Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirection virus (possible tdss)

Started by Harris39 , Jul 05 2011 06:56 PM

  • Please log in to reply

#1
Harris39
Posted 05 July 2011 - 06:56 PM

Harris39

    New Member

  • Member
  • Pip
  • 3 posts
I've had tdl3 in the past on another desktop, and the only lesson I learned was to let the pros take care of it cause the more you muck with it the worse it gets!
This is a windows vista sp2 machine, ie8 as default browser.
Symptoms:

Clicking links in google redirects me to random sites.
Copy pasting links like "www.malwarebytes.org/mbam-download.php" also results in a redirect.
There was no antivirus on this machine to begin with, nor is there now.
conhost.exe is present at C:\Users\Stan\AppData\Roaming\Microsoft\conhost.exe
The cursor turns into an hourglass for a split second every time I type a character.

To be honest I really hope it's not tdss, but anyways:
Thanks in advance.


OTL quickscan is as follows:

OTL logfile created on: 7/5/2011 7:39:02 PM - Run 1
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\Stan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 225.23 Mb Available Physical Memory | 25.20% Memory free
2.01 Gb Paging File | 1.16 Gb Available in Paging File | 57.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.41 Gb Total Space | 166.69 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive D: | 7.68 Gb Total Space | 0.31 Gb Free Space | 4.02% Space Free | Partition Type: NTFS
Drive F: | 142.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: STAN-PC | User Name: Stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 19:38:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
PRC - [2011/07/05 14:20:55 | 000,171,008 | ---- | M] () -- C:\Users\Stan\AppData\Roaming\Microsoft\conhost.exe
PRC - [2011/07/05 14:20:50 | 000,175,616 | ---- | M] () -- C:\Users\Stan\AppData\Local\Temp\csrss.exe
PRC - [2011/07/05 14:19:53 | 000,179,200 | ---- | M] () -- C:\Users\Stan\AppData\Roaming\dwm.exe
PRC - [2011/05/25 01:09:08 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/05/25 01:09:07 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/05/25 01:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2007/08/06 19:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2002/02/14 18:13:22 | 000,323,584 | ---- | M] () -- C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 19:38:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (OFIRQ)
SRV - File not found [On_Demand | Stopped] -- -- (MQCXTUGZE)
SRV - File not found [On_Demand | Stopped] -- -- (GJDG)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/05/25 01:09:06 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/25 01:09:05 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/12/18 06:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/06/25 23:02:27 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/14 01:15:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/05/08 06:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 06:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/06 19:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/03 12:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2001/07/23 06:31:36 | 000,021,616 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Pstrip.sys -- (PStrip)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63576

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKLM\software\mozilla\lolifox 0.3.6\extensions\\Components: M:\PortableApps\lolfox\components
FF - HKLM\software\mozilla\lolifox 0.3.6\extensions\\Plugins: M:\PortableApps\lolfox\plugins
FF - HKCU\software\mozilla\lolifox 0.3.6\extensions\\Components: M:\PortableApps\lolfox\components
FF - HKCU\software\mozilla\lolifox 0.3.6\extensions\\Plugins: M:\PortableApps\lolfox\plugins

[2009/07/19 14:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stan\AppData\Roaming\Mozilla\Extensions
File not found (No name found) -- M:\PORTABLEAPPS\LOLFOX\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- M:\PORTABLEAPPS\LOLFOX\EXTENSIONS\{F0B6E3F9-ECD1-40B6-A25F-5C3FF68FB079}
File not found (No name found) -- M:\PORTABLEAPPS\LOLFOX\EXTENSIONS\[email protected]

O1 HOSTS File: ([2010/07/25 09:22:35 | 000,000,840 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 webkinz.com
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [conhost] C:\Users\Stan\AppData\Roaming\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\Stan\AppData\Local\Temp\csrss.exe) - C:\Users\Stan\AppData\Local\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Stan\AppData\Roaming\dwm.exe) - C:\Users\Stan\AppData\Roaming\dwm.exe ()
O24 - Desktop WallPaper: C:\Users\Stan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Stan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/27 19:32:15 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/02/12 05:23:58 | 000,397,312 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/12/06 20:31:32 | 000,000,042 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2d20af46-2c61-11de-9204-001921ca71e5}\Shell - "" = AutoRun
O33 - MountPoints2\{2d20af46-2c61-11de-9204-001921ca71e5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3978443e-2312-11de-9bc6-001921ca71e5}\Shell - "" = AutoRun
O33 - MountPoints2\{3978443e-2312-11de-9bc6-001921ca71e5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- [2002/02/12 05:23:58 | 000,397,312 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\files\Contraptions.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe
O33 - MountPoints2\N\Shell\dinstall\command - "" = N:\Quake3\directx7\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/05 19:38:40 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
[2011/07/05 11:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/07/05 11:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/07/05 11:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/07/05 09:15:02 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{A718C9E5-A443-42D5-8257-083550141198}
[2011/07/04 10:47:15 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{667161F0-3852-46D7-A482-8A647554D46F}
[2011/07/03 09:43:45 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{252B3167-3423-4D5A-8B82-2B66A9BF2606}
[2011/07/02 13:00:48 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Roaming\NVIDIA
[2011/07/02 12:56:11 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/07/02 12:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/07/02 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/07/02 09:59:46 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{BA7F24B3-180A-4BBA-83EC-7D9C0677CF17}
[2011/07/01 09:24:55 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{2AA811E1-ACF8-4A18-9D95-C66292BE9D5C}
[2011/06/30 18:42:35 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{4B6E3C01-56BD-4F13-B4F3-3EBD56A82034}
[2011/06/29 06:44:28 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{DF245DF4-42A3-4008-A83F-214CEFAA29B6}
[2011/06/28 11:13:58 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{9C99D98A-452B-4E6A-835E-D8EA07D54F97}
[2011/06/27 21:08:20 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{B27F0836-BBC6-41BE-9C1C-90540ACDCD69}
[2011/06/27 09:07:42 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{03753FE5-550F-4904-A2B1-BC168885A2BF}
[2011/06/26 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{67ADFE7B-F13F-4E3D-B3D6-45701009A323}
[2011/06/25 12:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/06/25 12:44:16 | 000,000,000 | ---D | C] -- C:\GameHouse Games
[2011/06/25 12:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
[2011/06/25 12:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2011/06/25 12:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap
[2011/06/25 09:33:30 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{6653E87D-183D-40C2-A5C8-7A6821855ABC}
[2011/06/24 22:12:11 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/06/24 21:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/06/24 21:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\PowerStrip
[2011/06/24 21:32:35 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{AF9BE431-0F4D-412E-94D7-272756F46562}
[2011/06/24 09:31:51 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{A182F070-E03B-4C90-93C9-C556D5617478}
[2011/06/23 09:30:48 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{00F86943-B771-4511-93F9-A59260218210}
[2011/06/22 09:29:44 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{A452C416-1845-4B68-A18C-2ECFC048BF65}
[2011/06/21 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{7E9E806C-80EA-4FEE-9E37-975B98A56413}
[2011/06/17 10:06:38 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{60C80E49-2AE7-464D-B1E8-B70D65EAE178}
[2011/06/16 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{A678AFAB-1198-4736-9AEA-54D9656266E3}
[2011/06/15 11:09:06 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{AAFE6558-2F5B-4A1F-94C5-A642AE730D0C}
[2011/06/14 10:04:24 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{CA0CDA6C-B65A-451F-9C23-910648289F57}
[2011/06/13 21:30:33 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{6F3841B2-D7A3-486B-B62F-B5761AA4B8DF}
[2011/06/13 09:29:47 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{6E0D33B8-A02F-4A82-9737-92FE79232CD8}
[2011/06/12 08:13:37 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{5FC0CCC8-D90A-4E6E-9EFE-4B09A56E27AF}
[2011/06/11 10:18:27 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{F0FBEC18-49A2-438E-B32D-AD4FD2847AC8}
[2011/06/11 08:31:12 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{69EE80E4-550F-47FB-AD4B-4F4044F9351D}
[2011/06/10 15:49:13 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{ADE9E58F-3C94-4D1E-AE12-CA4B6D692485}
[2011/06/10 10:06:53 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{CDB3C21D-AA5C-4698-BF4A-2B92D0BF6AA3}
[2011/06/09 12:35:32 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{F898535A-B95A-4515-9989-2672BC79D962}
[2011/06/08 11:18:58 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{2BCD25BA-A3B9-41F4-91E2-FC93C3DB3182}
[2011/06/06 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{CC2F5A74-6F46-4D85-B7CF-1FB59AA6F4E9}
[2011/06/05 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\Stan\AppData\Local\{E8690BA5-3109-41F7-8F1A-C1B706717DCD}
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Stan\Documents\*.tmp files -> C:\Users\Stan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/05 19:38:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stan\Desktop\OTL.exe
[2011/07/05 19:35:14 | 000,016,091 | ---- | M] () -- C:\Users\Stan\AppData\Roaming\8522.44D
[2011/07/05 19:13:56 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/07/05 19:13:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/05 19:13:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 19:13:39 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/05 19:13:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/05 19:13:27 | 937,820,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 19:08:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/05 15:39:53 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F5D263EB-56A0-4A22-A5EB-564938A30ECC}.job
[2011/07/05 14:19:53 | 000,179,200 | ---- | M] () -- C:\Users\Stan\AppData\Roaming\dwm.exe
[2011/07/05 11:07:11 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/07/05 11:07:11 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/02 12:56:11 | 000,000,766 | ---- | M] () -- C:\Users\Stan\Desktop\SpeedFan.lnk
[2011/07/02 12:56:10 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011/07/02 12:55:38 | 000,000,000 | ---- | M] () -- C:\Users\Stan\Desktop\initdebug.nfo
[2011/06/30 19:14:23 | 000,322,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/30 18:54:41 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/30 18:54:41 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/25 13:47:44 | 000,000,033 | ---- | M] () -- C:\Windows\popcinfo.dat
[2011/06/25 12:37:33 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2011/06/24 22:17:01 | 000,003,850 | ---- | M] () -- C:\Windows\pstrip.ini
[2011/06/17 17:01:25 | 000,092,160 | ---- | M] () -- C:\Users\Stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/17 16:00:17 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Stan\Documents\*.tmp files -> C:\Users\Stan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 11:07:11 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/07/05 11:07:11 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/07/04 14:07:15 | 000,179,200 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\dwm.exe
[2011/07/04 14:06:53 | 000,016,091 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\8522.44D
[2011/07/02 12:56:11 | 000,000,766 | ---- | C] () -- C:\Users\Stan\Desktop\SpeedFan.lnk
[2011/07/02 12:55:38 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011/07/02 12:55:38 | 000,000,000 | ---- | C] () -- C:\Users\Stan\Desktop\initdebug.nfo
[2011/06/24 22:12:10 | 000,004,364 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/06/24 21:35:05 | 000,003,850 | ---- | C] () -- C:\Windows\pstrip.ini
[2011/02/20 15:00:30 | 000,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini
[2010/09/25 14:13:58 | 000,000,088 | ---- | C] () -- C:\Windows\QTW.INI
[2010/06/26 12:26:50 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2010/05/19 17:34:45 | 000,000,615 | ---- | C] () -- C:\Windows\tlknw19.ini
[2010/05/18 12:34:24 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2010/03/06 14:19:44 | 000,000,068 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/13 20:53:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/26 16:40:19 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/12/12 10:19:08 | 000,000,350 | ---- | C] () -- C:\Windows\EReg213.dat
[2009/12/11 17:44:30 | 000,000,086 | ---- | C] () -- C:\Windows\ka.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/02 01:33:06 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/08/02 01:33:06 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/01 21:03:00 | 000,154,468 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/07/25 16:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/19 20:12:24 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2009/07/19 20:11:57 | 000,000,391 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/07/11 17:20:24 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/07/07 17:35:25 | 000,000,583 | ---- | C] () -- C:\Windows\QIII.INI
[2009/07/04 15:45:42 | 000,000,680 | ---- | C] () -- C:\Users\Stan\AppData\Local\d3d9caps.dat
[2009/07/01 15:29:41 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/06/29 11:34:01 | 000,000,615 | ---- | C] () -- C:\Windows\tlknw14.ini
[2009/06/21 12:54:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/21 12:54:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/05 17:07:01 | 000,000,033 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/02/26 12:29:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/19 21:02:09 | 000,092,160 | ---- | C] () -- C:\Users\Stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/27 19:14:33 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/02/27 19:11:26 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/02/27 19:11:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,322,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2009/08/05 01:59:04 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\.minecraft
[2009/08/05 01:17:03 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\.purple
[2010/08/27 15:32:13 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Broderbund
[2011/05/04 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Catalina Marketing Corp
[2011/07/02 12:34:19 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\DAEMON Tools Lite
[2010/03/16 19:13:02 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\DeepBurner Pro
[2009/09/18 15:15:58 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Dropbox
[2009/07/02 20:05:51 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\FLV Extract
[2010/09/25 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\I2P
[2011/05/18 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\ImgBurn
[2010/12/23 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\inkscape
[2009/07/28 12:33:20 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\IrfanView
[2009/07/25 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\kyoku-senbi
[2010/06/02 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Little Worlds Online
[2010/01/15 17:06:17 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Mean Hamster Software
[2009/07/24 16:24:34 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\NoNameScript
[2009/07/23 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\Opera
[2010/02/14 10:35:39 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\PlayFirst
[2010/01/20 18:18:51 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\SPORE Creature Creator
[2010/05/09 10:18:32 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\TikGames
[2011/07/02 12:34:16 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\uTorrent
[2010/01/02 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\Stan\AppData\Roaming\WinBatch
[2011/07/04 21:57:29 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/05 15:39:53 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F5D263EB-56A0-4A22-A5EB-564938A30ECC}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 05 July 2011 - 08:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************
:processes
killallprocesses

:Services
OFIRQ
MQCXTUGZE
GJDG
CLTNetCnService
stllssvr
sptd

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (OFIRQ)
SRV - File not found [On_Demand | Stopped] -- -- (MQCXTUGZE)
SRV - File not found [On_Demand | Stopped] -- -- (GJDG)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
DRV - [2009/06/25 23:02:27 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63576
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
File not found (No name found) -- M:\PORTABLEAPPS\LOLFOX\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- M:\PORTABLEAPPS\LOLFOX\EXTENSIONS\{F0B6E3F9-ECD1-40B6-A25F-5C3FF68FB079}
File not found (No name found) -- M:\PORTABLEAPPS\LOLFOX\EXTENSIONS\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [conhost] C:\Users\Stan\AppData\Roaming\Microsoft\conhost.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Stan\AppData\Local\Temp\csrss.exe) - C:\Users\Stan\AppData\Local\Temp\csrss.exe ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O32 - AutoRun File - [2002/02/12 05:23:58 | 000,397,312 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001/12/06 20:31:32 | 000,000,042 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2d20af46-2c61-11de-9204-001921ca71e5}\Shell - "" = AutoRun
O33 - MountPoints2\{2d20af46-2c61-11de-9204-001921ca71e5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{3978443e-2312-11de-9bc6-001921ca71e5}\Shell - "" = AutoRun
O33 - MountPoints2\{3978443e-2312-11de-9bc6-001921ca71e5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- [2002/02/12 05:23:58 | 000,397,312 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\files\Contraptions.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe
O33 - MountPoints2\N\Shell\dinstall\command - "" = N:\Quake3\directx7\dxsetup.exe
[2011/07/04 14:07:15 | 000,179,200 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\dwm.exe
[2011/07/04 14:06:53 | 000,016,091 | ---- | C] () -- C:\Users\Stan\AppData\Roaming\8522.44D


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Windows\System32\Drivers\sptd.sys

:Commands
[purity]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image




Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right clicking and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Install the free Avast. Download and Save the install file to your desktop:

http://www.avast.com...ivirus-download

Right click and Run As Administrator

Once you have it installed and it has updated:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron
  • 0

#3
Harris39
Posted 06 July 2011 - 09:06 PM

Harris39

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL Fix resulted in bluescreen at sptd.sys both times it was tried.
Skipped and went on to the rest of tests.
Thanks for the quick response.

MBAM Log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7037

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/6/2011 8:23:46 PM
mbam-log-2011-07-06 (20-23-41).txt

Scan type: Quick scan
Objects scanned: 169886
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
c:\Users\Stan\AppData\Roaming\dwm.exe (Backdoor.Bot) -> 1784 -> No action taken.
c:\Users\Stan\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> 2104 -> No action taken.
c:\Users\Stan\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> 2276 -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Bot) -> Value: conhost -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Bot) -> Bad: (C:\Users\Stan\AppData\Local\Temp\csrss.exe) Good: () -> No action taken.

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.

Files Infected:
c:\Users\Stan\AppData\Roaming\dwm.exe (Backdoor.Bot) -> No action taken.
c:\Users\Stan\AppData\Roaming\microsoft\conhost.exe (Backdoor.Bot) -> No action taken.
c:\Users\Stan\AppData\Local\Temp\csrss.exe (Backdoor.Bot) -> No action taken.
c:\Users\Stan\AppData\Local\Temp\0.5002285629833202.exe (Spyware.Passwords.XGen) -> No action taken.

Combofix Log:

ComboFix 11-07-06.04 - Stan 07/06/2011 20:43:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.894.283 [GMT -5:00]
Running from: c:\users\Stan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stan\DSC01702 .png
c:\users\Stan\unstopcp.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 01:53 . 2011-07-07 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-07 01:37 . 2011-07-07 01:38 -------- d-----w- C:\32788R22FWJFW
2011-07-07 01:35 . 2011-07-07 01:35 -------- d-----w- C:\_OTL
2011-07-07 01:14 . 2011-05-29 14:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 01:14 . 2011-07-07 01:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 01:14 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:45 . 2011-07-06 15:45 -------- d-----w- c:\users\Stan\AppData\Local\{802FCE85-F535-4960-8403-27D733C520C0}
2011-07-05 16:07 . 2011-07-05 16:07 -------- d-----w- c:\programdata\McAfee Security Scan
2011-07-05 16:07 . 2011-07-05 16:07 -------- d-----w- c:\program files\McAfee Security Scan
2011-07-05 14:20 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BAB584-FE9C-414A-B8AD-50B7E9A4FD19}\mpengine.dll
2011-07-05 14:15 . 2011-07-05 14:15 -------- d-----w- c:\users\Stan\AppData\Local\{A718C9E5-A443-42D5-8257-083550141198}
2011-07-04 15:47 . 2011-07-04 15:47 -------- d-----w- c:\users\Stan\AppData\Local\{667161F0-3852-46D7-A482-8A647554D46F}
2011-07-03 14:43 . 2011-07-03 14:43 -------- d-----w- c:\users\Stan\AppData\Local\{252B3167-3423-4D5A-8B82-2B66A9BF2606}
2011-07-02 18:00 . 2011-07-02 18:00 -------- d-----w- c:\users\Stan\AppData\Roaming\NVIDIA
2011-07-02 17:56 . 2011-07-02 17:56 -------- d-----w- c:\program files\SpeedFan
2011-07-02 17:18 . 2011-07-05 16:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-02 14:59 . 2011-07-02 14:59 -------- d-----w- c:\users\Stan\AppData\Local\{BA7F24B3-180A-4BBA-83EC-7D9C0677CF17}
2011-07-01 14:24 . 2011-07-01 14:25 -------- d-----w- c:\users\Stan\AppData\Local\{2AA811E1-ACF8-4A18-9D95-C66292BE9D5C}
2011-06-30 23:42 . 2011-06-30 23:42 -------- d-----w- c:\users\Stan\AppData\Local\{4B6E3C01-56BD-4F13-B4F3-3EBD56A82034}
2011-06-29 12:03 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 11:44 . 2011-06-29 23:45 -------- d-----w- c:\users\Stan\AppData\Local\{DF245DF4-42A3-4008-A83F-214CEFAA29B6}
2011-06-28 16:13 . 2011-06-28 16:14 -------- d-----w- c:\users\Stan\AppData\Local\{9C99D98A-452B-4E6A-835E-D8EA07D54F97}
2011-06-28 02:08 . 2011-06-28 02:08 -------- d-----w- c:\users\Stan\AppData\Local\{B27F0836-BBC6-41BE-9C1C-90540ACDCD69}
2011-06-27 14:07 . 2011-06-27 14:07 -------- d-----w- c:\users\Stan\AppData\Local\{03753FE5-550F-4904-A2B1-BC168885A2BF}
2011-06-26 18:25 . 2011-06-26 18:25 -------- d-----w- c:\users\Stan\AppData\Local\{67ADFE7B-F13F-4E3D-B3D6-45701009A323}
2011-06-25 17:47 . 2011-06-25 17:47 -------- d-----w- c:\programdata\Trymedia
2011-06-25 17:44 . 2011-06-25 17:44 -------- d-----w- C:\GameHouse Games
2011-06-25 17:43 . 2011-06-25 17:43 -------- d-----w- c:\program files\RealArcade
2011-06-25 17:41 . 2011-06-25 17:41 -------- d-----w- c:\programdata\PopCap
2011-06-25 14:33 . 2011-06-25 14:33 -------- d-----w- c:\users\Stan\AppData\Local\{6653E87D-183D-40C2-A5C8-7A6821855ABC}
2011-06-25 03:14 . 2011-06-25 03:14 -------- d-----w- c:\users\UpdatusUser
2011-06-25 03:14 . 2011-05-25 06:09 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-06-25 03:14 . 2011-05-25 06:09 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-06-25 03:14 . 2011-05-25 06:09 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-06-25 03:14 . 2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-06-25 03:14 . 2011-05-25 06:09 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-06-25 03:14 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-06-25 03:12 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-06-25 03:12 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-06-25 03:12 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-06-25 03:12 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-06-25 03:12 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-06-25 03:12 . 2011-05-25 06:09 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-06-25 03:12 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-06-25 03:12 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-06-25 03:12 . 2011-05-25 06:09 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-06-25 03:12 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-06-25 03:12 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-06-25 02:44 . 2011-06-25 02:44 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-25 02:34 . 2011-06-25 02:35 -------- d-----w- c:\program files\PowerStrip
2011-06-25 02:32 . 2011-06-25 02:32 -------- d-----w- c:\users\Stan\AppData\Local\{AF9BE431-0F4D-412E-94D7-272756F46562}
2011-06-24 14:31 . 2011-06-24 14:32 -------- d-----w- c:\users\Stan\AppData\Local\{A182F070-E03B-4C90-93C9-C556D5617478}
2011-06-23 14:30 . 2011-06-24 02:31 -------- d-----w- c:\users\Stan\AppData\Local\{00F86943-B771-4511-93F9-A59260218210}
2011-06-22 14:29 . 2011-06-23 02:30 -------- d-----w- c:\users\Stan\AppData\Local\{A452C416-1845-4B68-A18C-2ECFC048BF65}
2011-06-21 16:42 . 2011-06-21 16:42 -------- d-----w- c:\users\Stan\AppData\Local\{7E9E806C-80EA-4FEE-9E37-975B98A56413}
2011-06-17 15:06 . 2011-06-17 15:06 -------- d-----w- c:\users\Stan\AppData\Local\{60C80E49-2AE7-464D-B1E8-B70D65EAE178}
2011-06-17 02:14 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-17 02:14 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-17 02:14 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-17 02:14 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-17 01:57 . 2011-06-17 01:57 -------- d-----w- c:\users\Stan\AppData\Local\{A678AFAB-1198-4736-9AEA-54D9656266E3}
2011-06-15 16:09 . 2011-06-15 16:09 -------- d-----w- c:\users\Stan\AppData\Local\{AAFE6558-2F5B-4A1F-94C5-A642AE730D0C}
2011-06-14 15:04 . 2011-06-14 15:04 -------- d-----w- c:\users\Stan\AppData\Local\{CA0CDA6C-B65A-451F-9C23-910648289F57}
2011-06-14 02:30 . 2011-06-14 02:30 -------- d-----w- c:\users\Stan\AppData\Local\{6F3841B2-D7A3-486B-B62F-B5761AA4B8DF}
2011-06-13 14:29 . 2011-06-13 14:30 -------- d-----w- c:\users\Stan\AppData\Local\{6E0D33B8-A02F-4A82-9737-92FE79232CD8}
2011-06-12 13:13 . 2011-06-12 13:13 -------- d-----w- c:\users\Stan\AppData\Local\{5FC0CCC8-D90A-4E6E-9EFE-4B09A56E27AF}
2011-06-11 15:18 . 2011-06-11 15:18 -------- d-----w- c:\users\Stan\AppData\Local\{F0FBEC18-49A2-438E-B32D-AD4FD2847AC8}
2011-06-11 13:31 . 2011-06-11 13:31 -------- d-----w- c:\users\Stan\AppData\Local\{69EE80E4-550F-47FB-AD4B-4F4044F9351D}
2011-06-10 20:49 . 2011-06-10 20:49 -------- d-----w- c:\users\Stan\AppData\Local\{ADE9E58F-3C94-4D1E-AE12-CA4B6D692485}
2011-06-10 15:06 . 2011-06-10 15:07 -------- d-----w- c:\users\Stan\AppData\Local\{CDB3C21D-AA5C-4698-BF4A-2B92D0BF6AA3}
2011-06-09 17:35 . 2011-06-09 17:35 -------- d-----w- c:\users\Stan\AppData\Local\{F898535A-B95A-4515-9989-2672BC79D962}
2011-06-08 16:18 . 2011-06-08 16:19 -------- d-----w- c:\users\Stan\AppData\Local\{2BCD25BA-A3B9-41F4-91E2-FC93C3DB3182}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 06:09 . 2011-06-25 03:12 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 00:14 . 2009-10-02 16:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 17:40 . 2011-05-04 17:37 525856 ----a-w- c:\users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
.
c:\users\Stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-26 110592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2011-2-20 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsLivePhone]
2008-12-22 20:59 787816 ----a-w- c:\program files\Windows Live\Device Manager\msgrdvmn.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Stan\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 PStrip;PStrip;c:\windows\system32\DRIVERS\PSTRIP.SYS [2001-07-23 21616]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 00:47]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 00:47]
.
2011-07-07 c:\windows\Tasks\User_Feed_Synchronization-{F5D263EB-56A0-4A22-A5EB-564938A30ECC}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-06 20:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-06 20:57:37
ComboFix-quarantined-files.txt 2011-07-07 01:57
.
Pre-Run: 178,376,953,856 bytes free
Post-Run: 178,328,940,544 bytes free
.
- - End Of File - - 43F324DCD205841E239050F405E2334A

TDSSKILLER Log

2011/07/06 21:00:31.0807 3148 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/06 21:00:32.0509 3148 ================================================================================
2011/07/06 21:00:32.0509 3148 SystemInfo:
2011/07/06 21:00:32.0509 3148
2011/07/06 21:00:32.0509 3148 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/06 21:00:32.0509 3148 Product type: Workstation
2011/07/06 21:00:32.0509 3148 ComputerName: STAN-PC
2011/07/06 21:00:32.0509 3148 UserName: Stan
2011/07/06 21:00:32.0509 3148 Windows directory: C:\Windows
2011/07/06 21:00:32.0509 3148 System windows directory: C:\Windows
2011/07/06 21:00:32.0509 3148 Processor architecture: Intel x86
2011/07/06 21:00:32.0509 3148 Number of processors: 2
2011/07/06 21:00:32.0509 3148 Page size: 0x1000
2011/07/06 21:00:32.0509 3148 Boot type: Normal boot
2011/07/06 21:00:32.0509 3148 ================================================================================
2011/07/06 21:00:33.0601 3148 Initialize success
2011/07/06 21:00:36.0066 2920 ================================================================================
2011/07/06 21:00:36.0066 2920 Scan started
2011/07/06 21:00:36.0066 2920 Mode: Manual;
2011/07/06 21:00:36.0066 2920 ================================================================================
2011/07/06 21:01:06.0970 3308 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/06 21:01:07.0110 3308 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/07/06 21:01:07.0157 3308 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/07/06 21:01:07.0235 3308 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/07/06 21:01:07.0313 3308 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/07/06 21:01:07.0407 3308 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/06 21:01:07.0485 3308 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/07/06 21:01:07.0563 3308 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/06 21:01:07.0625 3308 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/07/06 21:01:07.0672 3308 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/07/06 21:01:07.0719 3308 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/07/06 21:01:07.0781 3308 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/07/06 21:01:07.0828 3308 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/06 21:01:07.0875 3308 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/07/06 21:01:07.0906 3308 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/07/06 21:01:07.0937 3308 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/06 21:01:07.0984 3308 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/06 21:01:08.0062 3308 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/06 21:01:08.0171 3308 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/06 21:01:08.0202 3308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/06 21:01:08.0249 3308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/06 21:01:08.0280 3308 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/06 21:01:08.0311 3308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/06 21:01:08.0343 3308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/06 21:01:08.0389 3308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/06 21:01:08.0436 3308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/06 21:01:08.0592 3308 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/06 21:01:08.0670 3308 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/06 21:01:08.0733 3308 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/07/06 21:01:08.0795 3308 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/06 21:01:08.0857 3308 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/07/06 21:01:08.0904 3308 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/07/06 21:01:08.0951 3308 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/06 21:01:09.0013 3308 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/07/06 21:01:09.0185 3308 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/06 21:01:09.0263 3308 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/06 21:01:09.0357 3308 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/06 21:01:09.0435 3308 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/06 21:01:09.0497 3308 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/06 21:01:09.0575 3308 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/06 21:01:09.0653 3308 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/07/06 21:01:09.0731 3308 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/06 21:01:09.0762 3308 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/06 21:01:09.0809 3308 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/06 21:01:09.0856 3308 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/06 21:01:09.0887 3308 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/06 21:01:09.0934 3308 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/06 21:01:09.0981 3308 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/06 21:01:10.0043 3308 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/06 21:01:10.0074 3308 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/06 21:01:10.0105 3308 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/06 21:01:10.0168 3308 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/06 21:01:10.0199 3308 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/07/06 21:01:10.0277 3308 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/06 21:01:10.0324 3308 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/07/06 21:01:10.0402 3308 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/06 21:01:10.0433 3308 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/06 21:01:10.0464 3308 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/06 21:01:10.0511 3308 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/06 21:01:10.0558 3308 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/07/06 21:01:10.0620 3308 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/07/06 21:01:10.0667 3308 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/07/06 21:01:10.0714 3308 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/06 21:01:10.0761 3308 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/07/06 21:01:10.0807 3308 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/06 21:01:10.0854 3308 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/07/06 21:01:10.0901 3308 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/06 21:01:11.0041 3308 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/06 21:01:11.0151 3308 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/07/06 21:01:11.0182 3308 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/06 21:01:11.0260 3308 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/06 21:01:11.0369 3308 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/06 21:01:11.0431 3308 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/06 21:01:11.0525 3308 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/06 21:01:11.0603 3308 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/07/06 21:01:11.0681 3308 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/06 21:01:11.0712 3308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/06 21:01:11.0743 3308 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/06 21:01:11.0806 3308 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/06 21:01:11.0853 3308 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/07/06 21:01:11.0931 3308 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/06 21:01:12.0055 3308 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/06 21:01:12.0149 3308 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/06 21:01:12.0196 3308 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/06 21:01:12.0258 3308 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/06 21:01:12.0321 3308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/06 21:01:12.0383 3308 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/06 21:01:12.0445 3308 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/06 21:01:12.0539 3308 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/06 21:01:12.0617 3308 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/07/06 21:01:12.0695 3308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/06 21:01:12.0757 3308 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/06 21:01:12.0789 3308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/06 21:01:12.0835 3308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/06 21:01:12.0882 3308 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/06 21:01:12.0929 3308 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/07/06 21:01:13.0007 3308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/06 21:01:13.0085 3308 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/06 21:01:13.0163 3308 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/06 21:01:13.0210 3308 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/06 21:01:13.0257 3308 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/06 21:01:13.0303 3308 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/06 21:01:13.0366 3308 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/07/06 21:01:13.0413 3308 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/07/06 21:01:13.0491 3308 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/06 21:01:13.0569 3308 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/06 21:01:13.0647 3308 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/06 21:01:13.0709 3308 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/06 21:01:13.0740 3308 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/06 21:01:13.0787 3308 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/06 21:01:13.0881 3308 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/06 21:01:13.0943 3308 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/06 21:01:14.0005 3308 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/06 21:01:14.0052 3308 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/06 21:01:14.0099 3308 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/06 21:01:14.0146 3308 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/06 21:01:14.0193 3308 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/06 21:01:14.0224 3308 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/06 21:01:14.0271 3308 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/06 21:01:14.0302 3308 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/06 21:01:14.0380 3308 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/06 21:01:14.0473 3308 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/06 21:01:14.0551 3308 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/06 21:01:14.0614 3308 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/06 21:01:14.0723 3308 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/06 21:01:14.0801 3308 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/06 21:01:14.0879 3308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/06 21:01:14.0926 3308 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/07/06 21:01:15.0425 3308 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/06 21:01:15.0550 3308 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/07/06 21:01:15.0612 3308 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/07/06 21:01:15.0706 3308 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/07/06 21:01:15.0799 3308 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/07/06 21:01:15.0940 3308 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/06 21:01:16.0080 3308 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/06 21:01:16.0143 3308 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/06 21:01:16.0221 3308 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/06 21:01:16.0267 3308 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/06 21:01:16.0299 3308 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/06 21:01:16.0345 3308 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/06 21:01:16.0392 3308 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/06 21:01:16.0517 3308 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/07/06 21:01:16.0657 3308 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/06 21:01:16.0735 3308 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/07/06 21:01:16.0829 3308 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/07/06 21:01:16.0891 3308 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/06 21:01:16.0923 3308 PStrip (a6a0395308ad8e8730e81378b2a2ac34) C:\Windows\system32\DRIVERS\PSTRIP.SYS
2011/07/06 21:01:16.0985 3308 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/07/06 21:01:17.0032 3308 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/06 21:01:17.0094 3308 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/06 21:01:17.0125 3308 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/06 21:01:17.0172 3308 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/06 21:01:17.0219 3308 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/06 21:01:17.0359 3308 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/06 21:01:17.0437 3308 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/06 21:01:17.0500 3308 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/06 21:01:17.0578 3308 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/07/06 21:01:17.0625 3308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/06 21:01:17.0734 3308 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/06 21:01:17.0812 3308 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/06 21:01:17.0890 3308 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/06 21:01:17.0952 3308 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/06 21:01:18.0061 3308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/06 21:01:18.0124 3308 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/06 21:01:18.0186 3308 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/06 21:01:18.0249 3308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/06 21:01:18.0311 3308 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/07/06 21:01:18.0342 3308 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/06 21:01:18.0373 3308 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/06 21:01:18.0451 3308 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/06 21:01:18.0545 3308 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/07/06 21:01:18.0607 3308 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/07/06 21:01:18.0654 3308 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/07/06 21:01:18.0763 3308 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/06 21:01:18.0841 3308 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
2011/07/06 21:01:18.0904 3308 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/06 21:01:18.0982 3308 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/07/06 21:01:18.0982 3308 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/07/06 21:01:18.0997 3308 sptd - detected LockedFile.Multi.Generic (1)
2011/07/06 21:01:19.0029 3308 SQTECH905C (5e8bd271747d43bc2d656c1f956fddaf) C:\Windows\system32\Drivers\Capt905c.sys
2011/07/06 21:01:19.0075 3308 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/06 21:01:19.0138 3308 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/06 21:01:19.0185 3308 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/06 21:01:19.0247 3308 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/06 21:01:19.0294 3308 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/06 21:01:19.0325 3308 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/06 21:01:19.0372 3308 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/06 21:01:19.0481 3308 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/06 21:01:19.0559 3308 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/06 21:01:19.0621 3308 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/06 21:01:19.0684 3308 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/06 21:01:19.0699 3308 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/06 21:01:19.0746 3308 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/06 21:01:19.0793 3308 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/06 21:01:19.0887 3308 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/06 21:01:19.0949 3308 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/06 21:01:20.0027 3308 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/06 21:01:20.0089 3308 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/07/06 21:01:20.0152 3308 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/06 21:01:20.0245 3308 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/06 21:01:20.0292 3308 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/07/06 21:01:20.0355 3308 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/06 21:01:20.0417 3308 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/06 21:01:20.0479 3308 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/06 21:01:20.0573 3308 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/06 21:01:20.0635 3308 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/06 21:01:20.0729 3308 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/07/06 21:01:20.0791 3308 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/06 21:01:20.0869 3308 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/06 21:01:20.0947 3308 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/06 21:01:21.0010 3308 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/06 21:01:21.0072 3308 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/06 21:01:21.0150 3308 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/06 21:01:21.0213 3308 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/06 21:01:21.0306 3308 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/06 21:01:21.0369 3308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/06 21:01:21.0415 3308 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/07/06 21:01:21.0447 3308 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/07/06 21:01:21.0478 3308 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/07/06 21:01:21.0509 3308 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/07/06 21:01:21.0540 3308 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/06 21:01:21.0587 3308 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/06 21:01:21.0649 3308 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/06 21:01:21.0681 3308 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/07/06 21:01:21.0743 3308 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/06 21:01:21.0774 3308 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 21:01:21.0805 3308 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 21:01:21.0915 3308 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/07/06 21:01:21.0961 3308 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/06 21:01:22.0117 3308 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/06 21:01:22.0289 3308 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/06 21:01:22.0414 3308 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/06 21:01:22.0539 3308 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/06 21:01:22.0617 3308 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/06 21:01:22.0710 3308 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/06 21:01:22.0819 3308 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/07/06 21:01:22.0851 3308 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/07/06 21:01:22.0897 3308 Boot (0x1200) (68bee1010ab3407148fb91d99f0bceea) \Device\Harddisk0\DR0\Partition0
2011/07/06 21:01:22.0929 3308 Boot (0x1200) (ba2054cb52e40fd20fea1b2d130079e4) \Device\Harddisk0\DR0\Partition1
2011/07/06 21:01:22.0944 3308 ================================================================================
2011/07/06 21:01:22.0944 3308 Scan finished
2011/07/06 21:01:22.0944 3308 ================================================================================
2011/07/06 21:01:22.0960 3328 Detected object count: 1
2011/07/06 21:01:22.0960 3328 Actual detected object count: 1
2011/07/06 21:02:25.0141 3328 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/07/06 21:02:25.0141 3328 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/07/06 21:02:25.0188 3328 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/07/06 21:02:25.0188 3328 LockedFile.Multi.Generic(sptd) - User select action: Quarantine
2011/07/06 21:02:29.0104 3368 Deinitialize success

aswMBR log:
aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-06 21:02:51
-----------------------------
21:02:51.365 OS Version: Windows 6.0.6002 Service Pack 2
21:02:51.365 Number of processors: 2 586 0x4B02
21:02:51.365 ComputerName: STAN-PC UserName: Stan
21:02:52.785 Initialize success
21:20:14.877 AVAST engine defs: 11070601
21:20:37.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
21:20:37.513 Disk 0 Vendor: ST332082 3.AH Size: 305245MB BusType: 3
21:20:39.556 Disk 0 MBR read successfully
21:20:39.556 Disk 0 MBR scan
21:20:39.587 Disk 0 unknown MBR code
21:20:41.631 Disk 0 scanning sectors +625137345
21:20:41.662 Disk 0 scanning C:\Windows\system32\drivers
21:20:53.971 Service scanning
21:20:56.217 Disk 0 trace - called modules:
21:20:56.248 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84e2e1f8]<<
21:20:56.248 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85df4728]
21:20:56.264 3 CLASSPNP.SYS[86dab8b3] -> nt!IofCallDriver -> [0x84ecb258]
21:20:56.279 5 acpi.sys[82b3d6bc] -> nt!IofCallDriver -> \Device\0000005b[0x84ecbc90]
21:20:56.794 \Driver\nvstor32[0x84ec6688] -> IRP_MJ_CREATE -> 0x84e2e1f8
21:20:58.604 AVAST engine scan C:\Windows
21:58:13.604 Disk 0 MBR has been saved successfully to "C:\Users\Stan\Desktop\MBR.dat"
21:58:13.604 The log file has been saved successfully to "C:\Users\Stan\Desktop\aswMBR.txt"

And finally, MBRcheck log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ECS
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: RY875AA-ABA a6042n
Logical Drives Mask: 0x00000bbc

Kernel Drivers (total 140):
0x8243D000 \SystemRoot\system32\ntkrnlpa.exe
0x8240A000 \SystemRoot\system32\hal.dll
0x8060F000 \SystemRoot\system32\kdcom.dll
0x80616000 \SystemRoot\system32\PSHED.dll
0x80627000 \SystemRoot\system32\BOOTVID.dll
0x8062F000 \SystemRoot\system32\CLFS.SYS
0x80670000 \SystemRoot\system32\CI.dll
0x80750000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807CC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A05000 \SystemRoot\System32\Drivers\sprc.sys
0x82B06000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82B0F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82B35000 \SystemRoot\system32\drivers\acpi.sys
0x82B7B000 \SystemRoot\system32\drivers\msisadrv.sys
0x82B83000 \SystemRoot\system32\drivers\pci.sys
0x82BAA000 \SystemRoot\System32\drivers\partmgr.sys
0x82BB9000 \SystemRoot\system32\drivers\volmgr.sys
0x83007000 \SystemRoot\System32\drivers\volmgrx.sys
0x83051000 \SystemRoot\system32\drivers\pciide.sys
0x83058000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83066000 \SystemRoot\System32\drivers\mountmgr.sys
0x83076000 \SystemRoot\system32\drivers\atapi.sys
0x8307E000 \SystemRoot\system32\drivers\ataport.SYS
0x8309C000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x830D3000 \SystemRoot\system32\DRIVERS\storport.sys
0x83114000 \SystemRoot\system32\drivers\fltmgr.sys
0x83146000 \SystemRoot\system32\drivers\fileinfo.sys
0x83156000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83200000 \SystemRoot\system32\drivers\ndis.sys
0x8330B000 \SystemRoot\system32\drivers\msrpc.sys
0x83336000 \SystemRoot\system32\drivers\NETIO.SYS
0x86A0B000 \SystemRoot\System32\drivers\tcpip.sys
0x86AF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86C09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D19000 \SystemRoot\system32\drivers\volsnap.sys
0x86D52000 \SystemRoot\System32\Drivers\spldr.sys
0x86D5A000 \SystemRoot\system32\speedfan.sys
0x86D5E000 \SystemRoot\System32\Drivers\mup.sys
0x86D6D000 \SystemRoot\system32\giveio.sys
0x86D6E000 \SystemRoot\System32\drivers\ecache.sys
0x86D95000 \SystemRoot\system32\drivers\disk.sys
0x86DA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x86DE7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86DF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86B47000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x86B57000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x86B6A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x86DFB000 \SystemRoot\system32\DRIVERS\PS2.sys
0x86B75000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x86B80000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x86B8A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x86BC8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x83371000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x833BD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AA01000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0x8AB03000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8ABB8000 \SystemRoot\system32\drivers\modem.sys
0x8ABC5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8ABD5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AE0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AE98000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEB0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8AEBA000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
0x8B205000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BC32000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x8BC36000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BCD6000 \SystemRoot\System32\drivers\watchdog.sys
0x8BCE2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BD11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BD1C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BD33000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BD3E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BD61000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BD70000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BD84000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BD99000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BDA9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BDAB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BDB5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BDC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AF7C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C406000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C6F6000 \SystemRoot\system32\drivers\portcls.sys
0x8C723000 \SystemRoot\system32\drivers\drmk.sys
0x8C748000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C751000 \SystemRoot\System32\Drivers\Null.SYS
0x8C758000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C75F000 \SystemRoot\System32\drivers\vga.sys
0x8C76B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C78C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C794000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C79C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C7A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C7B5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C7BE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C7D4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8AF8D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C807000 \SystemRoot\system32\drivers\afd.sys
0x8C84F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C865000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C873000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C886000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8C88E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C8CA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C8D4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C8EB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8C900000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C902000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C90F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8C919000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x94C20000 \SystemRoot\System32\win32k.sys
0x8C950000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C95A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94E40000 \SystemRoot\System32\TSDDD.dll
0x94E60000 \SystemRoot\System32\cdd.dll
0x8C969000 \SystemRoot\system32\drivers\luafv.sys
0x9A00E000 \SystemRoot\system32\drivers\spsys.sys
0x9A0BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A0CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A0E1000 \SystemRoot\system32\drivers\HTTP.sys
0x9A14E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A16B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A184000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A199000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A1B8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8C98C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8C9A4000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C601000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C650000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9C654000 \SystemRoot\system32\drivers\peauth.sys
0x9C732000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C73C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C748000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C75E000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9C778000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x9C77A000 \??\C:\Windows\system32\drivers\mbam.sys
0x9C77E000 \??\C:\Users\Stan\AppData\Local\Temp\catchme.sys
0x9C7A2000 \??\C:\Users\Stan\AppData\Local\Temp\aswMBR.sys
0x77210000 \WINDOWS\System32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
464 C:\WINDOWS\System32\smss.exe
536 csrss.exe
588 C:\WINDOWS\System32\wininit.exe
600 csrss.exe
632 C:\WINDOWS\System32\services.exe
684 C:\WINDOWS\System32\winlogon.exe
716 C:\WINDOWS\System32\lsass.exe
724 C:\WINDOWS\System32\lsm.exe
860 C:\WINDOWS\System32\svchost.exe
904 C:\WINDOWS\System32\nvvsvc.exe
932 C:\WINDOWS\System32\svchost.exe
972 C:\WINDOWS\System32\svchost.exe
1092 C:\WINDOWS\System32\svchost.exe
1116 C:\WINDOWS\System32\svchost.exe
1136 C:\WINDOWS\System32\svchost.exe
1252 C:\WINDOWS\System32\audiodg.exe
1276 C:\WINDOWS\System32\svchost.exe
1292 C:\WINDOWS\System32\SLsvc.exe
1344 C:\WINDOWS\System32\svchost.exe
1452 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1464 C:\WINDOWS\System32\nvvsvc.exe
1496 C:\WINDOWS\System32\svchost.exe
1836 C:\WINDOWS\System32\spoolsv.exe
1880 C:\WINDOWS\System32\svchost.exe
2020 C:\WINDOWS\System32\taskeng.exe
124 C:\WINDOWS\System32\dwm.exe
496 C:\WINDOWS\System32\taskeng.exe
1224 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1200 C:\Program Files\Bonjour\mDNSResponder.exe
856 C:\WINDOWS\System32\svchost.exe
1208 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2188 C:\WINDOWS\System32\svchost.exe
2336 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2348 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2360 C:\Program Files\PowerISO\PWRISOVM.EXE
2516 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2640 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2652 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
2784 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
4060 C:\WINDOWS\System32\svchost.exe
3568 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3496 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2564 C:\WINDOWS\System32\conime.exe
2828 C:\WINDOWS\explorer.exe
1448 C:\WINDOWS\System32\wuauclt.exe
3720 C:\Program Files\simplemu\SimpleMU.exe
2332 C:\Users\Stan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`9a6eae00 (NTFS)

PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AH

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8


Done!
  • 0

#4
RKinner
Posted 07 July 2011 - 12:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Run MalWare Bytes Anti Malware again and this time don't forget to:

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

Ron
  • 0

#5
Harris39
Posted 07 July 2011 - 05:33 PM

Harris39

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Avast boot time scan found one virus:
C:\Users\Stan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\329ed4d0-470e0115|>Tuvvoaerffb.class
Severity - Medium
Threat: Java:Jade-B [Heur]
Action: Delete
Result: Action Successful

I reran Malwarebytes, here's the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7044

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/7/2011 6:33:32 PM
mbam-log-2011-07-07 (18-33-32).txt

Scan type: Quick scan
Objects scanned: 174563
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
RKinner
Posted 07 July 2011 - 07:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Could you run TDSSKiller and aswMBR one mor time and post their logs?

Also run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Are you still getting redirected?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP