddc278b3e2afad7823ff868cbe) C:\Windows\system32\drivers\ctoss2k.sys
2011/04/12 10:13:34.0197 3504 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/12 10:13:34.0228 3504 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 10:13:34.0244 3504 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/12 10:13:34.0260 3504 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/12 10:13:34.0291 3504 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/12 10:13:34.0306 3504 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 10:13:34.0369 3504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 10:13:34.0431 3504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 10:13:34.0447 3504 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/12 10:13:34.0525 3504 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 10:13:34.0572 3504 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 10:13:34.0603 3504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 10:13:34.0634 3504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 10:13:34.0650 3504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 10:13:34.0681 3504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 10:13:34.0696 3504 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 10:13:34.0728 3504 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 10:13:34.0743 3504 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 10:13:34.0774 3504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 10:13:34.0790 3504 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/12 10:13:34.0806 3504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 10:13:34.0852 3504 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 10:13:34.0884 3504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 10:13:34.0915 3504 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/12 10:13:35.0008 3504 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/12 10:13:35.0040 3504 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/12 10:13:35.0071 3504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 10:13:35.0118 3504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 10:13:35.0180 3504 Sentinel (95a26d5d8ceda33377af627dafc2796f) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/04/12 10:13:35.0211 3504 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/12 10:13:35.0242 3504 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/12 10:13:35.0258 3504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 10:13:35.0305 3504 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 10:13:35.0336 3504 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 10:13:35.0352 3504 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 10:13:35.0367 3504 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 10:13:35.0398 3504 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 10:13:35.0430 3504 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 10:13:35.0461 3504 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 10:13:35.0492 3504 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 10:13:35.0523 3504 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2011/04/12 10:13:35.0539 3504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 10:13:35.0601 3504 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 10:13:35.0648 3504 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 10:13:35.0695 3504 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 10:13:35.0742 3504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 10:13:35.0757 3504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 10:13:35.0788 3504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 10:13:35.0804 3504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 10:13:35.0882 3504 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 10:13:35.0929 3504 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 10:13:35.0944 3504 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 10:13:35.0976 3504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 10:13:36.0007 3504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 10:13:36.0038 3504 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 10:13:36.0054 3504 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 10:13:36.0100 3504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 10:13:36.0147 3504 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 10:13:36.0194 3504 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 10:13:36.0241 3504 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 10:13:36.0272 3504 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 10:13:36.0303 3504 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 10:13:36.0319 3504 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 10:13:36.0366 3504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 10:13:36.0381 3504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 10:13:36.0412 3504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 10:13:36.0475 3504 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 10:13:36.0490 3504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 10:13:36.0506 3504 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 10:13:36.0522 3504 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 10:13:36.0553 3504 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/12 10:13:36.0568 3504 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 10:13:36.0600 3504 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 10:13:36.0631 3504 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 10:13:36.0646 3504 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 10:13:36.0693 3504 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 10:13:36.0724 3504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 10:13:36.0740 3504 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 10:13:36.0756 3504 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 10:13:36.0787 3504 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 10:13:36.0802 3504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 10:13:36.0834 3504 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 10:13:36.0896 3504 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 10:13:36.0912 3504 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 10:13:36.0958 3504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 10:13:36.0990 3504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 10:13:36.0990 3504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 10:13:37.0021 3504 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 10:13:37.0052 3504 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 10:13:37.0130 3504 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/12 10:13:37.0177 3504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 10:13:37.0224 3504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 10:13:37.0333 3504 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\CyberLink\PowerDVD\000.fcl
2011/04/12 10:13:37.0380 3504 ================================================================================
2011/04/12 10:13:37.0380 3504 Scan finished
2011/04/12 10:13:37.0380 3504 ================================================================================






MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ELITEGROUP
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: GATEWAY
System Product Name: FX540X
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 161):
0x8203F000 \SystemRoot\system32\ntoskrnl.exe
0x8200C000 \SystemRoot\system32\hal.dll
0x8A801000 \SystemRoot\system32\kdcom.dll
0x8A809000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A869000 \SystemRoot\system32\PSHED.dll
0x8A87A000 \SystemRoot\system32\BOOTVID.dll
0x8A882000 \SystemRoot\system32\CLFS.SYS
0x8A8C3000 \SystemRoot\system32\CI.dll
0x8A9A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA1F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA2C000 \SystemRoot\system32\drivers\acpi.sys
0x8AA72000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8AA7B000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AA83000 \SystemRoot\system32\drivers\pci.sys
0x8AAAA000 \SystemRoot\System32\drivers\partmgr.sys
0x8AAB9000 \SystemRoot\system32\drivers\volmgr.sys
0x8AAC8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AB12000 \SystemRoot\system32\drivers\nvrd32.sys
0x8AB34000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AB55000 \SystemRoot\system32\drivers\pciide.sys
0x8AB5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AB6A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AB7A000 \SystemRoot\system32\drivers\nvraid.sys
0x8AB95000 \SystemRoot\system32\drivers\atapi.sys
0x8AB9D000 \SystemRoot\system32\drivers\ataport.SYS
0x8ABBB000 \SystemRoot\system32\drivers\nvstor32.sys
0x8AC0F000 \SystemRoot\system32\drivers\storport.sys
0x8AC50000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AC82000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC92000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AD03000 \SystemRoot\system32\drivers\ndis.sys
0x8AE0E000 \SystemRoot\system32\drivers\msrpc.sys
0x8AE39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE73000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF5C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B00D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B11C000 \SystemRoot\system32\drivers\wd.sys
0x8B124000 \SystemRoot\system32\drivers\volsnap.sys
0x8B15D000 \SystemRoot\System32\Drivers\spldr.sys
0x8B165000 \SystemRoot\System32\Drivers\mup.sys
0x8B174000 \SystemRoot\System32\drivers\ecache.sys
0x8B19B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B1BF000 \SystemRoot\system32\drivers\disk.sys
0x8B1D0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B23A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B245000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B24E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FC01000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B25D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x903DA000 \SystemRoot\System32\drivers\watchdog.sys
0x903E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B2FC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B307000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B312000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B31C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B35A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B369000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B381000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B391000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AF77000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8B39F000 \SystemRoot\system32\drivers\portcls.sys
0x8B3CC000 \SystemRoot\system32\drivers\drmk.sys
0x90400000 \SystemRoot\system32\drivers\ks.sys
0x9042A000 \SystemRoot\system32\drivers\ctoss2k.sys
0x9045F000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x90467000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90483000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x904B1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x904BC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x904D3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x904DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90501000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90510000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90524000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90539000 \SystemRoot\system32\DRIVERS\parport.sys
0x90551000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x905DA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x905EA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x905EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x905F6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90603000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90637000 \SystemRoot\system32\drivers\ha20x2k.sys
0x90759000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9076A000 \SystemRoot\system32\drivers\emupia2k.sys
0x9079A000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x907C3000 \SystemRoot\system32\CTHWIUT.DLL
0x95009000 \SystemRoot\system32\CT20XUT.DLL
0x95035000 \SystemRoot\system32\CTEXFIFX.DLL
0x9517C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x95185000 \SystemRoot\System32\Drivers\Null.SYS
0x9518C000 \SystemRoot\System32\Drivers\Beep.SYS
0x95193000 \SystemRoot\System32\drivers\vga.sys
0x9519F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x951C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x951C8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x951D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x951DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x951E9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x951F2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x95208000 \SystemRoot\system32\DRIVERS\smb.sys
0x9521C000 \SystemRoot\system32\drivers\afd.sys
0x95264000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95296000 \SystemRoot\system32\DRIVERS\pacer.sys
0x952AC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x952BA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x952CD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x952EF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x952F5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x95331000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9533B000 \SystemRoot\system32\drivers\csc.sys
0x95395000 \SystemRoot\System32\Drivers\dfsc.sys
0x953AC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95C0B000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95D06000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95D08000 \SystemRoot\system32\drivers\modem.sys
0x95D15000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95D2C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x95D39000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95D43000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95D55000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95D5E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95D6E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95D75000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95D82000 \SystemRoot\System32\Drivers\dump_nvrd32.sys
0x95DA4000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0x95DC5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9A4C0000 \SystemRoot\System32\win32k.sys
0x95DD6000 \SystemRoot\System32\drivers\Dxapi.sys
0x95DE0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A6E0000 \SystemRoot\System32\TSDDD.dll
0x95DEF000 \SystemRoot\system32\drivers\luafv.sys
0x9A700000 \SystemRoot\System32\cdd.dll
0x95E0A000 \SystemRoot\system32\drivers\spsys.sys
0x95EB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95EC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95EF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95EFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95F10000 \SystemRoot\system32\drivers\HTTP.sys
0x95F7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95F9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95FB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95FC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x953C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B1D9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95FE8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x907D8000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2C0D000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2C5B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA2C64000 \??\C:\Windows\system32\drivers\Haspnt.sys
0xA2C77000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xA2C8C000 \??\C:\Windows\system32\drivers\hardlock.sys
0xA2D34000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2D5C000 \SystemRoot\system32\drivers\peauth.sys
0xA2E3A000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2E44000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2E50000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA2E65000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA2E77000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0xA2E94000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xA2E96000 \??\C:\Users\Steve\AppData\Local\Temp\catchme.sys
0x77A40000 \Windows\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
528 csrss.exe
576 csrss.exe
584 C:\Windows\System32\wininit.exe
624 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\winlogon.exe
1124 C:\Windows\System32\audiodg.exe
1188 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\taskeng.exe
1760 C:\Windows\System32\spoolsv.exe
1788 C:\Windows\System32\svchost.exe
220 C:\Windows\System32\taskeng.exe
1968 C:\Windows\System32\svchost.exe
2052 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2088 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2112 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2168 C:\Windows\System32\svchost.exe
2204 C:\Windows\System32\svchost.exe
2256 C:\Windows\System32\SearchIndexer.exe
2620 WUDFHost.exe
3088 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3112 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3132 C:\Program Files\Spare Backup\SpareBackup.exe
3220 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
3336 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3400 C:\Windows\System32\CTxfispi.exe
3492 C:\Windows\ehome\ehtray.exe
3516 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3572 C:\Windows\ehome\ehmsas.exe
3624 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3872 C:\Windows\System32\mobsync.exe
2352 WmiPrvSE.exe
3540 C:\Program Files\Windows Media Player\wmpnetwk.exe
3108 C:\Windows\System32\wuauclt.exe
3916 C:\Windows\System32\dwm.exe
3972 C:\Windows\explorer.exe
1572 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1268 C:\Program Files\Internet Explorer\iexplore.exe
4036 C:\Program Files\Internet Explorer\iexplore.exe
3032 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3344 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
3544 C:\Windows\System32\SearchProtocolHost.exe
3528 C:\Windows\System32\SearchFilterHost.exe
3036 C:\Windows\System32\SearchProtocolHost.exe
3936 dllhost.exe
3208 dllhost.exe
3660 C:\Users\Steve\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ba232000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: NVIDIASTRIPE 465.76G, Rev:

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0
  • 0

#6
RKinner
Posted 12 April 2011 - 05:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Could you run mbrcheck again? There are about two lines missing from the end of it.

Are you seeing any more redirectes or hearing any more commercials?

Ron
  • 0

#7
spr1980
Posted 13 April 2011 - 06:57 AM

spr1980

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I ran mbrcheck again. It won't let me close the program. i had to shut the computer off the last time to close it.

No, the redirects have stopped and so have the commercials. The computer seems to be running fine.

Here is the log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ELITEGROUP
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: GATEWAY
System Product Name: FX540X
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 160):
0x82040000 \SystemRoot\system32\ntoskrnl.exe
0x8200D000 \SystemRoot\system32\hal.dll
0x8A809000 \SystemRoot\system32\kdcom.dll
0x8A811000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A871000 \SystemRoot\system32\PSHED.dll
0x8A882000 \SystemRoot\system32\BOOTVID.dll
0x8A88A000 \SystemRoot\system32\CLFS.SYS
0x8A8CB000 \SystemRoot\system32\CI.dll
0x8A9AB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA27000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA34000 \SystemRoot\system32\drivers\acpi.sys
0x8AA7A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8AA83000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AA8B000 \SystemRoot\system32\drivers\pci.sys
0x8AAB2000 \SystemRoot\System32\drivers\partmgr.sys
0x8AAC1000 \SystemRoot\system32\drivers\volmgr.sys
0x8AAD0000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AB1A000 \SystemRoot\system32\drivers\nvrd32.sys
0x8AB3C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AB5D000 \SystemRoot\system32\drivers\pciide.sys
0x8AB64000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AB72000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AB82000 \SystemRoot\system32\drivers\nvraid.sys
0x8AB9D000 \SystemRoot\system32\drivers\atapi.sys
0x8ABA5000 \SystemRoot\system32\drivers\ataport.SYS
0x8ABC3000 \SystemRoot\system32\drivers\nvstor32.sys
0x8AC03000 \SystemRoot\system32\drivers\storport.sys
0x8AC44000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AC76000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AC86000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8ACF7000 \SystemRoot\system32\drivers\ndis.sys
0x8AE02000 \SystemRoot\system32\drivers\msrpc.sys
0x8AE2D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE67000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF50000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B00F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B11E000 \SystemRoot\system32\drivers\wd.sys
0x8B126000 \SystemRoot\system32\drivers\volsnap.sys
0x8B15F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B167000 \SystemRoot\System32\Drivers\mup.sys
0x8B176000 \SystemRoot\System32\drivers\ecache.sys
0x8B19D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B1C1000 \SystemRoot\system32\drivers\disk.sys
0x8B1D2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B23C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B247000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B250000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FC0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8B25F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x903E6000 \SystemRoot\System32\drivers\watchdog.sys
0x8B2FE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x903F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B311000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B31B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B359000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B368000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B380000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B390000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AF6B000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8B39E000 \SystemRoot\system32\drivers\portcls.sys
0x8B3CB000 \SystemRoot\system32\drivers\drmk.sys
0x90807000 \SystemRoot\system32\drivers\ks.sys
0x90831000 \SystemRoot\system32\drivers\ctoss2k.sys
0x90866000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x9086E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x9088A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x908B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x908C3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x908DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x908E5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90908000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90917000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9092B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90940000 \SystemRoot\system32\DRIVERS\parport.sys
0x90958000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x909E1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x909F1000 \SystemRoot\system32\DRIVERS\swenum.sys
0x909F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x909FD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90A0A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90A3E000 \SystemRoot\system32\drivers\ha20x2k.sys
0x90B60000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90B71000 \SystemRoot\system32\drivers\emupia2k.sys
0x90BA1000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x90BCA000 \SystemRoot\system32\CTHWIUT.DLL
0x95404000 \SystemRoot\system32\CT20XUT.DLL
0x95430000 \SystemRoot\system32\CTEXFIFX.DLL
0x95577000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x95580000 \SystemRoot\System32\Drivers\Null.SYS
0x95587000 \SystemRoot\System32\Drivers\Beep.SYS
0x9558E000 \SystemRoot\System32\drivers\vga.sys
0x9559A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x955BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x955C3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x955CB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x955D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x955E4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x955ED000 \SystemRoot\system32\DRIVERS\tdx.sys
0x95603000 \SystemRoot\system32\DRIVERS\smb.sys
0x95617000 \SystemRoot\system32\drivers\afd.sys
0x9565F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95691000 \SystemRoot\system32\DRIVERS\pacer.sys
0x956A7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x956B5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x956C8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x956EA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x956F0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9572C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x95736000 \SystemRoot\system32\drivers\csc.sys
0x95790000 \SystemRoot\System32\Drivers\dfsc.sys
0x957A7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95C0F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95D0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95D0C000 \SystemRoot\system32\drivers\modem.sys
0x95D19000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95D30000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x95D3D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95D47000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95D59000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95D62000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95D72000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95D79000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95D86000 \SystemRoot\System32\Drivers\dump_nvrd32.sys
0x95DA8000 \SystemRoot\System32\Drivers\dump_CLASSPNP.SYS
0x95DC9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99880000 \SystemRoot\System32\win32k.sys
0x95DDA000 \SystemRoot\System32\drivers\Dxapi.sys
0x95DE4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99AA0000 \SystemRoot\System32\TSDDD.dll
0x95DF3000 \SystemRoot\system32\drivers\luafv.sys
0x99AC0000 \SystemRoot\System32\cdd.dll
0x95E0E000 \SystemRoot\system32\drivers\spsys.sys
0x95EBD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95ECD000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95EF7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95F01000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95F14000 \SystemRoot\system32\drivers\HTTP.sys
0x95F81000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95F9E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95FB7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95FCC000 \SystemRoot\system32\drivers\mrxdav.sys
0x957BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B1DB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x957DC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8B214000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2403000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2451000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA245A000 \??\C:\Windows\system32\drivers\Haspnt.sys
0xA246D000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0xA2482000 \??\C:\Windows\system32\drivers\hardlock.sys
0xA252A000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA2552000 \SystemRoot\system32\drivers\peauth.sys
0xA2630000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA263A000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2646000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA265B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA266D000 \??\C:\Program Files\CyberLink\PowerDVD\000.fcl
0x99AD0000 \SystemRoot\System32\ATMFD.DLL
0x777F0000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
528 csrss.exe
576 C:\Windows\System32\wininit.exe
588 csrss.exe
620 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\winlogon.exe
1108 C:\Windows\System32\audiodg.exe
1140 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\SLsvc.exe
1232 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\taskeng.exe
1704 C:\Windows\System32\spoolsv.exe
1728 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\rundll32.exe
1992 C:\Windows\System32\taskeng.exe
2056 C:\Windows\System32\svchost.exe
2068 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
2096 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2112 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
2160 C:\Windows\System32\svchost.exe
2220 C:\Windows\System32\svchost.exe
2268 C:\Windows\System32\SearchIndexer.exe
2712 WUDFHost.exe
3000 C:\Windows\System32\dwm.exe
3040 C:\Windows\explorer.exe
3132 C:\Windows\System32\rundll32.exe
3140 C:\Windows\System32\Ctxfihlp.exe
3148 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3164 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3196 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3204 C:\Program Files\Spare Backup\SpareBackup.exe
3248 C:\Windows\System32\rundll32.exe
3296 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
3372 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3436 C:\Windows\System32\CTxfispi.exe
3472 C:\Windows\ehome\ehtray.exe
3528 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3556 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3572 C:\Windows\ehome\ehmsas.exe
3624 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3900 C:\Windows\System32\mobsync.exe
4484 C:\Program Files\Windows Media Player\wmpnetwk.exe
4952 C:\Windows\System32\wuauclt.exe
2848 C:\Program Files\AutoCAD LT 2009\acadlt.exe
5544 C:\Users\Steve\AppData\Local\Temp\AdskCleanup.0001
2492 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
3596 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
228 C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
6016 C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
172 C:\Program Files\Internet Explorer\iexplore.exe
4172 C:\Program Files\Internet Explorer\iexplore.exe
2936 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
5444 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
3192 taskeng.exe
1120 dllhost.exe
852 dllhost.exe
508 C:\Users\Steve\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ba232000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: NVIDIASTRIPE 465.76G, Rev:

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0
  • 0

#8
RKinner
Posted 13 April 2011 - 07:25 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
First time I have seen MBRCheck hang. Normally it just zooms through. I'll report it to the author. I think it's probably just because you have some sort of RAID configuration of the drive that it's not used to.

Since the problem is gone I won't worry about it.

We need to clean up System Restore. The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


You do not have the latest Java (Java™ 6 Update 24 or so). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password!

Ron
  • 0

#9
spr1980
Posted 13 April 2011 - 11:06 AM

spr1980

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for all the help. Its nice to know there are people willing to help for the sake of helping. I still can't believe the quick response and detail that you provided.I would not expect that from someone volunteering their time especially in this day where time is so hard to come by. People like you make it easier to take that there are complete jerks out there who have nothing better to do than to try and cause others grief.

Thanks again for your time and expertise,

Steve
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP