Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirection, Windows UI Issues (Round 2)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 12th, 2011, 2:53 pm

Hello!

I'm the same person from the topic at viewtopic.php?f=12&t=56210. I thought my computer was clean, but apparently something still lingered. Everything was fine for a few days, so much so that I contacted the person who helped me via PM and told him that I was greatful for his help and that everything was great now. As if to punish me for my hubris, the bad behavior returned overnight. For those who didn't read the first thread, here is a rundown of the issue:

1. Google searches are redirecting me to ads
2. When I boot the machine, all I see is a black screen with my mouse cursor. Pressing Ctrl+Alt+Escape lets me bring up task manager. I need to kill explorer.exe and start it again through the run command in task manager to get to my desktop.
3. The Windows Aero effect disables itself without warning; certain visual elements within folders look like they did back in Windows 98/XP rather than the updated Vista look. As an example, the "Browse Folders/Hide Folders" button in a save dialogue is now a square button rather than simply appearing as a link on those windows. Scroll bars are also affected. This is an intermittent problem, there one time the computer is rebooted and fine the next.
4. NEW SYMPTOM - if left alone for a significant period of time, it will open a popup window with an ad of its own accord. There were three open when I looked at the machine this morning. Another had opened since this morning.

I ran MBAM and it found three infections (Rootkit.TDSS.Gen)... let me know if you want me to post that log at any point. In the meantime, here are new DDS and Attach files from a new run of DDS. In anticipation of the question I was asked last time, I would prefer to try to clean the PC than do a completely new operating system installation; I need to leave town the evening of Monday the 18th and will not have time to sufficiently recover from an OS wipe before then (I remote into this machine with GoToMyPC when I am on the road to do some work on some websites, check e-mail, etc.) Thanks in advance for any help anyone can provide!

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Alex at 12:39:23.03 on Tue 04/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1951 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Alex\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Evernote - e:\program files\evernote\evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - e:\program files\evernote\evernote3\enbar.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cbeyond.webex.com/client/T27LC/ ... atgpc1.cab
TCP: {45B82F13-8CAA-44B2-A0BF-232ABD77AF8C} = 68.87.85.102,68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2304157&q=
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-26 64288]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-20 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-20 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-20 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-20 42184]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-26 20328]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-4-9 22504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\google\update\GoogleUpdate.exe [2009-8-16 133104]
S3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\system32\drivers\BLKWGDv8.sys [2006-11-18 312832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
.
=============== Created Last 30 ================
.
2011-04-12 03:03:20 -------- d-----w- c:\users\alex\appdata\roaming\BitTorrent
2011-04-09 20:28:02 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-06 03:36:49 -------- d-----w- c:\program files\common files\Futuremark Shared
2011-04-06 03:35:37 -------- d-----w- c:\program files\Futuremark
2011-04-02 05:21:42 -------- d-----w- c:\users\alex\appdata\local\CrashRpt
2011-04-02 05:21:31 -------- d-----w- c:\users\alex\appdata\local\Procaster
2011-04-02 05:21:31 -------- d-----w- c:\program files\Livestream Procaster
2011-03-21 02:05:35 98816 ----a-w- c:\windows\system32\mfps.dll
2011-03-21 02:04:54 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-21 02:04:54 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-21 02:04:53 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-21 02:04:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-21 02:04:53 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-21 02:04:53 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-21 02:04:53 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 06:36:25 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-20 06:35:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-20 06:34:57 40648 ----a-w- c:\windows\avastSS.scr
2011-03-20 06:34:53 -------- d-----w- c:\program files\AVAST Software
2011-03-20 06:34:53 -------- d-----w- c:\progra~2\AVAST Software
2011-03-17 01:05:59 -------- d-----w- c:\users\alex\Calibre Library
2011-03-17 01:05:47 -------- d-----w- c:\users\alex\appdata\roaming\calibre
2011-03-17 01:04:24 -------- d-----w- c:\program files\Calibre2
2011-03-15 02:46:25 -------- d-----w- c:\users\alex\appdata\roaming\Trillian
.
==================== Find3M ====================
.
2011-04-06 03:37:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-06 03:37:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-21 02:05:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-02-12 21:17:58 154624 ----a-w- c:\windows\system32\RemoteControl.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\00000067
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8732E439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873347d0]; MOV EAX, [0x8733484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8245D912] -> \Device\Harddisk0\DR0[0x86C91250]
3 CLASSPNP[0x8ADC78B3] -> ntkrnlpa!IofCallDriver[0x8245D912] -> [0x861F5F08]
5 acpi[0x82B376BC] -> ntkrnlpa!IofCallDriver[0x8245D912] -> [0x861FABF8]
\Driver\nvstor32[0x86F9A808] -> IRP_MJ_CREATE -> 0x8732E439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000066 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JB-00GVC0#4&3bad3e4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85d251f8
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 12:41:07.36 ===============


Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 10:18:34 PM
System Uptime: 4/12/2011 12:33:42 PM (0 hours ago)
.
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 55.204 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 286.539 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 487.722 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 466 GiB total, 265.639 GiB free.
I: is FIXED (NTFS) - 1863 GiB total, 861.578 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Belkin Wireless G Desktop Card
Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Manufacturer: Belkin Corporation
Name: Belkin Wireless G Desktop Card
PNP Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Service: BLKWGDv8
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
TWiT TV
"Champetre" template for ConvertXToDVD 3
"Christmas" template for ConvertXToDVD 3
"Film" template for ConvertXToDVD 3
Über Jedi Mod Manager
3DMark06
ABC Amber LIT Converter
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Aimersoft Video Studio Express(Build 1.2.0.25)
Air Video Server 2.4.1
AJScreensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
AudioShell 1.3.5
Audiosurf
Auto Gordian Knot 2.55
avast! Free Antivirus
AviSynth 2.5
Barnes & Noble Desktop Reader
Battlefield 2 Complete Collection
Battlefield 2142
Beyond the Red Line
BIMP Lite 1.62
BioShock 2
Black and White
BlockCAD 3.19
Bonjour
calibre
Call of Duty 4: Modern Warfare
CamStudio
Camtasia Studio 6
Celestia 1.6.0
Comparator
ConvertXtoDVD 3.8.0.193f
Cook'n & Grill'n
CPUID CPU-Z 1.57
Crysis(R)
dBpowerAMP Music Converter
Descent and Descent 2
Descent Manager Tools
Doctor Who - The Adventure Games 3.0
Download Manager 2.3.9
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Easy Video Splitter 1.28
Enemy Territory - Quake Wars(TM)
ESET Online Scanner v3
Evernote
Far Cry
FeedForAll v2.0
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 5.00
Fraps (remove only)
Free M4a to MP3 Converter 6.1
FreeSpace 2
Futuremark SystemInfo
GameShadow
GameSpy Arcade
GameSpy Comrade
Garry's Mod
GOG.com Downloader
GoldWave v5.22
GoldWave v5.52
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphing Calculator 3D 3.1
Half-Life
Half-Life: Blue Shift
HandBrake 0.9.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Casino
ImgBurn
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jeopardy! 2003
Knight
LAME v3.98.2 for Audacity
Left 4 Dead
Left 4 Dead 2
Livestream Procaster
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' Jedi Knight
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
MechWarrior 3
MechWarrior 3 Pirate's Moon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.18)
MSVCRT Redists
NET Installation Assistance for VB6 App (Runtime Only)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opposing Force
PageNest
Pamela Pro 4.7
PDF Settings
Peggle Deluxe 1.0
Photo Story 3 for Windows
Poker Night at the Inventory
Portal
PowerISO
Pradis 6: Understanding the Bible Library 6.0
Prey
Psychonauts
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Safari
Scrabble 2
Scrivener for Windows Beta
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Silent Hunter III
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 5.1
Space Quest Collection(TM)
SpaceBattle ScreenSaver 3.1
SpeedFan (remove only)
Star Trek Elite Force II
Star Trek Legacy
Star Trek: Armada
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Mysteries of the Sith
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars Starfighter
Starcraft
Steam
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag - IGF Professional 2008
TalkShoe Live! 2.0
Tardis Screensaver- Widescreen
The Sims Complete Collection
TightVNC 2.0.2
TortoiseSVN 1.6.7.18415 (32 bit)
Trillian
TweetDeck
TWiT Live Desktop
Ultimate Extras sounds from Microsoft® Tinker™
UltraLott Powerball and Mega Millions 1.2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Vegas Pro 10.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WAV to MP3 Encoder
WebEx
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Sound Schemes
WinHTTrack Website Copier 3.43-9C
WinPatrol
WinRAR archiver
WordWeb
Xfire (remove only)
XfireXO Toolbar
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 3:59:50 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
4/9/2011 3:05:28 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/9/2011 2:37:09 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
4/9/2011 2:23:12 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort1.
4/12/2011 12:37:51 PM, Error: Ntfs [137] - The default transaction resource manager on volume F: encountered a non-retryable error and could not start. The data contains the error code.
4/12/2011 12:37:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
4/12/2011 12:36:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
4/12/2011 12:35:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
4/12/2011 12:05:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
.
==== End Of File ===========================
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm
Advertisement
Register to Remove

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 12th, 2011, 4:21 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 12th, 2011, 4:29 pm

DDS is saying the TDL Rootkit is still on your computer.

Before we attempt to remove it I'd like to check that it's present using both TDSSKiller and aswMBR.

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

I DON'T WANT TO TRY AND REMOVE IT YET, I JUST WANT TO SEE WHAT EACH SCANNER FINDS.

Once I've seen both scan results we'll have another go at getting rid of it.

Summary of the logs I need from you in your next post:
  • TDSSKiller log
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 12th, 2011, 8:22 pm

TDSS Killer:
2011/04/12 18:18:24.0233 8308 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 18:18:24.0509 8308 ================================================================================
2011/04/12 18:18:24.0509 8308 SystemInfo:
2011/04/12 18:18:24.0509 8308
2011/04/12 18:18:24.0510 8308 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/12 18:18:24.0510 8308 Product type: Workstation
2011/04/12 18:18:24.0510 8308 ComputerName: ALEX-PC
2011/04/12 18:18:24.0510 8308 UserName: Alex
2011/04/12 18:18:24.0510 8308 Windows directory: C:\Windows
2011/04/12 18:18:24.0510 8308 System windows directory: C:\Windows
2011/04/12 18:18:24.0510 8308 Processor architecture: Intel x86
2011/04/12 18:18:24.0510 8308 Number of processors: 2
2011/04/12 18:18:24.0510 8308 Page size: 0x1000
2011/04/12 18:18:24.0510 8308 Boot type: Normal boot
2011/04/12 18:18:24.0510 8308 ================================================================================
2011/04/12 18:18:50.0007 8308 Initialize success
2011/04/12 18:18:57.0285 10220 ================================================================================
2011/04/12 18:18:57.0285 10220 Scan started
2011/04/12 18:18:57.0285 10220 Mode: Manual;
2011/04/12 18:18:57.0285 10220 ================================================================================
2011/04/12 18:18:58.0269 10220 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/12 18:18:58.0402 10220 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 18:18:58.0498 10220 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 18:18:58.0566 10220 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 18:18:58.0611 10220 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 18:18:58.0735 10220 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/12 18:18:58.0803 10220 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 18:18:58.0874 10220 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 18:18:58.0930 10220 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 18:18:58.0989 10220 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 18:18:59.0073 10220 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/12 18:18:59.0129 10220 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 18:18:59.0164 10220 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/12 18:18:59.0283 10220 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 18:18:59.0362 10220 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 18:18:59.0475 10220 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/12 18:18:59.0527 10220 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/12 18:18:59.0581 10220 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/12 18:18:59.0627 10220 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/12 18:18:59.0696 10220 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/12 18:18:59.0771 10220 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/12 18:18:59.0848 10220 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 18:18:59.0898 10220 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/12 18:19:00.0023 10220 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 18:19:00.0086 10220 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 18:19:00.0160 10220 BLKWGDv8 (e4074a8efc2693d5541633529ef6beeb) C:\Windows\system32\DRIVERS\BLKWGDv8.sys
2011/04/12 18:19:00.0211 10220 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 18:19:00.0279 10220 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 18:19:00.0318 10220 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 18:19:00.0403 10220 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 18:19:00.0443 10220 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 18:19:00.0486 10220 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 18:19:00.0528 10220 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/12 18:19:00.0572 10220 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 18:19:00.0621 10220 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 18:19:00.0680 10220 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 18:19:00.0779 10220 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 18:19:00.0835 10220 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/12 18:19:00.0931 10220 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 18:19:00.0968 10220 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/12 18:19:01.0125 10220 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/04/12 18:19:01.0187 10220 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/04/12 18:19:01.0216 10220 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 18:19:01.0263 10220 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 18:19:01.0359 10220 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/12 18:19:01.0448 10220 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 18:19:01.0542 10220 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/12 18:19:01.0626 10220 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 18:19:01.0716 10220 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 18:19:01.0785 10220 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 18:19:01.0907 10220 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/12 18:19:01.0984 10220 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 18:19:02.0054 10220 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 18:19:02.0131 10220 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/12 18:19:02.0194 10220 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 18:19:02.0245 10220 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 18:19:02.0287 10220 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 18:19:02.0331 10220 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 18:19:02.0411 10220 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 18:19:02.0442 10220 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 18:19:02.0493 10220 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 18:19:02.0535 10220 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/12 18:19:02.0580 10220 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 18:19:02.0655 10220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/12 18:19:02.0722 10220 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/04/12 18:19:02.0812 10220 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/12 18:19:02.0873 10220 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 18:19:02.0959 10220 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 18:19:03.0022 10220 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 18:19:03.0065 10220 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 18:19:03.0125 10220 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 18:19:03.0176 10220 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 18:19:03.0236 10220 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 18:19:03.0291 10220 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 18:19:03.0346 10220 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 18:19:03.0389 10220 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 18:19:03.0448 10220 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 18:19:03.0593 10220 IntcAzAudAddService (4de88b49c891f45cd9ea6d83a341d3e3) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 18:19:03.0679 10220 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 18:19:03.0717 10220 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 18:19:03.0774 10220 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 18:19:03.0846 10220 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 18:19:03.0889 10220 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 18:19:03.0935 10220 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 18:19:03.0975 10220 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 18:19:04.0036 10220 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 18:19:04.0068 10220 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 18:19:04.0124 10220 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 18:19:04.0157 10220 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 18:19:04.0217 10220 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/12 18:19:04.0298 10220 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 18:19:04.0448 10220 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/12 18:19:04.0482 10220 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 18:19:04.0574 10220 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 18:19:04.0610 10220 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 18:19:04.0657 10220 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 18:19:04.0689 10220 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 18:19:04.0819 10220 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/12 18:19:04.0974 10220 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/04/12 18:19:05.0082 10220 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/12 18:19:05.0160 10220 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
2011/04/12 18:19:05.0223 10220 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 18:19:05.0269 10220 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 18:19:05.0344 10220 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 18:19:05.0391 10220 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 18:19:05.0419 10220 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 18:19:05.0444 10220 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 18:19:05.0474 10220 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 18:19:05.0522 10220 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 18:19:05.0557 10220 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 18:19:05.0604 10220 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 18:19:05.0634 10220 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 18:19:05.0658 10220 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 18:19:05.0684 10220 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 18:19:05.0719 10220 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 18:19:05.0748 10220 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/12 18:19:05.0782 10220 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 18:19:05.0834 10220 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 18:19:05.0869 10220 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 18:19:05.0938 10220 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 18:19:05.0971 10220 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 18:19:05.0992 10220 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 18:19:06.0075 10220 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 18:19:06.0115 10220 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 18:19:06.0162 10220 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 18:19:06.0210 10220 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 18:19:06.0305 10220 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 18:19:06.0380 10220 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/12 18:19:06.0437 10220 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 18:19:06.0465 10220 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 18:19:06.0508 10220 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 18:19:06.0539 10220 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 18:19:06.0566 10220 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 18:19:06.0598 10220 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 18:19:06.0663 10220 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 18:19:06.0701 10220 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 18:19:06.0747 10220 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 18:19:06.0831 10220 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 18:19:06.0904 10220 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 18:19:06.0943 10220 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 18:19:07.0079 10220 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/12 18:19:07.0453 10220 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 18:19:07.0724 10220 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 18:19:07.0757 10220 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 18:19:07.0795 10220 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/04/12 18:19:07.0843 10220 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 18:19:07.0932 10220 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/12 18:19:08.0027 10220 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/12 18:19:08.0068 10220 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 18:19:08.0113 10220 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/12 18:19:08.0176 10220 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/12 18:19:08.0238 10220 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/12 18:19:08.0284 10220 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 18:19:08.0339 10220 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/12 18:19:08.0419 10220 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 18:19:08.0570 10220 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/12 18:19:08.0705 10220 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 18:19:08.0747 10220 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/12 18:19:08.0802 10220 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 18:19:08.0880 10220 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 18:19:08.0951 10220 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 18:19:08.0990 10220 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 18:19:09.0014 10220 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 18:19:09.0057 10220 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 18:19:09.0111 10220 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 18:19:09.0144 10220 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 18:19:09.0185 10220 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 18:19:09.0212 10220 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 18:19:09.0273 10220 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/12 18:19:09.0313 10220 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 18:19:09.0370 10220 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 18:19:09.0434 10220 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 18:19:09.0500 10220 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/12 18:19:09.0559 10220 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/04/12 18:19:09.0589 10220 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/04/12 18:19:09.0627 10220 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 18:19:09.0680 10220 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2011/04/12 18:19:09.0722 10220 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 18:19:09.0787 10220 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/12 18:19:09.0818 10220 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/12 18:19:09.0859 10220 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 18:19:09.0923 10220 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 18:19:09.0971 10220 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 18:19:10.0011 10220 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 18:19:10.0053 10220 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 18:19:10.0121 10220 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 18:19:10.0167 10220 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 18:19:10.0222 10220 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 18:19:10.0309 10220 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 18:19:10.0384 10220 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/04/12 18:19:10.0420 10220 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 18:19:10.0524 10220 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
2011/04/12 18:19:10.0524 10220 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2011/04/12 18:19:10.0531 10220 sptd - detected Locked file (1)
2011/04/12 18:19:10.0589 10220 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 18:19:10.0638 10220 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 18:19:10.0667 10220 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 18:19:10.0756 10220 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 18:19:10.0800 10220 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 18:19:10.0834 10220 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 18:19:10.0878 10220 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 18:19:10.0985 10220 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 18:19:11.0093 10220 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 18:19:11.0172 10220 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 18:19:11.0226 10220 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 18:19:11.0278 10220 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 18:19:11.0354 10220 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 18:19:11.0410 10220 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 18:19:11.0480 10220 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 18:19:11.0521 10220 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 18:19:11.0563 10220 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 18:19:11.0611 10220 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 18:19:11.0662 10220 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 18:19:11.0731 10220 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 18:19:11.0765 10220 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 18:19:11.0814 10220 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 18:19:11.0846 10220 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 18:19:11.0882 10220 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 18:19:11.0943 10220 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/12 18:19:12.0018 10220 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/12 18:19:12.0066 10220 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 18:19:12.0099 10220 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 18:19:12.0164 10220 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 18:19:12.0228 10220 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 18:19:12.0295 10220 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/12 18:19:12.0332 10220 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/12 18:19:12.0378 10220 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 18:19:12.0420 10220 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 18:19:12.0484 10220 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/12 18:19:12.0528 10220 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 18:19:12.0561 10220 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 18:19:12.0602 10220 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 18:19:12.0646 10220 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 18:19:12.0690 10220 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 18:19:12.0725 10220 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 18:19:12.0779 10220 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 18:19:12.0838 10220 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 18:19:12.0878 10220 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 18:19:12.0931 10220 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 18:19:12.0973 10220 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 18:19:12.0994 10220 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 18:19:13.0059 10220 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 18:19:13.0143 10220 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 18:19:13.0272 10220 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/12 18:19:13.0353 10220 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/12 18:19:13.0397 10220 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 18:19:13.0456 10220 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 18:19:13.0518 10220 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/12 18:19:13.0645 10220 ================================================================================
2011/04/12 18:19:13.0645 10220 Scan finished
2011/04/12 18:19:13.0645 10220 ================================================================================
2011/04/12 18:19:13.0661 4348 Detected object count: 2
2011/04/12 18:19:24.0956 4348 Locked file(sptd) - User select action: Skip
2011/04/12 18:19:24.0960 4348 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Skip
2011/04/12 18:20:57.0008 9432 Deinitialize success
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 12th, 2011, 8:23 pm

aswMBR:
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-12 18:21:05
-----------------------------
18:21:05.244 OS Version: Windows 6.0.6002 Service Pack 2
18:21:05.244 Number of processors: 2 586 0x6B02
18:21:05.246 ComputerName: ALEX-PC UserName: Alex
18:21:05.974 Initialize success
18:21:22.036 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
18:21:22.038 Disk 0 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 3
18:21:22.041 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000067
18:21:22.043 Disk 1 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 3
18:21:22.046 Device \Device\00000066 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JB-00GVC0#4&3bad3e4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
18:21:22.048 Disk 0 MBR read error
18:21:22.052 Disk 0 MBR scan
18:21:22.054 MBR BIOS signature not found 0
18:21:22.059 Disk 0 scanning sectors +312578048
18:21:22.062 Disk 0 scanning C:\Windows\system32\drivers
18:21:27.552 Service scanning
18:21:28.838 Disk 0 trace - called modules:
18:21:28.842 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8732e439]<<
18:21:28.846 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c91250]
18:21:28.851 3 CLASSPNP.SYS[8adc78b3] -> nt!IofCallDriver -> [0x861f5f08]
18:21:28.856 5 acpi.sys[82b376bc] -> nt!IofCallDriver -> [0x861fabf8]
18:21:28.861 \Driver\nvstor32[0x86f9a808] -> IRP_MJ_CREATE -> 0x8732e439
18:21:28.867 Scan finished successfully
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 13th, 2011, 2:23 am

OK TDSSKiller is seeing a TDL4 rootkit on your computer, but for whatever reason aswMBR does not. However since you're still being re-directed I think it's safe to assume you do have TDL4.

I'm going to start by trying a different method to remove TDL from your computer this time, and we'll see if we're any more successful than we were last time.

Before we attempt to fix things I'd like to make a backup of your Master Boot Record (MBR) so we can restore it if anything goes wrong.

  • Download MBRFix and extract it to your Desktop.
  • Copy MBRFix.exe to the C:\ folder.
  • Click Start and in the Search programs and files box type cmd.exe
  • Right click on Cmd.exe and select Run as an Administrator.
  • When prompted by UAC, please allow the prompt.
    • This will open a Command box.
    • Type cd\ .... hit Enter
    • Now type the following command .... C:\MBRFix /drive 0 savembr C:\Backup_MBR_0.bin .... hit Enter (be careful to enter the spaces in the correct places or it won't work).
    • Exit the command window.
    • Check to make sure there is a file Backup_MBR_0.bin in your C:\ folder.
    • Let me know if you have any problems, or if the file is not created.

ONLY IF you are able to create a backup, follow the instructions below ....

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 13th, 2011, 10:12 am

The backup was successfully created and is in my root directory at about 1 kb.

Combofix did not ask about the recovery console, but I have used combofix before so presumably it was already installed. CF simply launched a small progress bar right over the icon when I double clicked it. However, on two separate attempts, when the progress bar was almost completely full, the computer bluescreened. Is this another program that's not meant to be used in safemode, or shall I try that?
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 13th, 2011, 10:22 am

Some versions of TDL4 block Combofix. Since TDSSKiller ran successfully last time, lets try it again and see if it removes enough to allow Combofix to run.

First

  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished a list of detected items should be displayed.
  • Check to make sure the Cure option is selected in the drop down options. If cure is not available DO NOT select either Delete or Quarantine, just select Skip and let me know.
  • Please click on Continue
  • TDSSKiller will now attempt to clean the infection from your computer.
  • It will now ask for a reboot to complete the process, please click on Reboot now
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt (where DD.MM.YYYY_HH.MM.SS are the date and time the tool was run)
  • Post the contents in your next reply please.

Next

Reboot your computer.

Next

Now try running Combofix again, if it is successful please post me the log, if not just let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 13th, 2011, 11:35 am

I'll do these things when I get home tonight.
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 13th, 2011, 1:11 pm

:thumbright:
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 13th, 2011, 3:27 pm

One question... your instructions for TDSSKiller say that it will prompt me to reboot automatically, and produce a log upon. Then you say to reboot again. So, you need me to reboot twice immediately after one another before trying ComboFix? Just want to be sure I'm reading that right.
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 13th, 2011, 4:26 pm

If it prompts you for a re-boot, then no need to re-boot again, I just add the manual re-boot instruction in case you're not prompted by TDSSKiller (sometimes that happens).

The removal process doesn't happen until re-boot, so it's important that we have a re-boot (prompted or manual) before running Combofix.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 13th, 2011, 10:38 pm

Just like last time, windows now boots into the desktop without issue, and everything looks right again. Google redirection has stopped. But like they say, "Fool me once, shame on you. Fool me twice, shame on me." So, I'm not getting my hopes up too high just yet that everything is solved.

ComboFix said there was a new version and asked me if I wanted to update. I told it yes without really thinking about it... sorry if that was wrong.

TDSSKiller Log:
2011/04/13 17:40:01.0850 5388 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 17:40:02.0034 5388 ================================================================================
2011/04/13 17:40:02.0034 5388 SystemInfo:
2011/04/13 17:40:02.0034 5388
2011/04/13 17:40:02.0034 5388 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/13 17:40:02.0034 5388 Product type: Workstation
2011/04/13 17:40:02.0035 5388 ComputerName: ALEX-PC
2011/04/13 17:40:02.0035 5388 UserName: Alex
2011/04/13 17:40:02.0035 5388 Windows directory: C:\Windows
2011/04/13 17:40:02.0035 5388 System windows directory: C:\Windows
2011/04/13 17:40:02.0035 5388 Processor architecture: Intel x86
2011/04/13 17:40:02.0035 5388 Number of processors: 2
2011/04/13 17:40:02.0035 5388 Page size: 0x1000
2011/04/13 17:40:02.0035 5388 Boot type: Normal boot
2011/04/13 17:40:02.0035 5388 ================================================================================
2011/04/13 17:40:26.0286 5388 Initialize success
2011/04/13 17:40:29.0534 5964 ================================================================================
2011/04/13 17:40:29.0535 5964 Scan started
2011/04/13 17:40:29.0535 5964 Mode: Manual;
2011/04/13 17:40:29.0535 5964 ================================================================================
2011/04/13 17:40:29.0883 5964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/13 17:40:29.0975 5964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/13 17:40:30.0036 5964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/13 17:40:30.0106 5964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/13 17:40:30.0150 5964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/13 17:40:30.0266 5964 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/13 17:40:30.0325 5964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/13 17:40:30.0380 5964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/13 17:40:30.0436 5964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/13 17:40:30.0487 5964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/13 17:40:30.0537 5964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/13 17:40:30.0585 5964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/13 17:40:30.0620 5964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/13 17:40:30.0697 5964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/13 17:40:30.0751 5964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/13 17:40:30.0881 5964 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/13 17:40:30.0947 5964 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/13 17:40:30.0987 5964 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/04/13 17:40:31.0033 5964 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/04/13 17:40:31.0085 5964 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/04/13 17:40:31.0168 5964 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/04/13 17:40:31.0228 5964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 17:40:31.0287 5964 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/13 17:40:31.0354 5964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/13 17:40:31.0409 5964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/13 17:40:31.0474 5964 BLKWGDv8 (e4074a8efc2693d5541633529ef6beeb) C:\Windows\system32\DRIVERS\BLKWGDv8.sys
2011/04/13 17:40:31.0517 5964 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 17:40:31.0560 5964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/13 17:40:31.0599 5964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/13 17:40:31.0659 5964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/13 17:40:31.0699 5964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/13 17:40:31.0741 5964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/13 17:40:31.0784 5964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/13 17:40:31.0828 5964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/13 17:40:31.0877 5964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 17:40:31.0936 5964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/13 17:40:31.0985 5964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/13 17:40:32.0058 5964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/13 17:40:32.0120 5964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 17:40:32.0158 5964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/13 17:40:32.0298 5964 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/04/13 17:40:32.0343 5964 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/04/13 17:40:32.0372 5964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/13 17:40:32.0410 5964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/13 17:40:32.0507 5964 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/13 17:40:32.0579 5964 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 17:40:32.0642 5964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/13 17:40:32.0724 5964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 17:40:32.0805 5964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 17:40:32.0866 5964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/13 17:40:32.0946 5964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/13 17:40:33.0015 5964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/13 17:40:33.0093 5964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/13 17:40:33.0154 5964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/13 17:40:33.0216 5964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 17:40:33.0268 5964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 17:40:33.0310 5964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 17:40:33.0345 5964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 17:40:33.0417 5964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 17:40:33.0447 5964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 17:40:33.0499 5964 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 17:40:33.0544 5964 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/13 17:40:33.0594 5964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/13 17:40:33.0668 5964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/13 17:40:33.0727 5964 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/04/13 17:40:33.0809 5964 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/13 17:40:33.0862 5964 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 17:40:33.0948 5964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/13 17:40:34.0003 5964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/13 17:40:34.0046 5964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/13 17:40:34.0114 5964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/13 17:40:34.0165 5964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/13 17:40:34.0225 5964 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 17:40:34.0272 5964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/13 17:40:34.0326 5964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/13 17:40:34.0362 5964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/13 17:40:34.0429 5964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/13 17:40:34.0573 5964 IntcAzAudAddService (4de88b49c891f45cd9ea6d83a341d3e3) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/13 17:40:34.0660 5964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/13 17:40:34.0689 5964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 17:40:34.0738 5964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 17:40:34.0802 5964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/13 17:40:34.0828 5964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/13 17:40:34.0866 5964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 17:40:34.0905 5964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 17:40:34.0966 5964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/13 17:40:34.0999 5964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/13 17:40:35.0046 5964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/13 17:40:35.0087 5964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/13 17:40:35.0140 5964 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/13 17:40:35.0228 5964 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 17:40:35.0387 5964 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/13 17:40:35.0437 5964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 17:40:35.0530 5964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/13 17:40:35.0566 5964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/13 17:40:35.0612 5964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/13 17:40:35.0645 5964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/13 17:40:35.0766 5964 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/04/13 17:40:35.0921 5964 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
2011/04/13 17:40:36.0013 5964 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/13 17:40:36.0090 5964 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
2011/04/13 17:40:36.0146 5964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/13 17:40:36.0183 5964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/13 17:40:36.0250 5964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/13 17:40:36.0297 5964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 17:40:36.0333 5964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/13 17:40:36.0358 5964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 17:40:36.0388 5964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 17:40:36.0436 5964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/13 17:40:36.0471 5964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 17:40:36.0518 5964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/13 17:40:36.0548 5964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 17:40:36.0574 5964 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 17:40:36.0600 5964 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 17:40:36.0633 5964 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 17:40:36.0662 5964 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/13 17:40:36.0696 5964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 17:40:36.0739 5964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 17:40:36.0775 5964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 17:40:36.0835 5964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 17:40:36.0877 5964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 17:40:36.0906 5964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 17:40:36.0964 5964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 17:40:37.0004 5964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/13 17:40:37.0035 5964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 17:40:37.0083 5964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/13 17:40:37.0151 5964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 17:40:37.0201 5964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/13 17:40:37.0251 5964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 17:40:37.0280 5964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 17:40:37.0330 5964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 17:40:37.0361 5964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 17:40:37.0389 5964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 17:40:37.0421 5964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 17:40:37.0485 5964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/13 17:40:37.0523 5964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 17:40:37.0561 5964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 17:40:37.0637 5964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 17:40:37.0710 5964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/13 17:40:37.0749 5964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/13 17:40:37.0853 5964 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/13 17:40:38.0190 5964 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/13 17:40:38.0463 5964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 17:40:38.0496 5964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 17:40:38.0534 5964 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/04/13 17:40:38.0574 5964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 17:40:38.0679 5964 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/13 17:40:38.0774 5964 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/13 17:40:38.0807 5964 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 17:40:38.0835 5964 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/13 17:40:38.0890 5964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/13 17:40:38.0952 5964 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/13 17:40:38.0998 5964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/13 17:40:39.0055 5964 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/13 17:40:39.0141 5964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/13 17:40:39.0284 5964 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/04/13 17:40:39.0419 5964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 17:40:39.0453 5964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/13 17:40:39.0508 5964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 17:40:39.0577 5964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/13 17:40:39.0648 5964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/13 17:40:39.0687 5964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 17:40:39.0711 5964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 17:40:39.0746 5964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 17:40:39.0791 5964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 17:40:39.0817 5964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 17:40:39.0849 5964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 17:40:39.0876 5964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 17:40:39.0937 5964 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/13 17:40:39.0967 5964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 17:40:40.0025 5964 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 17:40:40.0098 5964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 17:40:40.0164 5964 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/13 17:40:40.0223 5964 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/04/13 17:40:40.0278 5964 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/04/13 17:40:40.0316 5964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 17:40:40.0394 5964 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2011/04/13 17:40:40.0436 5964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 17:40:40.0501 5964 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/13 17:40:40.0532 5964 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/13 17:40:40.0573 5964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/13 17:40:40.0637 5964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/13 17:40:40.0677 5964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 17:40:40.0717 5964 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/13 17:40:40.0758 5964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/13 17:40:40.0818 5964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/13 17:40:40.0847 5964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/13 17:40:40.0877 5964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/13 17:40:40.0948 5964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 17:40:41.0014 5964 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/04/13 17:40:41.0051 5964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/13 17:40:41.0171 5964 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 17:40:41.0171 5964 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2011/04/13 17:40:41.0178 5964 sptd - detected Locked file (1)
2011/04/13 17:40:41.0236 5964 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 17:40:41.0286 5964 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 17:40:41.0314 5964 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 17:40:41.0411 5964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/13 17:40:41.0456 5964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/13 17:40:41.0498 5964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/13 17:40:41.0542 5964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/13 17:40:41.0657 5964 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 17:40:41.0732 5964 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 17:40:41.0794 5964 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 17:40:41.0832 5964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 17:40:41.0867 5964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 17:40:41.0918 5964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 17:40:41.0974 5964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/13 17:40:42.0044 5964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 17:40:42.0094 5964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/13 17:40:42.0135 5964 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 17:40:42.0184 5964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/13 17:40:42.0234 5964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 17:40:42.0303 5964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 17:40:42.0345 5964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/13 17:40:42.0411 5964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/13 17:40:42.0451 5964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/13 17:40:42.0487 5964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/13 17:40:42.0549 5964 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/13 17:40:42.0624 5964 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/13 17:40:42.0663 5964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/13 17:40:42.0696 5964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 17:40:42.0761 5964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 17:40:42.0823 5964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 17:40:42.0884 5964 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/13 17:40:42.0921 5964 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/13 17:40:42.0967 5964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 17:40:43.0009 5964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 17:40:43.0081 5964 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/13 17:40:43.0134 5964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 17:40:43.0167 5964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/13 17:40:43.0208 5964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/13 17:40:43.0252 5964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/13 17:40:43.0296 5964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/13 17:40:43.0331 5964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 17:40:43.0384 5964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 17:40:43.0443 5964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 17:40:43.0483 5964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/13 17:40:43.0536 5964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/13 17:40:43.0571 5964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 17:40:43.0591 5964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 17:40:43.0648 5964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/13 17:40:43.0699 5964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 17:40:43.0820 5964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/13 17:40:43.0926 5964 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/13 17:40:43.0969 5964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 17:40:44.0037 5964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 17:40:44.0107 5964 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/13 17:40:44.0234 5964 ================================================================================
2011/04/13 17:40:44.0234 5964 Scan finished
2011/04/13 17:40:44.0235 5964 ================================================================================
2011/04/13 17:40:44.0249 5424 Detected object count: 2
2011/04/13 17:41:19.0287 5424 Locked file(sptd) - User select action: Skip
2011/04/13 17:41:19.0301 5424 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/13 17:41:19.0301 5424 \HardDisk1 - ok
2011/04/13 17:41:19.0302 5424 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/04/13 17:41:22.0224 4344 Deinitialize success


Combofix Log:
ComboFix 11-04-13.02 - Alex 04/13/2011 18:44:19.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.1841 [GMT -6:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\Adobe\plugs
c:\windows\desktop
c:\windows\desktop\Cook'n & Grill'n.lnk
c:\windows\system32\MSMASK32.OCX
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 00:42 . 2011-04-14 00:42 -------- d-----w- C:\32788R22FWJFW
2011-04-13 13:37 . 2011-04-13 13:37 512 ----a-w- C:\Backup_MBR_0.bin
2011-04-13 13:35 . 2009-08-06 03:55 123904 ----a-w- C:\MbrFix.exe
2011-04-12 03:03 . 2011-04-12 13:44 -------- d-----w- c:\users\Alex\AppData\Roaming\BitTorrent
2011-04-09 20:28 . 2011-01-19 23:47 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-06 03:36 . 2011-04-06 03:36 -------- d-----w- c:\program files\Common Files\Futuremark Shared
2011-04-06 03:35 . 2011-04-06 03:35 -------- d-----w- c:\program files\Futuremark
2011-04-02 05:21 . 2011-04-02 05:21 -------- d-----w- c:\users\Alex\AppData\Local\CrashRpt
2011-04-02 05:21 . 2011-04-02 14:30 -------- d-----w- c:\program files\Livestream Procaster
2011-04-02 05:21 . 2011-04-02 05:37 -------- d-----w- c:\users\Alex\AppData\Local\Procaster
2011-03-21 02:05 . 2011-03-21 02:05 98816 ----a-w- c:\windows\system32\mfps.dll
2011-03-21 02:04 . 2011-03-21 02:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-21 02:04 . 2011-03-21 02:04 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-21 02:04 . 2011-03-21 02:04 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-21 02:04 . 2011-03-21 02:04 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-21 02:04 . 2011-03-21 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-21 02:04 . 2011-03-21 02:04 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-21 02:04 . 2011-03-21 02:04 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-20 06:36 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-20 06:36 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-20 06:36 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-20 06:36 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-20 06:36 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-20 06:35 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-20 06:34 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-20 06:34 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-20 06:34 . 2011-03-20 06:34 -------- d-----w- c:\programdata\AVAST Software
2011-03-20 06:34 . 2011-03-20 06:34 -------- d-----w- c:\program files\AVAST Software
2011-03-17 01:05 . 2011-03-17 02:35 -------- d-----w- c:\users\Alex\Calibre Library
2011-03-17 01:05 . 2011-03-17 01:06 -------- d-----w- c:\users\Alex\AppData\Roaming\calibre
2011-03-17 01:04 . 2011-03-17 01:04 -------- d-----w- c:\program files\Calibre2
2011-03-15 02:46 . 2011-03-15 02:47 -------- d-----w- c:\users\Alex\AppData\Roaming\Trillian
2011-03-15 02:46 . 2011-03-15 05:09 -------- d-----w- c:\program files\Trillian
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 03:37 . 2009-08-18 22:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-06 03:37 . 2009-08-18 22:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-03-21 02:04 . 2011-03-21 02:04 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-02-28 02:42 . 2009-11-21 06:19 716272 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-12 21:17 . 2009-09-12 07:51 154624 ----a-w- c:\windows\system32\RemoteControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-10 01:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-10 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-19 01:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-16 39408]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-13 4917384]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2011-02-28 4608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-06-24 126976]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-9-28 42168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-08-28 04:59 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-06-24 02:07 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 03:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 23:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 23:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-29 02:22 1242448 ----a-w- e:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-16 22:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- e:\program files\Winamp\winampa.exe
.
R2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]
R3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\system32\DRIVERS\BLKWGDv8.sys [2006-11-18 312832]
R3 cpuz130;cpuz130;c:\users\Alex\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-12-16 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-28 716272]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-12-16 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 23:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 16:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-16 22:10]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 22:11]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - e:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: {45B82F13-8CAA-44B2-A0BF-232ABD77AF8C} = 68.87.85.102,68.87.69.150
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/ ... tion32.cab
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2304157&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-13 18:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AirVideoServer = c:\program files\AirVideoServer\AirVideoServer.exe?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\00000067
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-770543726-423754612-1244475062-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e7,f5,c0,97,e1,6d,25,b4,bf,6f,ad,5b,f6,46,f4,7c,82,9a,4c,d6,ce,5a,77,
fd,36,31,29,ad,c8,07,c7,cf,98,50,14,c9,60,a2,ba,f4,98,38,39,3d,33,8d,dd,77,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-13 18:55:21
ComboFix-quarantined-files.txt 2011-04-14 00:55
.
Pre-Run: 59,666,010,112 bytes free
Post-Run: 59,658,027,008 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - 5B1E3094ED584B6964305E51BB36320F
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby Gary R » April 14th, 2011, 2:25 am

OK, looks like we got the TDL this time, since TDSSKiller is showing it gone, and Combofix which also targets it is also showing it as gone as well.

There's still one or two things to do, but they're best done using OTL, so I'll need a scan from that first.

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Also can you run a scan with Malwarebytes Anti-Malware and post me the log ....

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • MBAM log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Google Redirection, Windows UI Issues (Round 2)

Unread postby AlexG2490 » April 14th, 2011, 9:30 am

As usual, I'll do those when I get home from work tonight. However, I'm extra paranoid now, so before I do those things, can I re-enable my antivirus?
AlexG2490
Regular Member
 
Posts: 30
Joined: March 22nd, 2011, 10:35 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware