Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recovered from Smart HHD, now search engine redirects and malware tries to install


  • Please log in to reply
9 replies to this topic

#1 Secksorcist

Secksorcist

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 19 April 2012 - 01:42 AM

About a week ago I followed the guide posted here to recover from the Smart HDD virus. I ran RKill, TDSSKiller, Unhide, Malwarebites, Ad-Aware, Spybot S&D, and even SUPER AntiSpyware. My computer is completely back to normal and fully functional. At this point none of these programs find any infections (I reinstalled and updated every single one of them, some of it in safe mode, and all have the latest definitions files). However, I'm still experiencing a few problems, which might be what caused me to get Smart HDD virus in the first place.

All the browsers that I use constantly try to redirect me to random web sites. I've noticed that the first redirect link is usually always "bar-search.net" and then this further redirects me to a randomly chosen web site. Furthermore it seems that every time I restart my computer and then start up any browser (IE and Firefox), Ad-Aware instantly quarantines Trojan.Win32.Generic!BT. This has been happening consistently for the past week or so since the removal of Smart HDD, and as I said above none of the programs (which I've retried again and again) find any infections save for "Trojan.Win32.Generic!BT" which is removed automatically by Ad-Aware only after a complete restart, and even then not every time.

I'm running Windows XP Service Pack 3, and currently running a free trial of Ad-Aware Pro Security.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 AM

Posted 19 April 2012 - 08:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 Secksorcist

Secksorcist
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 19 April 2012 - 05:20 PM

Did all the scans as instructed. Below are the logs for each.


TDSS Log:

12:43:55.0015 2760 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
12:43:55.0609 2760 ============================================================
12:43:55.0609 2760 Current date / time: 2012/04/19 12:43:55.0609
12:43:55.0609 2760 SystemInfo:
12:43:55.0609 2760
12:43:55.0609 2760 OS Version: 5.1.2600 ServicePack: 3.0
12:43:55.0609 2760 Product type: Workstation
12:43:55.0609 2760 ComputerName: MLB
12:43:55.0609 2760 UserName: MLB
12:43:55.0609 2760 Windows directory: C:\WINDOWS
12:43:55.0609 2760 System windows directory: C:\WINDOWS
12:43:55.0609 2760 Processor architecture: Intel x86
12:43:55.0609 2760 Number of processors: 4
12:43:55.0609 2760 Page size: 0x1000
12:43:55.0609 2760 Boot type: Normal boot
12:43:55.0609 2760 ============================================================
12:43:57.0000 2760 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
12:43:57.0000 2760 \Device\Harddisk0\DR0:
12:43:57.0000 2760 MBR partitions:
12:43:57.0000 2760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
12:43:57.0000 2760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0x22355B0E
12:43:57.0265 2760 C: <-> \Device\Harddisk0\DR0\Partition0
12:43:57.0281 2760 D: <-> \Device\Harddisk0\DR0\Partition1
12:43:57.0281 2760 Initialize success
12:43:57.0281 2760 ============================================================
12:44:15.0078 2472 ============================================================
12:44:15.0078 2472 Scan started
12:44:15.0078 2472 Mode: Manual; TDLFS;
12:44:15.0078 2472 ============================================================
12:44:15.0312 2472 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:44:15.0343 2472 !SASCORE - ok
12:44:15.0421 2472 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
12:44:15.0453 2472 61883 - ok
12:44:15.0453 2472 Abiosdsk - ok
12:44:15.0468 2472 abp480n5 - ok
12:44:15.0484 2472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:44:15.0484 2472 ACPI - ok
12:44:15.0515 2472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:44:15.0531 2472 ACPIEC - ok
12:44:15.0562 2472 ACS (f7f9513070cc9698c02acb747070e04c) C:\WINDOWS\system32\acs.exe
12:44:15.0953 2472 ACS - ok
12:44:16.0062 2472 Ad-Aware Service (fb182ad520910442abf146bb325de79b) D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
12:44:16.0093 2472 Ad-Aware Service - ok
12:44:16.0140 2472 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:44:16.0140 2472 AdobeFlashPlayerUpdateSvc - ok
12:44:16.0187 2472 adpu160m - ok
12:44:16.0312 2472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:44:16.0343 2472 aec - ok
12:44:16.0375 2472 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:44:16.0390 2472 AegisP - ok
12:44:16.0421 2472 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:44:16.0453 2472 AFD - ok
12:44:16.0468 2472 Aha154x - ok
12:44:16.0500 2472 aic78u2 - ok
12:44:16.0500 2472 aic78xx - ok
12:44:16.0546 2472 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:44:16.0562 2472 Alerter - ok
12:44:16.0593 2472 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:44:16.0609 2472 ALG - ok
12:44:16.0609 2472 AliIde - ok
12:44:16.0671 2472 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:44:16.0718 2472 Ambfilt - ok
12:44:16.0734 2472 amsint - ok
12:44:16.0734 2472 AppMgmt - ok
12:44:16.0750 2472 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:44:16.0765 2472 Arp1394 - ok
12:44:16.0781 2472 asc - ok
12:44:16.0796 2472 asc3350p - ok
12:44:16.0796 2472 asc3550 - ok
12:44:16.0859 2472 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
12:44:16.0890 2472 ASPI - ok
12:44:16.0953 2472 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:44:16.0984 2472 aspnet_state - ok
12:44:17.0015 2472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:44:17.0046 2472 AsyncMac - ok
12:44:17.0078 2472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:44:17.0109 2472 atapi - ok
12:44:17.0125 2472 Atdisk - ok
12:44:17.0125 2472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:44:17.0156 2472 Atmarpc - ok
12:44:17.0171 2472 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:44:17.0203 2472 AudioSrv - ok
12:44:17.0218 2472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:44:17.0234 2472 audstub - ok
12:44:17.0265 2472 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
12:44:17.0296 2472 Avc - ok
12:44:17.0328 2472 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
12:44:17.0343 2472 BCM42RLY - ok
12:44:17.0343 2472 BCM43XX - ok
12:44:17.0375 2472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:44:17.0390 2472 Beep - ok
12:44:17.0421 2472 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:44:17.0515 2472 BITS - ok
12:44:17.0562 2472 BLKWGD (c2e8c62ed66ec1a9d4b03d6ab0fc851c) C:\WINDOWS\system32\DRIVERS\BLKWGD.sys
12:44:17.0562 2472 BLKWGD - ok
12:44:17.0609 2472 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
12:44:17.0640 2472 Bonjour Service - ok
12:44:17.0656 2472 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:44:17.0687 2472 Browser - ok
12:44:17.0718 2472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:44:17.0734 2472 cbidf2k - ok
12:44:17.0765 2472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:44:17.0781 2472 CCDECODE - ok
12:44:17.0796 2472 cd20xrnt - ok
12:44:17.0812 2472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:44:17.0828 2472 Cdaudio - ok
12:44:17.0859 2472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:44:17.0890 2472 Cdfs - ok
12:44:17.0921 2472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:44:17.0937 2472 Cdrom - ok
12:44:17.0953 2472 Changer - ok
12:44:17.0968 2472 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:44:18.0000 2472 CiSvc - ok
12:44:18.0015 2472 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:44:18.0031 2472 ClipSrv - ok
12:44:18.0078 2472 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:44:18.0156 2472 clr_optimization_v2.0.50727_32 - ok
12:44:18.0187 2472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:44:18.0265 2472 clr_optimization_v4.0.30319_32 - ok
12:44:18.0281 2472 CmdIde - ok
12:44:18.0296 2472 COMSysApp - ok
12:44:18.0312 2472 Cpqarray - ok
12:44:18.0343 2472 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:44:18.0359 2472 CryptSvc - ok
12:44:18.0375 2472 dac2w2k - ok
12:44:18.0390 2472 dac960nt - ok
12:44:18.0406 2472 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:44:18.0421 2472 DcomLaunch - ok
12:44:18.0453 2472 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:44:18.0453 2472 Dhcp - ok
12:44:18.0484 2472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:44:18.0515 2472 Disk - ok
12:44:18.0531 2472 dmadmin - ok
12:44:18.0593 2472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:44:18.0640 2472 dmboot - ok
12:44:18.0671 2472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:44:18.0687 2472 dmio - ok
12:44:18.0703 2472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:44:18.0718 2472 dmload - ok
12:44:18.0765 2472 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:44:18.0781 2472 dmserver - ok
12:44:18.0812 2472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:44:18.0828 2472 DMusic - ok
12:44:18.0859 2472 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:44:18.0890 2472 Dnscache - ok
12:44:18.0906 2472 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:44:18.0937 2472 Dot3svc - ok
12:44:18.0953 2472 dpti2o - ok
12:44:18.0984 2472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:44:19.0015 2472 drmkaud - ok
12:44:19.0015 2472 EagleNT - ok
12:44:19.0031 2472 EagleXNt - ok
12:44:19.0062 2472 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:44:19.0093 2472 EapHost - ok
12:44:19.0109 2472 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:44:19.0125 2472 ERSvc - ok
12:44:19.0156 2472 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:44:19.0187 2472 Eventlog - ok
12:44:19.0218 2472 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:44:19.0250 2472 EventSystem - ok
12:44:19.0281 2472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:44:19.0296 2472 Fastfat - ok
12:44:19.0328 2472 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:44:19.0343 2472 FastUserSwitchingCompatibility - ok
12:44:19.0375 2472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:44:19.0390 2472 Fdc - ok
12:44:19.0421 2472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:44:19.0453 2472 Fips - ok
12:44:19.0515 2472 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:44:19.0562 2472 FLEXnet Licensing Service - ok
12:44:19.0578 2472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:44:19.0609 2472 Flpydisk - ok
12:44:19.0640 2472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:44:19.0671 2472 FltMgr - ok
12:44:19.0734 2472 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:44:19.0750 2472 FontCache3.0.0.0 - ok
12:44:19.0765 2472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:44:19.0796 2472 Fs_Rec - ok
12:44:19.0796 2472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:44:19.0828 2472 Ftdisk - ok
12:44:19.0859 2472 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:44:19.0875 2472 GEARAspiWDM - ok
12:44:19.0906 2472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:44:19.0953 2472 Gpc - ok
12:44:19.0984 2472 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:44:20.0000 2472 GTNDIS5 - ok
12:44:20.0031 2472 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
12:44:20.0046 2472 hamachi - ok
12:44:20.0203 2472 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
12:44:20.0250 2472 Hamachi2Svc - ok
12:44:20.0296 2472 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:44:20.0296 2472 HDAudBus - ok
12:44:20.0328 2472 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:44:20.0343 2472 helpsvc - ok
12:44:20.0359 2472 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:44:20.0390 2472 HidServ - ok
12:44:20.0406 2472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:44:20.0421 2472 HidUsb - ok
12:44:20.0468 2472 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:44:20.0484 2472 hkmsvc - ok
12:44:20.0484 2472 hpn - ok
12:44:20.0531 2472 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:44:20.0562 2472 HPZid412 - ok
12:44:20.0578 2472 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:44:20.0609 2472 HPZipr12 - ok
12:44:20.0640 2472 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:44:20.0656 2472 HPZius12 - ok
12:44:20.0703 2472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:44:20.0703 2472 HTTP - ok
12:44:20.0750 2472 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:44:20.0765 2472 HTTPFilter - ok
12:44:20.0781 2472 i2omgmt - ok
12:44:20.0781 2472 i2omp - ok
12:44:20.0828 2472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:44:20.0843 2472 i8042prt - ok
12:44:20.0921 2472 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:44:20.0968 2472 idsvc - ok
12:44:21.0000 2472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:44:21.0031 2472 Imapi - ok
12:44:21.0078 2472 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:44:21.0093 2472 ImapiService - ok
12:44:21.0125 2472 ini910u - ok
12:44:21.0250 2472 IntcAzAudAddService (5707cec38db61b96079e6a14b4702446) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:44:21.0328 2472 IntcAzAudAddService - ok
12:44:21.0343 2472 IntelIde - ok
12:44:21.0390 2472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:44:21.0390 2472 intelppm - ok
12:44:21.0421 2472 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:44:21.0453 2472 Ip6Fw - ok
12:44:21.0468 2472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:44:21.0484 2472 IpFilterDriver - ok
12:44:21.0500 2472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:44:21.0515 2472 IpInIp - ok
12:44:21.0546 2472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:44:21.0546 2472 IpNat - ok
12:44:21.0562 2472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:44:21.0593 2472 IPSec - ok
12:44:21.0625 2472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:44:21.0640 2472 IRENUM - ok
12:44:21.0671 2472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:44:21.0687 2472 isapnp - ok
12:44:21.0781 2472 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:44:21.0796 2472 JavaQuickStarterService - ok
12:44:21.0828 2472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:44:21.0843 2472 Kbdclass - ok
12:44:21.0875 2472 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:44:21.0906 2472 kbdhid - ok
12:44:21.0921 2472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:44:21.0953 2472 kmixer - ok
12:44:21.0984 2472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:44:22.0000 2472 KSecDD - ok
12:44:22.0046 2472 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:44:22.0062 2472 lanmanserver - ok
12:44:22.0093 2472 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:44:22.0125 2472 lanmanworkstation - ok
12:44:22.0156 2472 Lavasoft Kernexplorer - ok
12:44:22.0203 2472 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:44:22.0218 2472 Lbd - ok
12:44:22.0218 2472 lbrtfdc - ok
12:44:22.0234 2472 LicCtrlService - ok
12:44:22.0281 2472 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:44:22.0312 2472 LmHosts - ok
12:44:22.0343 2472 MacDriveService (3085e01e239b2875dfa538e6eb7d7ada) C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
12:44:22.0828 2472 MacDriveService - ok
12:44:22.0859 2472 MDFSYSNT (3f6542dbf1fcaa30cb6a42719a24bd71) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
12:44:23.0046 2472 MDFSYSNT - ok
12:44:23.0078 2472 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
12:44:23.0250 2472 MDPMGRNT - ok
12:44:23.0281 2472 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:44:23.0296 2472 Messenger - ok
12:44:23.0312 2472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:44:23.0343 2472 mnmdd - ok
12:44:23.0375 2472 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:44:23.0390 2472 mnmsrvc - ok
12:44:23.0421 2472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:44:23.0437 2472 Modem - ok
12:44:23.0484 2472 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
12:44:23.0546 2472 Monfilt - ok
12:44:23.0562 2472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:44:23.0593 2472 Mouclass - ok
12:44:23.0625 2472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:44:23.0640 2472 mouhid - ok
12:44:23.0656 2472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:44:23.0687 2472 MountMgr - ok
12:44:23.0687 2472 mraid35x - ok
12:44:23.0718 2472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:44:23.0750 2472 MRxDAV - ok
12:44:23.0781 2472 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:44:23.0796 2472 MRxSmb - ok
12:44:23.0828 2472 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:44:23.0859 2472 MSDTC - ok
12:44:23.0890 2472 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
12:44:23.0906 2472 MSDV - ok
12:44:23.0937 2472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:44:23.0953 2472 Msfs - ok
12:44:23.0968 2472 MSIServer - ok
12:44:24.0000 2472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:44:24.0015 2472 MSKSSRV - ok
12:44:24.0046 2472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:44:24.0078 2472 MSPCLOCK - ok
12:44:24.0093 2472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:44:24.0109 2472 MSPQM - ok
12:44:24.0140 2472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:44:24.0140 2472 mssmbios - ok
12:44:24.0187 2472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:44:24.0203 2472 MSTEE - ok
12:44:24.0234 2472 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:44:24.0265 2472 Mup - ok
12:44:24.0296 2472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:44:24.0312 2472 NABTSFEC - ok
12:44:24.0359 2472 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:44:24.0390 2472 napagent - ok
12:44:24.0406 2472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:44:24.0437 2472 NDIS - ok
12:44:24.0468 2472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:44:24.0500 2472 NdisIP - ok
12:44:24.0531 2472 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:44:24.0562 2472 NdisTapi - ok
12:44:24.0578 2472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:44:24.0593 2472 Ndisuio - ok
12:44:24.0625 2472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:44:24.0656 2472 NdisWan - ok
12:44:24.0671 2472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:44:24.0687 2472 NDProxy - ok
12:44:24.0703 2472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:44:24.0718 2472 NetBIOS - ok
12:44:24.0750 2472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:44:24.0781 2472 NetBT - ok
12:44:24.0828 2472 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:44:24.0843 2472 NetDDE - ok
12:44:24.0859 2472 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:44:24.0859 2472 NetDDEdsdm - ok
12:44:24.0906 2472 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:44:24.0921 2472 Netlogon - ok
12:44:24.0968 2472 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:44:24.0968 2472 Netman - ok
12:44:25.0031 2472 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:44:25.0078 2472 NetTcpPortSharing - ok
12:44:25.0093 2472 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:44:25.0093 2472 NIC1394 - ok
12:44:25.0125 2472 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:44:25.0125 2472 Nla - ok
12:44:25.0156 2472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:44:25.0171 2472 Npfs - ok
12:44:25.0187 2472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:44:25.0218 2472 Ntfs - ok
12:44:25.0265 2472 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:44:25.0265 2472 NtLmSsp - ok
12:44:25.0296 2472 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:44:25.0312 2472 NtmsSvc - ok
12:44:25.0359 2472 nTuneService - ok
12:44:25.0375 2472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:44:25.0406 2472 Null - ok
12:44:25.0656 2472 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:44:25.0968 2472 nv - ok
12:44:26.0000 2472 NVENETFD (85f2ffe9aa05487c7e48503b0c336d70) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:44:26.0031 2472 NVENETFD - ok
12:44:26.0046 2472 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
12:44:26.0062 2472 nvgts - ok
12:44:26.0093 2472 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
12:44:26.0109 2472 NVHDA - ok
12:44:26.0125 2472 nvnetbus (683ed64f70cb63c8ea84657e45a66974) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:44:26.0140 2472 nvnetbus - ok
12:44:26.0156 2472 NVR0Dev (9c76be3103252432ff6b302315d5b02d) C:\WINDOWS\nvoclock.sys
12:44:27.0000 2472 NVR0Dev - ok
12:44:27.0062 2472 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
12:44:27.0093 2472 NVSvc - ok
12:44:27.0125 2472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:44:27.0140 2472 NwlnkFlt - ok
12:44:27.0171 2472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:44:27.0187 2472 NwlnkFwd - ok
12:44:27.0281 2472 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:44:27.0296 2472 odserv - ok
12:44:27.0328 2472 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:44:27.0328 2472 ohci1394 - ok
12:44:27.0359 2472 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:44:27.0375 2472 ose - ok
12:44:27.0421 2472 P0630VID (68cb569ede9cfb3b0bf17966428df025) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
12:44:27.0437 2472 P0630VID - ok
12:44:27.0484 2472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:44:27.0500 2472 Parport - ok
12:44:27.0546 2472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:44:27.0562 2472 PartMgr - ok
12:44:27.0609 2472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:44:27.0625 2472 ParVdm - ok
12:44:27.0687 2472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:44:27.0703 2472 PCI - ok
12:44:27.0718 2472 PCIDump - ok
12:44:27.0765 2472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:44:27.0781 2472 PCIIde - ok
12:44:27.0828 2472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:44:27.0843 2472 Pcmcia - ok
12:44:27.0859 2472 PDCOMP - ok
12:44:27.0859 2472 PDFRAME - ok
12:44:27.0875 2472 PDRELI - ok
12:44:27.0875 2472 PDRFRAME - ok
12:44:27.0890 2472 perc2 - ok
12:44:27.0890 2472 perc2hib - ok
12:44:27.0937 2472 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:44:27.0937 2472 PlugPlay - ok
12:44:27.0984 2472 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
12:44:28.0000 2472 Pml Driver HPZ12 - ok
12:44:28.0031 2472 PnkBstrA (a9d6b1e7ef097c7f3b5dc4f56c0e7386) C:\WINDOWS\system32\PnkBstrA.exe
12:44:28.0062 2472 PnkBstrA - ok
12:44:28.0093 2472 Point32 (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys
12:44:28.0109 2472 Point32 - ok
12:44:28.0140 2472 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:44:28.0140 2472 PolicyAgent - ok
12:44:28.0171 2472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:44:28.0187 2472 PptpMiniport - ok
12:44:28.0218 2472 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:44:28.0218 2472 ProtectedStorage - ok
12:44:28.0234 2472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:44:28.0250 2472 PSched - ok
12:44:28.0265 2472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:44:28.0281 2472 Ptilink - ok
12:44:28.0296 2472 ql1080 - ok
12:44:28.0296 2472 Ql10wnt - ok
12:44:28.0312 2472 ql12160 - ok
12:44:28.0328 2472 ql1240 - ok
12:44:28.0343 2472 ql1280 - ok
12:44:28.0375 2472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:44:28.0390 2472 RasAcd - ok
12:44:28.0453 2472 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:44:28.0468 2472 RasAuto - ok
12:44:28.0515 2472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:44:28.0531 2472 Rasl2tp - ok
12:44:28.0562 2472 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:44:28.0593 2472 RasMan - ok
12:44:28.0625 2472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:44:28.0656 2472 RasPppoe - ok
12:44:28.0671 2472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:44:28.0687 2472 Raspti - ok
12:44:28.0718 2472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:44:28.0750 2472 Rdbss - ok
12:44:28.0765 2472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:44:28.0796 2472 RDPCDD - ok
12:44:28.0812 2472 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:44:28.0843 2472 RDPWD - ok
12:44:28.0875 2472 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:44:28.0906 2472 RDSessMgr - ok
12:44:28.0921 2472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:44:28.0953 2472 redbook - ok
12:44:28.0984 2472 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:44:29.0015 2472 RemoteAccess - ok
12:44:29.0015 2472 rnadiagreceiver - ok
12:44:29.0031 2472 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:44:29.0062 2472 RpcLocator - ok
12:44:29.0078 2472 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:44:29.0093 2472 RpcSs - ok
12:44:29.0109 2472 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
12:44:29.0296 2472 rspndr - ok
12:44:29.0312 2472 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:44:29.0343 2472 RSVP - ok
12:44:29.0375 2472 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:44:29.0375 2472 SamSs - ok
12:44:29.0468 2472 SASDIFSV (39763504067962108505bff25f024345) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:44:29.0484 2472 SASDIFSV - ok
12:44:29.0484 2472 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:44:29.0515 2472 SASKUTIL - ok
12:44:29.0656 2472 SBAMSvc (c7d53053541a448febb1373abbaf79ef) D:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
12:44:29.0703 2472 SBAMSvc - ok
12:44:29.0750 2472 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys
12:44:29.0765 2472 sbaphd - ok
12:44:29.0781 2472 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys
12:44:29.0796 2472 sbapifs - ok
12:44:29.0828 2472 SbFw (eb4a2b5faa3decd33ed682a5569e287f) C:\WINDOWS\system32\drivers\SbFw.sys
12:44:29.0859 2472 SbFw - ok
12:44:29.0890 2472 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
12:44:29.0890 2472 SBFWIMCL - ok
12:44:29.0890 2472 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
12:44:29.0890 2472 SBFWIMCLMP - ok
12:44:29.0906 2472 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\WINDOWS\system32\drivers\sbhips.sys
12:44:29.0937 2472 sbhips - ok
12:44:29.0968 2472 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys
12:44:29.0984 2472 SBRE - ok
12:44:30.0015 2472 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
12:44:30.0046 2472 SbTis - ok
12:44:30.0078 2472 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:44:30.0093 2472 SCardSvr - ok
12:44:30.0140 2472 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:44:30.0171 2472 Schedule - ok
12:44:30.0203 2472 SCREAMINGBDRIVER (024411d283226deb158b88a465cb555c) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
12:44:30.0218 2472 SCREAMINGBDRIVER - ok
12:44:30.0250 2472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:44:30.0265 2472 Secdrv - ok
12:44:30.0296 2472 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:44:30.0312 2472 seclogon - ok
12:44:30.0343 2472 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:44:30.0375 2472 SENS - ok
12:44:30.0390 2472 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:44:30.0421 2472 Serenum - ok
12:44:30.0421 2472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:44:30.0453 2472 Serial - ok
12:44:30.0484 2472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:44:30.0500 2472 Sfloppy - ok
12:44:30.0562 2472 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:44:30.0593 2472 SharedAccess - ok
12:44:30.0609 2472 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:44:30.0609 2472 ShellHWDetection - ok
12:44:30.0625 2472 Simbad - ok
12:44:30.0640 2472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:44:30.0656 2472 SLIP - ok
12:44:30.0703 2472 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys
12:44:30.0718 2472 snapman - ok
12:44:30.0718 2472 Sparrow - ok
12:44:30.0734 2472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:44:30.0765 2472 splitter - ok
12:44:30.0796 2472 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:44:30.0812 2472 Spooler - ok
12:44:30.0843 2472 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
12:44:30.0890 2472 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
12:44:30.0890 2472 sptd ( LockedFile.Multi.Generic ) - warning
12:44:30.0890 2472 sptd - detected LockedFile.Multi.Generic (1)
12:44:30.0937 2472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:44:30.0953 2472 sr - ok
12:44:31.0000 2472 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:44:31.0015 2472 srservice - ok
12:44:31.0031 2472 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:44:31.0062 2472 Srv - ok
12:44:31.0078 2472 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:44:31.0093 2472 SSDPSRV - ok
12:44:31.0125 2472 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:44:31.0156 2472 stisvc - ok
12:44:31.0187 2472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:44:31.0203 2472 streamip - ok
12:44:31.0234 2472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:44:31.0265 2472 swenum - ok
12:44:31.0281 2472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:44:31.0296 2472 swmidi - ok
12:44:31.0312 2472 SwPrv - ok
12:44:31.0328 2472 symc810 - ok
12:44:31.0343 2472 symc8xx - ok
12:44:31.0359 2472 sym_hi - ok
12:44:31.0359 2472 sym_u3 - ok
12:44:31.0406 2472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:44:31.0421 2472 sysaudio - ok
12:44:31.0468 2472 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:44:31.0484 2472 SysmonLog - ok
12:44:31.0531 2472 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:44:31.0546 2472 TapiSrv - ok
12:44:31.0640 2472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:44:31.0687 2472 Tcpip - ok
12:44:31.0718 2472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:44:31.0750 2472 TDPIPE - ok
12:44:31.0781 2472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:44:31.0796 2472 TDTCP - ok
12:44:31.0828 2472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:44:31.0843 2472 TermDD - ok
12:44:31.0875 2472 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:44:31.0890 2472 TermService - ok
12:44:31.0921 2472 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:44:31.0921 2472 Themes - ok
12:44:31.0937 2472 TosIde - ok
12:44:31.0953 2472 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:44:31.0968 2472 TrkWks - ok
12:44:31.0984 2472 trufos - ok
12:44:32.0015 2472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:44:32.0031 2472 Udfs - ok
12:44:32.0046 2472 ultra - ok
12:44:32.0078 2472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:44:32.0093 2472 Update - ok
12:44:32.0140 2472 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:44:32.0156 2472 upnphost - ok
12:44:32.0187 2472 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:44:32.0218 2472 UPS - ok
12:44:32.0250 2472 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:44:32.0281 2472 usbaudio - ok
12:44:32.0296 2472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:44:32.0312 2472 usbccgp - ok
12:44:32.0343 2472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:44:32.0359 2472 usbehci - ok
12:44:32.0406 2472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:44:32.0421 2472 usbhub - ok
12:44:32.0453 2472 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:44:32.0468 2472 usbohci - ok
12:44:32.0500 2472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:44:32.0515 2472 usbprint - ok
12:44:32.0531 2472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:44:32.0562 2472 usbscan - ok
12:44:32.0578 2472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:44:32.0593 2472 USBSTOR - ok
12:44:32.0625 2472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:44:32.0656 2472 VgaSave - ok
12:44:32.0656 2472 ViaIde - ok
12:44:32.0703 2472 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
12:44:32.0718 2472 Viewpoint Manager Service - ok
12:44:32.0750 2472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:44:32.0765 2472 VolSnap - ok
12:44:32.0796 2472 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:44:32.0828 2472 VSS - ok
12:44:32.0859 2472 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:44:32.0875 2472 W32Time - ok
12:44:32.0906 2472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:44:32.0921 2472 Wanarp - ok
12:44:32.0968 2472 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:44:33.0000 2472 Wdf01000 - ok
12:44:33.0000 2472 WDICA - ok
12:44:33.0031 2472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:44:33.0062 2472 wdmaud - ok
12:44:33.0093 2472 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:44:33.0125 2472 WebClient - ok
12:44:33.0171 2472 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:44:33.0187 2472 winmgmt - ok
12:44:33.0234 2472 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
12:44:33.0265 2472 WinUSB - ok
12:44:33.0296 2472 wlanndi5 (224d5a22893cee9dca7b984433549735) C:\WINDOWS\system32\wlanndi5.SYS
12:44:33.0453 2472 wlanndi5 - ok
12:44:33.0546 2472 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:44:33.0609 2472 wlidsvc - ok
12:44:33.0640 2472 WmBEnum (161a60f172ebfc6225b4eb173f6010a7) C:\WINDOWS\system32\drivers\WmBEnum.sys
12:44:33.0640 2472 WmBEnum - ok
12:44:33.0671 2472 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:44:33.0687 2472 WmdmPmSN - ok
12:44:33.0718 2472 WmFilter (91c509dc3b79cbaa2a9447adad3ee23c) C:\WINDOWS\system32\drivers\WmFilter.sys
12:44:33.0890 2472 WmFilter - ok
12:44:33.0937 2472 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:44:33.0953 2472 WmiApSrv - ok
12:44:34.0015 2472 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:44:34.0062 2472 WMPNetworkSvc - ok
12:44:34.0093 2472 WmVirHid (08972719a46f3d998f117379d0f01127) C:\WINDOWS\system32\drivers\WmVirHid.sys
12:44:34.0265 2472 WmVirHid - ok
12:44:34.0281 2472 WmXlCore (c8038756dd997a78c8953d15be841aaf) C:\WINDOWS\system32\drivers\WmXlCore.sys
12:44:34.0453 2472 WmXlCore - ok
12:44:34.0500 2472 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) C:\Program Files\Zune\WMZuneComm.exe
12:44:34.0515 2472 WMZuneComm - ok
12:44:34.0546 2472 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:44:34.0562 2472 WpdUsb - ok
12:44:34.0640 2472 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:44:34.0671 2472 WPFFontCache_v0400 - ok
12:44:34.0703 2472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:44:34.0734 2472 WSTCODEC - ok
12:44:34.0750 2472 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:44:34.0796 2472 wuauserv - ok
12:44:34.0828 2472 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:44:35.0046 2472 WudfPf - ok
12:44:35.0078 2472 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:44:35.0093 2472 WudfRd - ok
12:44:35.0125 2472 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
12:44:35.0156 2472 WudfSvc - ok
12:44:35.0187 2472 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:44:35.0203 2472 WZCSVC - ok
12:44:35.0234 2472 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:44:35.0296 2472 xmlprov - ok
12:44:35.0359 2472 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:44:35.0359 2472 YahooAUService - ok
12:44:35.0406 2472 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
12:44:35.0421 2472 zumbus - ok
12:44:35.0453 2472 ZuneBusEnum (dee869820c3483ec7b92a9fd9ba332a7) C:\Program Files\Zune\ZuneBusEnum.exe
12:44:35.0468 2472 ZuneBusEnum - ok
12:44:35.0609 2472 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) C:\Program Files\Zune\ZuneNss.exe
12:44:35.0796 2472 ZuneNetworkSvc - ok
12:44:35.0812 2472 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:44:35.0843 2472 ZuneWlanCfgSvc - ok
12:44:35.0875 2472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:44:36.0109 2472 \Device\Harddisk0\DR0 - ok
12:44:36.0109 2472 Boot (0x1200) (0e0a656b88a69f406f2db239d8b4c7b1) \Device\Harddisk0\DR0\Partition0
12:44:36.0109 2472 \Device\Harddisk0\DR0\Partition0 - ok
12:44:36.0109 2472 Boot (0x1200) (7d3385944b836ff95841d22781fa1988) \Device\Harddisk0\DR0\Partition1
12:44:36.0109 2472 \Device\Harddisk0\DR0\Partition1 - ok
12:44:36.0109 2472 ============================================================
12:44:36.0109 2472 Scan finished
12:44:36.0109 2472 ============================================================
12:44:36.0125 0712 Detected object count: 1
12:44:36.0125 0712 Actual detected object count: 1
12:44:51.0437 0712 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:44:51.0437 0712 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-19 14:35:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts2Port4Path0Target0Lun0 ST332062 rev.3.AA
Running: xo6v4ngy.exe; Driver: C:\DOCUME~1\MLB\LOCALS~1\Temp\axlcrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xB45E34D0]
SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]
SSDT sptd.sys ZwOpenKey [0xB7EBE0B0]
SSDT sptd.sys ZwQueryKey [0xB7EC4418]
SSDT sptd.sys ZwQueryValueKey [0xB7EC4298]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xB45E3520]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? System32\Drivers\acsamqs3.SYS The system cannot find the path specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F333A0, 0x88C445, 0xE8000020]
.text USBPORT.SYS!DllUnload B6EEB8AC 5 Bytes JMP 8ABC01C8
? system32\drivers\88383841.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EBF61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7ED429A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtResumeThread] 0164461A
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtResumeThread] 0016461A
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8ADC31E8
Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 8AAF51E8
Device \Driver\usbehci \Device\USBPDO-1 8ABB71E8
Device \FileSystem\MRxDAV \Device\WebDavRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \Driver\PCI_NTPNP8888 \Device\00000061 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \Driver\PCI_NTPNP8888 \Device\00000062 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AD501E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AD501E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF4670EF-31CE-4B5A-B590-1627803B1336} 8A2CA790
Device \Driver\Cdrom \Device\CdRom0 8AB16790
Device \Driver\atapi \Device\Ide\IdePort0 [B7E38B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E38B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E38B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-c [B7E38B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-4 [B7E38B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8AB16790
Device \Driver\Cdrom \Device\CdRom2 8AB16790
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A2CA790
Device \Driver\NetBT \Device\NetbiosSmb 8A2CA790

AttachedDevice \Driver\Tcpip \Device\Udp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software, Inc.)

Device \Driver\24774325 \Device\KLMD16012012_207010 88383841.sys
Device \Driver\MDPMGRNT \Device\MacDrivePartitionDriver 8ADC41E8
Device \Driver\usbohci \Device\USBFDO-0 8AAF51E8
Device \Driver\usbehci \Device\USBFDO-1 8ABB71E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89ED5790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89ED5790
Device \FileSystem\MRxSmb \Device\LanmanRedirector MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{08EBC38B-0B1F-4150-A80A-5BB1D9B0BEBB} 8A2CA790
Device \Driver\Ftdisk \Device\FtControl 8AD501E8
Device \Driver\acsamqs3 \Device\Scsi\acsamqs31Port6Path0Target0Lun0 8ABCE3D0
Device \Driver\nvgts \Device\Scsi\nvgts2Port4Path0Target0Lun0 8AD4F1E8
Device \Driver\nvgts \Device\Scsi\nvgts1 8AD4F1E8
Device \Driver\nvgts \Device\Scsi\nvgts2 8AD4F1E8
Device \Driver\nvgts \Device\Scsi\nvgts3 8AD4F1E8
Device \Driver\acsamqs3 \Device\Scsi\acsamqs31 8ABCE3D0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Cdfs \Cdfs 89DA31E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x99 0x74 0x8C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0xD5 0x95 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x99 0x74 0x8C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xBB 0x40 0x75 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xBB 0x40 0x75 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x1E 0xF6 0xD3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCB 0x78 0xB7 0x87 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0xF8 0x6B 0xEA ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0xF8 0x6B 0xEA ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0xF8 0x6B 0xEA ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1F 0x04 0x53 0x1E ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xBF 0xF8 0x6B 0xEA ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD0 0x40 0x53 0x77 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x02 0xBE 0xB2 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0x32 0xEA 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x52 0xBC 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0x32 0xEA 0xDA ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x92 0x1C 0xD6 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x52 0xBC 0xA4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x90 0x8B 0x41 0xE7 ...

---- EOF - GMER 1.0.15 ----

swwMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 14:36:48
-----------------------------
14:36:48.609 OS Version: Windows 5.1.2600 Service Pack 3
14:36:48.609 Number of processors: 4 586 0xF0B
14:36:48.609 ComputerName: MLB UserName: MLB
14:36:49.140 Initialize success
14:37:27.390 AVAST engine defs: 12041901
14:39:49.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts2Port4Path0Target0Lun0
14:39:49.734 Disk 0 Vendor: ST332062 3.AA Size: 305245MB BusType: 3
14:39:49.734 Disk 0 MBR read successfully
14:39:49.734 Disk 0 MBR scan
14:39:49.765 Disk 0 Windows XP default MBR code
14:39:49.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 24999 MB offset 63
14:39:49.796 Disk 0 Partition - 00 0F Extended LBA 280235 MB offset 51199155
14:39:49.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 280235 MB offset 51199218
14:39:49.859 Disk 0 scanning sectors +625121280
14:39:50.046 Disk 0 scanning C:\WINDOWS\system32\drivers
14:40:17.062 Service scanning
14:40:25.671 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
14:40:28.953 Modules scanning
14:41:26.093 Disk 0 trace - called modules:
14:41:26.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ad4f1e8]<<
14:41:26.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acf39c0]
14:41:26.125 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000084[0x8acaf920]
14:41:26.125 5 ACPI.sys[b7e7d620] -> nt!IofCallDriver -> \Device\Scsi\nvgts2Port4Path0Target0Lun0[0x8acafa38]
14:41:26.125 \Driver\nvgts[0x8ac87988] -> IRP_MJ_CREATE -> 0x8ad4f1e8
14:41:26.437 AVAST engine scan C:\WINDOWS
14:41:57.187 AVAST engine scan C:\WINDOWS\system32
14:52:10.781 AVAST engine scan C:\WINDOWS\system32\drivers
14:53:26.781 AVAST engine scan C:\Documents and Settings\Yvgeniy
15:12:15.796 AVAST engine scan C:\Documents and Settings\All Users
15:12:30.453 File: C:\Documents and Settings\All Users\Application Data\ccfbcaeaadcdct.exe **INFECTED** Win32:Rootkit-gen [Rtk]
15:13:14.453 Scan finished successfully
15:18:33.140 Disk 0 MBR has been saved successfully to "D:\My Documents\My Downloads\MBR.dat"
15:18:33.140 The log file has been saved successfully to "D:\My Documents\My Downloads\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 AM

Posted 19 April 2012 - 06:13 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Secksorcist

Secksorcist
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 20 April 2012 - 05:02 AM

Here's the first Malwarebytes scan log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
LDP :: LDP [administrator]

4/19/2012 7:35:33 PM
mbam-log-2012-04-19 (19-35-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466275
Time elapsed: 3 hour(s), 9 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ccfbcaeaadcdct (Trojan.Agent) -> Data:

"C:\Documents and Settings\All Users\Application Data\ccfbcaeaadcdct.exe" -> Quarantined and

deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 18
D:\Program Files\BitLord\Downloads\MorphVOX Pro v3.0.5 [ENG] [+patch]\MorphVOX Pro v3.0.5

[ENG] [patch]\patch\morphvox.pro.3.0.5.build.39239-patch.exe (PUP.Hacktool.Patcher) -> No

action taken.
C:\Documents and Settings\All Users\Application Data\ccfbcaeaadcdct.exe (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0052421.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0052438.exe

(Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0052451.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0052473.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0052474.exe

(Trojan.Agent.WQ) -> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0052490.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0053546.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP210\A0053769.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP211\A0053787.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP212\A0053909.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP212\A0054065.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP212\A0054100.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP212\A0054124.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP212\A0054164.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\System Volume

Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP212\A0054196.exe (Trojan.Agent)

-> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\13.04.2012_21.24.43\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access)

-> Quarantined and deleted successfully.

(end)


The second Malwarebytes scan yielded no further infections.

Here's the ESET log file:

C:\Documents and Settings\Administrator\Application Data\FixTDSS\Archive\afd.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Documents and Settings\LDP\Local Settings\Temporary Internet Files\Content.IE5\0UC3XJSM\nwjkejkw_blogspot_de[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\TDSSKiller_Quarantine\13.04.2012_21.24.43\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined
D:\My Documents\My Pictures\bothelptext.txt probably a variant of Win32/Agent.FSENSOI trojan cleaned by deleting - quarantined


Lastly, here's the MiniToolBox log. Please note that the Hosts file is locked and filled with thousands of entries by Spybot Search & Destroy in case you're wondering what all that bulk is. From personally examining the Hosts file previously I didn't find any other entries in there, so don't believe this to be the source of the redirects. Anyway, onto the MiniToolBox log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by LDP (administrator) on 20-04-2012 at 02:45:50
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15211 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 5 (Disconnected)
NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection 6 (Disconnected)
Belkin Wireless G Desktop Card = Wireless Network Connection 7 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 7"

set address name="Wireless Network Connection 7" source=dhcp
set dns name="Wireless Network Connection 7" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 7" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : LDP Primary Dns

Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP

Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet

adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . .

. . . . . : Hamachi Network Interface Physical Address. . . . . . . . . :

7A-79-05-67-A5-F3 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration

Enabled . . . . : No IP Address. . . . . . . . . . . . : 5.103.165.243 Subnet

Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 5.0.0.1 Lease Obtained. . . . . . . . . . :

Friday, April 20, 2012 12:33:41 AM Lease Expires . . . . . . . . . . : Saturday,

April 20, 2013 12:33:41 AMEthernet adapter Wireless Network Connection 7:

Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Belkin

Wireless G Desktop Card Physical Address. . . . . . . . . : 00-11-50-D5-23-B9

Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.21 Subnet Mask . . . . . . . . . . . :

255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . .

. . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 71.9.127.107

68.190.192.35

24.205.224.36 Lease Obtained. . . . . . . . . . : Friday, April 20, 2012 12:31:43

AM Lease Expires . . . . . . . . . . : Monday, August 13, 2012 6:18:22 PMServer:

vip01mtpkca.mtpk.ca.charter.com
Address: 71.9.127.107

Name: google.com
Addresses: 74.125.224.230, 74.125.224.226, 74.125.224.231, 74.125.224.224
74.125.224.233, 74.125.224.238, 74.125.224.228, 74.125.224.232, 74.125.224.227
74.125.224.225, 74.125.224.229

Pinging google.com [74.125.239.6] with 32 bytes of data:Reply from 74.125.239.6: bytes=32

time=46ms TTL=54Reply from 74.125.239.6: bytes=32 time=13ms TTL=54Ping statistics for

74.125.239.6: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 13ms, Maximum = 46ms, Average = 29msServer:

vip01mtpkca.mtpk.ca.charter.com
Address: 71.9.127.107

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32

time=171ms TTL=42Reply from 98.139.183.24: bytes=32 time=138ms TTL=42Ping statistics for

98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 138ms, Maximum = 171ms, Average = 154msServer:

vip01mtpkca.mtpk.ca.charter.com
Address: 71.9.127.107

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2:

Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping

statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms,

Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms

TTL=48Reply from 127.0.0.1: bytes=32 time<1ms TTL=48Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in

milli-seconds: Minimum = 0ms, Maximum = 0ms, Average =

0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 05 67 a5 f3 ......

Hamachi Network Interface - Sunbelt Software Firewall NDIS IM Filter Miniport
0x3 ...00 11

50 d5 23 b9 ...... Belkin Wireless G Desktop Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.21 25
5.0.0.0 255.0.0.0 5.103.165.243 5.103.165.243 20
5.103.165.243 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.103.165.243 5.103.165.243 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.21 192.168.0.21 20
192.168.0.0 255.255.255.0 192.168.0.21 192.168.0.21 25
192.168.0.21 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.21 192.168.0.21 25
224.0.0.0 240.0.0.0 5.103.165.243 5.103.165.243 20
224.0.0.0 240.0.0.0 192.168.0.21 192.168.0.21 25
255.255.255.255 255.255.255.255 5.103.165.243 5.103.165.243 1
255.255.255.255 255.255.255.255 192.168.0.21 192.168.0.21 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 mswsock.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/19/2012 05:40:51 PM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]

Error: (04/19/2012 00:39:26 AM) (Source: ESENT) (User: )
Description: svchost (1520) An attempt to open the file

"C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write

access failed with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The open file operation will fail with error -1032

(0xfffffbf8).

Error: (04/19/2012 00:04:20 AM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]

Error: (04/14/2012 03:37:42 AM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]

Error: (04/14/2012 03:35:25 AM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]

Error: (04/14/2012 03:34:48 AM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]

Error: (04/14/2012 03:34:35 AM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]

Error: (04/14/2012 02:25:19 AM) (Source: Application Hang) (User: )
Description: Hanging application Setup.exe, version 0.0.0.0, hang module hungapp, version

0.0.0.0, hang address 0x00000000.

Error: (04/14/2012 02:24:54 AM) (Source: Application Hang) (User: )
Description: Hanging application DTPro.exe, version 4.10.218.0, hang module hungapp, version

0.0.0.0, hang address 0x00000000.

Error: (04/14/2012 02:16:05 AM) (Source: Application Error) (User: )
Description: Faulting application deusex.exe, version 0.0.0.0, faulting module core.dll,

version 0.0.0.0, fault address 0x000453a0.
Processing media-specific event for [deusex.exe!ws!]


System errors:
=============
Error: (04/20/2012 00:33:12 AM) (Source: Service Control Manager) (User: )
Description: The Prism_a02 service terminated with the following error:
%%126

Error: (04/20/2012 00:33:12 AM) (Source: Service Control Manager) (User: )
Description: The MozyFilter service terminated with the following error:
%%126

Error: (04/20/2012 00:33:12 AM) (Source: Service Control Manager) (User: )
Description: The LicCtrl Service service failed to start due to the following error:
%%1053

Error: (04/20/2012 00:33:12 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LicCtrl Service service to

connect.

Error: (04/19/2012 00:50:42 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has

done this 1 time(s).

Error: (04/19/2012 00:50:08 PM) (Source: Service Control Manager) (User: )
Description: The MacDriveService service terminated unexpectedly. It has done this 1

time(s).

Error: (04/19/2012 00:50:03 PM) (Source: Service Control Manager) (User: )
Description: The Viewpoint Manager Service service terminated unexpectedly. It has done

this 1 time(s).

Error: (04/19/2012 00:49:59 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

Error: (04/19/2012 00:49:52 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1

time(s).

Error: (04/19/2012 00:49:44 PM) (Source: Service Control Manager) (User: )
Description: The Ad-Aware Service service terminated unexpectedly. It has done this 1

time(s).


Microsoft Office Sessions:
=========================
Error: (05/31/2009 11:31:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with

0 seconds of active time. This session ended with a crash.

Error: (05/31/2009 11:31:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with

0 seconds of active time. This session ended with a crash.

Error: (03/18/2008 00:28:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 41 seconds

with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

abgx360 v1.0.2
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Acronis Disk Director Suite (Version: 10.0.2117)
Ad-Aware Antivirus (Version: 10.0.185.3207)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe After Effects CS3 Third Party Content (Version: 3)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Encore CS3 (Version: 3)
Adobe Encore CS3 Codecs (Version: 3)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Premiere Pro CS3 Third Party Content (Version: 3)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player (Version: 11)
Adobe SING CS3 (Version: 0.1)
Adobe Soundbooth CS3 (Version: 1)
Adobe Soundbooth CS3 Codecs (Version: 3)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Ai AIM Plugin (Version: 1.0.14)
AIM 7
AiO_Scan (Version: 50.0.227.000)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Belkin Wireless Utility (Version: 4.1.2.56)
BitLord 1.1 (Version: 1.1)
Borderlands (Version: 1.0)
CamStudio Lossless Codec
CardRecovery
CCleaner (Version: 3.01)
Combat Arms
Creative WebCam Center
Creative WebCam Live! Driver (1.01.01.0730)
DarkCrusade (Version: 1.20)
dBpowerAMP Music Converter
Deus Ex
DivX Web Player (Version: 1.4.3)
Download Updater (AOL LLC)
ESET Online Scanner v3
Facebook Plug-In
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fallout 1 for WinXP
Final Draft 7 (Version: 7.1.2.34)
Fraps (remove only)
FTPRush v1 Unicode (Version: 1.1.2.19)
FXCM Trading Station (Version: 010311)
GameSpy Arcade
HijackThis 1.99.1 (Version: 1.99.1)
HP PSC & OfficeJet 5.3.B
ijji - Gunz
ijji Auto Installer (Version: 1.00.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
Killing Floor
Lagarith Lossless Codec (1.3.19)
League of Legends (Version: 1.3)
Left 4 Dead 2
LogMeIn Hamachi (Version: 2.1.0.166)
MacDrive 7 (Version: 7.0.10)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MetaTrader 4.00 (Version: 4.00)
METRO 2033 (Version: 1.00.02)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WinUsb 1.0
MorphVOX Pro (Version: 3.0.5)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
msxml4 (Version: 1.0.0)
Nero 7 Lite v7.7.5.1
Neverwinter Nights 2 (Version: 1.00.0000)
Nexon Game Manager
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Drivers (Version: 1.5)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nTune (Version: 1.00.0000)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
Pando Media Booster (Version: 2.3.5.2)
PDF Settings (Version: 1.0)
Pdf995
PdfEdit995
Power Tab Editor 1.7 (Version: 1.7.0)
QFolder (Version: 1.00.0000)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 5.10.0.6194)
S.T.A.L.K.E.R. - Clear Sky [v1.0003] (Version: 1.0003)
Scan (Version: 5.2.0.0)
Segoe UI (Version: 14.0.4327.805)
Skype™ 4.0 (Version: 4.0.206)
Software Update for Web Folders (Version: 9.60.6715.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1146)
System Requirements Lab
Team Fortress 2
TeamSpeak 3 Client
TotalAudioConverter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Ventrilo Client (Version: 3.0.1)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

(Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component (Version: 04.07.1407.00)
Windows Presentation Foundation (Version: 3.0.6920.0)
WingMan Software (Version: 3.60)
WinRAR archiver
Wolfenstein (Version: 1.0)
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Yahoo! Software Update
Yahoo! Toolbar
Zune (Version: 04.07.1404.01)
Zune Desktop Theme (Version: 1.0.5341.0)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 2046.46 MB
Available physical RAM: 1311.48 MB
Total Pagefile: 3938.37 MB
Available Pagefile: 3453.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.38 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:24.41 GB) (Free:3.62 GB) NTFS
2 Drive d: () (Fixed) (Total:273.67 GB) (Free:4.76 GB) NTFS

========================= Users: ========================================

User accounts for \\LDP

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 LDP


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 AM

Posted 20 April 2012 - 05:27 AM

Actually i have seen the infection detected by malwarebytes to reoccur on reboot.

Can you restart the PC and run malwarebytes again.Lets make sure it comes out clean

good luck

#7 Secksorcist

Secksorcist
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 20 April 2012 - 03:04 PM

Looks like another complete scan after restart yielded one infection in restore:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.20.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
LDP :: LDP [administrator]

4/20/2012 6:20:31 AM
mbam-log-2012-04-20 (06-20-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462624
Time elapsed: 3 hour(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{21C91D5A-4097-4D25-BBA1-9F2E1D15F72B}\RP213\A0054330.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 AM

Posted 20 April 2012 - 08:16 PM

last one will be removed when we turn off system restore

Do you still have issues?

#9 Secksorcist

Secksorcist
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 20 April 2012 - 08:23 PM

Yeah, I already took care of that. It looks as if I have no more issues. Anti-virus is no longer catching anything, and the browsers no longer redirect links. Thank you very much for your help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 AM

Posted 20 April 2012 - 08:27 PM

Very good then

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users