Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Persistent Search Redirect Virus


  • This topic is locked This topic is locked
24 replies to this topic

#1 GLAzedFAith

GLAzedFAith

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 06 August 2010 - 12:11 PM

A week or two ago, I started getting redirected by most google searches to random websites with referrer links and such. I'd search for oven, and it would take me to a healthcare website and search for oven. Very frustrating. I've run malwarebytes, superantispyware, smitfraudfix, and a host of other things that have helped me in the past, but to no avail. The redirection continues. Thank you for your assistance.

These things are getting viscious! I've been using the internet since 1995 and though I've never changed my internet habits, and I've never had viruses, this is the third infection I've gotten this year. I've fixed many friend's computers, but none have had such a persistent little bugger as this.

--GLAzed

DDS (Ver_10-03-17.01) - NTFSx86
Run by Glazed at 11:53:24.96 on Fri 08/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1024 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\xampp\apache\bin\httpd.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\PnkBstrA.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\DynDNS Updater\DynUpSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\xcopy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AutoTask\AutoTask.exe
C:\Program Files\Deep Thought Software\Remote Server\RemoteServer.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Glazed.Myself-PC\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\glazed.myself-pc\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {171FF07A-3DA4-4116-A22B-D327A9CC3E8D} = 216.146.35.35,216.146.36.36
TCP: {905B636C-2BD1-487B-96FF-F5104FD86C56} = 216.146.35.35,216.146.36.36
TCP: {922D6584-FCB9-4B8B-8312-ADD97B422565} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\glazed~1.mys\appdata\roaming\mozilla\firefox\profiles\p24shvo3.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\glazed.myself-pc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: XULRunner: {3FD13E67-077F-4C4E-9226-DF86C10CCBC8} - c:\windows\system32\config\systemprofile\appdata\local\{3fd13e67-077f-4c4e-9226-df86c10ccbc8}\
FF - HiddenExtension: XULRunner: {576B2C8A-3648-4574-9028-46D5A1FD1DD7} - c:\users\glazed.myself-pc\appdata\local\{576b2c8a-3648-4574-9028-46d5a1fd1dd7}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-3-7 29416]
R4 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-7-17 161064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2006-9-16 35584]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-8-21 30510960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2009-7-13 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1343400]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-5-26 124160]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 136176]
S4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2010-2-2 271856]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2010-2-2 218608]
S4 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-11-6 33280]

=============== Created Last 30 ================

2010-08-06 16:04:36 98816 ----a-w- c:\windows\sed.exe
2010-08-06 16:04:36 77312 ----a-w- c:\windows\MBR.exe
2010-08-06 16:04:36 256512 ----a-w- c:\windows\PEV.exe
2010-08-06 16:04:36 161792 ----a-w- c:\windows\SWREG.exe
2010-08-06 16:04:26 0 d-----w- C:\ComboFix
2010-08-05 04:14:01 0 d-----w- c:\users\glazed~1.mys\appdata\roaming\SUPERAntiSpyware.com
2010-08-05 04:14:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-05 04:13:43 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 23:34:01 0 d-----w- c:\program files\Lunarsoft
2010-08-03 15:39:31 176 ----a-w- c:\users\glazed.myself-pc\defogger_reenable
2010-08-03 15:28:49 691 ----a-w- c:\users\glazed~1.mys\appdata\roaming\GetValue.vbs
2010-08-03 15:28:49 35 ----a-w- c:\users\glazed~1.mys\appdata\roaming\SetValue.bat
2010-08-03 15:04:46 0 d-----w- c:\program files\Hobbyist Software
2010-08-02 11:36:05 0 d-----w- c:\programdata\Affinegy
2010-08-02 11:34:55 0 d-----w- c:\programdata\Belkin
2010-08-02 04:17:24 0 d-----w- c:\program files\Belkin
2010-07-31 00:47:14 0 d-----w- c:\program files\Remotewin
2010-07-30 22:59:19 65536 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.blf
2010-07-30 22:59:19 1048576 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.2.regtrans-ms
2010-07-30 22:59:19 1048576 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.1.regtrans-ms
2010-07-30 22:59:19 1048576 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.0.regtrans-ms
2010-07-30 04:08:45 0 d-----w- c:\program files\zabkat
2010-07-24 03:53:33 0 d-----w- c:\program files\FastCopy
2010-07-10 15:16:59 0 ----a-w- c:\windows\system32\LOG
2010-07-08 17:16:28 0 d-----w- c:\program files\common files\Config
2010-07-08 17:16:01 0 d-----w- c:\program files\common files\Inet
2010-07-08 17:12:55 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2010-07-08 17:12:48 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-07-08 17:12:16 0 d-----w- c:\program files\common files\Intuit
2010-07-08 17:12:15 0 d-----w- c:\users\glazed~1.mys\appdata\roaming\Intuit
2010-07-08 17:12:15 0 d-----w- c:\program files\Quicken
2010-07-08 17:12:07 120 ----a-w- c:\windows\QUICKEN.INI
2010-07-08 17:11:57 0 d-----w- c:\programdata\Intuit

==================== Find3M ====================

2010-08-06 16:25:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-05 01:01:34 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-05 01:01:21 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-01 06:06:48 380 ----a-w- C:\nospin.bat
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 21:37:15 139152 ----a-w- c:\users\glazed~1.mys\appdata\roaming\PnkBstrK.sys
2010-05-16 21:36:49 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-16 21:36:49 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-09 09:14:55 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14:50 417792 ----a-w- c:\windows\system32\msdri.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 09:19:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:53:46.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 AM

Posted 14 August 2010 - 08:01 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 August 2010 - 12:46 PM

I appreciate you getting to me. I am currently at work, but I'll try to submit those logs by 4PM CST. I look forward to quickly resolving this pain in my neck.

Thanks again

GLAzed

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 AM

Posted 14 August 2010 - 01:00 PM

No problem I will be around


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 August 2010 - 03:25 PM

Sorry for the delay. I have run the DDS.scr, RKUnHookerLE.exe, and MBRCheck.exe and these are the logs that were created.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Glazed at 15:18:30.91 on Sat 08/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1284 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Glazed.Myself-PC\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\glazed.myself-pc\appdata\roaming\flashgetbho\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: {171FF07A-3DA4-4116-A22B-D327A9CC3E8D} = 216.146.35.35,216.146.36.36
TCP: {905B636C-2BD1-487B-96FF-F5104FD86C56} = 216.146.35.35,216.146.36.36
TCP: {922D6584-FCB9-4B8B-8312-ADD97B422565} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\glazed~1.mys\appdata\roaming\mozilla\firefox\profiles\p24shvo3.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\glazed.myself-pc\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2009-7-13 4608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\drivers\dpK0Bx01.sys [2006-9-16 35584]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-8-21 30510960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\drivers\usbdpfp.sys [2006-9-16 47360]
S3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2009-7-13 15872]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-25 1343400]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-3-7 29416]
S4 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-5-26 124160]
S4 DynDNS Updater;DynDNS Updater;c:\program files\dyndns updater\DynUpSvc.exe [2010-4-16 103800]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-7-17 161064]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 136176]
S4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2010-2-2 271856]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2010-2-2 218608]
S4 NovacomD;Palm Novacom;c:\program files\palm, inc\novacom\x86\novacomd.exe [2009-11-6 33280]

=============== Created Last 30 ================

2010-08-09 23:21:09 0 d-s---w- C:\ComboFix
2010-08-09 22:03:52 0 d-----w- C:\Downloads
2010-08-08 19:48:19 0 d-----w- c:\users\glazed~1.mys\appdata\roaming\PrimoPDF
2010-08-08 19:47:48 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-08-08 19:47:47 0 d-----w- c:\program files\Nitro PDF
2010-08-06 16:04:36 98816 ----a-w- c:\windows\sed.exe
2010-08-06 16:04:36 77312 ----a-w- c:\windows\MBR.exe
2010-08-06 16:04:36 256512 ----a-w- c:\windows\PEV.exe
2010-08-06 16:04:36 161792 ----a-w- c:\windows\SWREG.exe
2010-08-05 04:14:01 0 d-----w- c:\users\glazed~1.mys\appdata\roaming\SUPERAntiSpyware.com
2010-08-05 04:14:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-05 04:13:43 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-04 23:34:01 0 d-----w- c:\program files\Lunarsoft
2010-08-03 15:39:31 176 ----a-w- c:\users\glazed.myself-pc\defogger_reenable
2010-08-03 15:28:49 691 ----a-w- c:\users\glazed~1.mys\appdata\roaming\GetValue.vbs
2010-08-03 15:28:49 35 ----a-w- c:\users\glazed~1.mys\appdata\roaming\SetValue.bat
2010-08-03 15:04:46 0 d-----w- c:\program files\Hobbyist Software
2010-08-02 11:36:05 0 d-----w- c:\programdata\Affinegy
2010-08-02 11:34:55 0 d-----w- c:\programdata\Belkin
2010-08-02 04:17:24 0 d-----w- c:\program files\Belkin
2010-07-31 00:47:14 0 d-----w- c:\program files\Remotewin
2010-07-30 22:59:19 65536 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.blf
2010-07-30 22:59:19 1048576 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.2.regtrans-ms
2010-07-30 22:59:19 1048576 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.1.regtrans-ms
2010-07-30 22:59:19 1048576 --sha-w- c:\users\glazed.myself-pc\ntuser.dat{180cb5dc-0009-11df-9017-001d601dd574}.TxR.0.regtrans-ms
2010-07-30 04:08:45 0 d-----w- c:\program files\zabkat
2010-07-24 03:53:33 0 d-----w- c:\program files\FastCopy

==================== Find3M ====================

2010-08-14 05:04:46 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-14 05:04:34 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-10 03:27:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-09 22:44:26 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-09 22:44:26 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-07-01 06:06:48 380 ----a-w- C:\nospin.bat
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 21:37:15 139152 ----a-w- c:\users\glazed~1.mys\appdata\roaming\PnkBstrK.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-23 09:19:49 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:19:13.50 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/2/2010 18:06:16
System Uptime: 8/9/2010 22:27:05 (113 hours ago)

Motherboard: ASUSTeK Computer INC. | | M2N-E SLI
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+ | Socket AM2 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 130 GiB total, 2.807 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 87.508 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 292.843 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 67.459 GiB free.
G: is FIXED (NTFS) - 20 GiB total, 10.222 GiB free.
H: is CDROM ()
M: is FIXED (NTFS) - 93 GiB total, 90.347 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Null
Device ID: ROOT\LEGACY_NULL\0000
Manufacturer:
Name: Null
PNP Device ID: ROOT\LEGACY_NULL\0000
Service: Null

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: ADMtek AN983 based ethernet adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\4&24F622EE&0&3848
Manufacturer: ADMtek Incorporated
Name: ADMtek AN983 based ethernet adapter
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\4&24F622EE&0&3848
Service: AN983

==== System Restore Points ===================

RP161: 8/12/2010 03:21:24 - Windows Defender Checkpoint

==== Installed Programs ======================

µTorrent
3GP Player 2009
Acrobat.com
AcroChallenge 2.86
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Anti-Malware Toolkit 1.13.326
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtRage 2 Plus
Belkin Setup and Router Monitor
BioShock 2
Bonjour
CCFile 3.31
Connect
ConvertXtoDVD 4.0.9.322
DigitalPersona Password Manager 2.0.1
Download Accelerator Plus (DAP)
Download Updater (AOL LLC)
Dungeons & Dragons Online - Eberron Unlimited™
DVD Flick 1.3.0.7
DVD Shrink 3.2
DynDNS Updater
EASEUS Data Recovery Wizard Professional 4.3.6
FlashGet 3.3
Force Skype HQ Video
Foxit Reader
Ghostbusters ™: The Video Game
Google Earth Plug-in
Google Talk (remove only)
Google Update Helper
Grandia2
HashTab 1.14 for x32
Java Auto Updater
Java™ 6 Update 18
kuler
LockHunter version 1.0 beta 3, 32 bit edition
Malwarebytes' Anti-Malware
MediaMonkey 3.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office Mondo 2010
Microsoft Office Mondo 2010 (Beta)
Microsoft Office MondoOnly MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
Microsoft Office Visio MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
mIRC
MixMeister BPM Analyzer 1.0
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Micro 8.3.6.0
Novacomd
NVIDIA Display Control Panel
NVIDIA Drivers
OpenAL
Orca
OsenXPSuite 2009 Enterprise Edition v14.24.0.26 [Trial Version]
Palm webOS® Doctor™ Build Sprint.170.220, webOS 1.3.5.1
PDF Settings CS4
PHarvester
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
PrimoPDF -- brought to you by Nitro PDF Software
PunkBuster Services
PVSonyDll
Quake Live Internet Explorer Plugin
Quake Live Mozilla Plugin
Quicken 2010
QuickTime
Remote Server
Rosetta Stone V3
Seagate Manager Installer
SeaTools for Windows
Skype Toolbars
Skype™ 4.2
Sprint SmartView
Suite Shared Configuration CS4
SUPERAntiSpyware
tagtraum industries beaTunes 2.0.14
tagtraum industries beaTunes 2.1.7
Toshiba AutoTask
Total Video Converter 3.10
Turbine Download Manager
Unity Web Player
Ventrilo Client
VLC media player 1.1.0
VLC Setup Helper 3.00
WBFS Manager 2.5
Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
WinPcap 4.1.1
Wootalyzer!
XIII
xplorer² lite 32 bit
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/9/2010 22:27:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
8/9/2010 07:15:28, Error: bowser [8003] - The master browser has received a server announcement from the computer PC785018295244 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{171FF07A-3DA4-4116-A22B-D32. The master browser is stopping or an election is being forced.
8/7/2010 21:56:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82eda2f1, 0x8b12b814, 0x8b12b3f0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080710-29796-01.
8/7/2010 20:20:28, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/7/2010 20:20:28, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
8/7/2010 20:20:28, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
8/7/2010 20:19:28, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/7/2010 20:18:28, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/14/2010 03:16:16, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
8/12/2010 02:41:07, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

==== End Of File ===========================


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x90227000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11583488 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 196.21 )
0x82E0D000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E0D000 PnpManager 4259840 bytes
0x82E0D000 RAW 4259840 bytes
0x82E0D000 WMIxWDM 4259840 bytes
0x8A422000 C:\Windows\system32\DRIVERS\lvuvc.sys 3575808 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x97730000 Win32k 2400256 bytes
0x97730000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A022000 C:\Windows\system32\DRIVERS\lvpopflt.sys 1916928 bytes (Logitech Inc., Logitech AudioProcessing Filter Driver)
0x8940E000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89017000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8FCD4000 C:\Windows\system32\drivers\ha10kx2k.sys 1089536 bytes (Creative Technology Ltd, Creative EMU10KX HAL (WDM))
0x90D35000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8922C000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x88C7C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9C356000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x94AAB000 C:\Windows\system32\CTSBLFX.DLL 581632 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0x94A20000 C:\Windows\system32\CTAUDFX.DLL 569344 bytes (Creative Technology Ltd, Creative SB FX Plug-in)
0x9C204000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F10B000 C:\Windows\system32\drivers\ctaud2k.sys 516096 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0x88D27000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8CF75000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89184000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8CE00000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8F88A000 C:\Windows\system32\DRIVERS\nvm62x32.sys 348160 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0xA0294000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xA0245000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x97600000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8F07A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x88E5C000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x88DA6000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x94BA7000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8FC5E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x88C3A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8CF14000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89591000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x892E3000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9C2D7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FC0B000 C:\Windows\system32\DRIVERS\NWADIenum.sys 241664 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0x8F8DF000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8321D000 ACPI_HAL 225280 bytes
0x8321D000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8F84E000 C:\Windows\system32\drivers\ctoss2k.sys 212992 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0x88F07000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F81A000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89373000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FCA2000 C:\Windows\system32\drivers\hap17v2k.sys 204800 bytes (Creative Technology Ltd, Creative EMU10KX-P17v HAL (WDM))
0x8CE5A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89557000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F1D1000 C:\Windows\system32\drivers\emupia2k.sys 192512 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0x8F189000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89346000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8F0D4000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89146000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xA02E5000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x88E11000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8F000000 C:\Windows\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0x893B6000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89321000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x88EDB000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9C2B4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F93B000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8CEEC000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xA0215000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x88FBF000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88F56000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x89200000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8CE9C000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x979C0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F9E2000 C:\Windows\system32\COMMONFX.DLL 110592 bytes (Creative Technology Ltd, Creative Common FX Plug-in)
0x8A7D7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9C312000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F02F000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8A400000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9C289000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F1B8000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8CFD9000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F053000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8F918000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F95D000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F975000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F98C000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x88F9D000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x94B75000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8A78B000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x88EBC000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8A000000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x8A7AD000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89171000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x94A00000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CEC9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x90215000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x88FE0000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9C2A2000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9C334000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x893A5000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x94B5A000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x88F3B000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8FDDE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88E3B000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x88C21000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x94B97000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x895D8000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x94BED000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8CEDC000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x88E4C000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9C347000 C:\Windows\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0x8F0C5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8CFF1000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8CEBB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88F8F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88EAE000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x891E1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8FC46000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x88D98000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90DEE000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x94B39000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F9C8000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x90208000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8F9D5000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA0238000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88F77000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8CF69000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8A7C0000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8F9AB000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x89000000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x94B46000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x88FF2000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x8A7A2000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x88C16000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x8A014000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8A7CC000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x88F84000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F930000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x88FB4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88C00000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x94B6B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FC54000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x8CF5F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8CF55000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88F4C000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8F9BE000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9C3ED000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F049000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8F070000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x88EFE000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x88ED2000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x94B51000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x891EF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94B8E000 C:\Windows\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xA037E000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x97990000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89588000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x88DEE000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8CE8C000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x88C32000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F882000 C:\Windows\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0x895E8000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x88DF7000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F9A3000 C:\Windows\system32\DRIVERS\pctnullport.sys 32768 bytes (PCTEL Inc., Null-modem emulator)
0x893F7000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8900C000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x891F8000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x90200000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x895D0000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8921F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8A1F6000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x895F0000 C:\Windows\system32\DRIVERS\null.sys 28672 bytes (Microsoft Corporation, NULL Driver)
0x9C32D000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x88EA7000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8F9B7000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8CE95000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8CF0E000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8F06B000 C:\Windows\System32\drivers\swmsflt.sys 20480 bytes (-, Sierra Wireless USB Mass Storage Filter Driver)
0x89226000 C:\Windows\System32\Drivers\tcpipBM.SYS 20480 bytes (Bytemobile, Inc., Bytemobile Kernel Network Provider)
0x90DEC000 C:\Windows\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0x9C345000 C:\Windows\System32\drivers\enodpl.sys 8192 bytes
0x90D33000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 196.21 )
0x90DFB000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xA0236000 C:\Windows\System32\drivers\tandpl.sys 8192 bytes
0x94B8C000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8630DAEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8637AF38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x88ED2000 WARNING: suspicious driver modification [atapi.sys::0x8630DAEA]


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000010fd

Kernel Drivers (total 197):
0x82E0D000 \SystemRoot\system32\ntkrnlpa.exe
0x8321D000 \SystemRoot\system32\halmacpi.dll
0x80BB4000 \SystemRoot\system32\kdcom.dll
0x88C16000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x88C21000 \SystemRoot\system32\PSHED.dll
0x88C32000 \SystemRoot\system32\BOOTVID.dll
0x88C3A000 \SystemRoot\system32\CLFS.SYS
0x88C7C000 \SystemRoot\system32\CI.dll
0x88D27000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88D98000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88DA6000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88DEE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88DF7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88C00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88E11000 \SystemRoot\system32\DRIVERS\pci.sys
0x88E3B000 \SystemRoot\System32\drivers\partmgr.sys
0x88E4C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88E5C000 \SystemRoot\System32\drivers\volmgrx.sys
0x88EA7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x88EAE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88EBC000 \SystemRoot\System32\drivers\mountmgr.sys
0x88ED2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x88EDB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88EFE000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88F07000 \SystemRoot\system32\drivers\fltmgr.sys
0x88F3B000 \SystemRoot\system32\drivers\fileinfo.sys
0x88F4C000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x89017000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89146000 \SystemRoot\System32\Drivers\msrpc.sys
0x89171000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89184000 \SystemRoot\System32\Drivers\cng.sys
0x891E1000 \SystemRoot\System32\drivers\pcw.sys
0x891EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8922C000 \SystemRoot\system32\drivers\ndis.sys
0x892E3000 \SystemRoot\system32\drivers\NETIO.SYS
0x89321000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8940E000 \SystemRoot\System32\drivers\tcpip.sys
0x89557000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89588000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x89591000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x895D0000 \SystemRoot\System32\Drivers\spldr.sys
0x89346000 \SystemRoot\System32\drivers\rdyboost.sys
0x895D8000 \SystemRoot\System32\Drivers\mup.sys
0x895E8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89373000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x893A5000 \SystemRoot\system32\DRIVERS\disk.sys
0x893B6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x895F0000 \SystemRoot\system32\DRIVERS\null.sys
0x89200000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8921F000 \SystemRoot\System32\Drivers\Beep.SYS
0x89000000 \SystemRoot\System32\drivers\vga.sys
0x88F56000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88F77000 \SystemRoot\System32\drivers\watchdog.sys
0x893F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8900C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x891F8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88F84000 \SystemRoot\System32\Drivers\Msfs.SYS
0x88F8F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88F9D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88FB4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89226000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0x8CE00000 \SystemRoot\system32\drivers\afd.sys
0x8CE5A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CE8C000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8CE95000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CE9C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CEBB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CEC9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CEDC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CEEC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8CF0E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8CF14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CF55000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CF5F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CF69000 \SystemRoot\System32\drivers\discache.sys
0x8CF75000 \SystemRoot\system32\drivers\csc.sys
0x8CFD9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CFF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x88FBF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88FE0000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88FF2000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8F02F000 \SystemRoot\system32\DRIVERS\serial.sys
0x8F049000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8F053000 \SystemRoot\system32\DRIVERS\parport.sys
0x8F06B000 \SystemRoot\System32\drivers\swmsflt.sys
0x8F070000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F07A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F0C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F0D4000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8F10B000 \SystemRoot\system32\drivers\ctaud2k.sys
0x8F189000 \SystemRoot\system32\drivers\portcls.sys
0x8F1B8000 \SystemRoot\system32\drivers\drmk.sys
0x8F81A000 \SystemRoot\system32\drivers\ks.sys
0x8F84E000 \SystemRoot\system32\drivers\ctoss2k.sys
0x8F882000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x8F88A000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
0x90227000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90D33000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90D35000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F8DF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90DEC000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x90DEE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90200000 \SystemRoot\System32\Drivers\RootMdm.sys
0x90208000 \SystemRoot\system32\drivers\modem.sys
0x90215000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F918000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F930000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F93B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F95D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F975000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F98C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F9A3000 \SystemRoot\system32\DRIVERS\pctnullport.sys
0x8F9AB000 \SystemRoot\System32\Drivers\pcouffin.sys
0x8F9B7000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8F9BE000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8F9C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F9D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FC0B000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8FC46000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FC54000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8FC5E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FCA2000 \SystemRoot\system32\drivers\hap17v2k.sys
0x8FCD4000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x8F1D1000 \SystemRoot\system32\drivers\emupia2k.sys
0x8FDDE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F000000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x8F9E2000 \SystemRoot\system32\COMMONFX.DLL
0x94A20000 \SystemRoot\system32\CTAUDFX.DLL
0x94AAB000 \SystemRoot\system32\CTSBLFX.DLL
0x94B39000 \SystemRoot\System32\Drivers\crashdmp.sys
0x94B46000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x94B51000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94B5A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97730000 \SystemRoot\System32\win32k.sys
0x94B6B000 \SystemRoot\System32\drivers\Dxapi.sys
0x94B75000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x94B8C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x94B8E000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x8A422000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x8A022000 \SystemRoot\system32\DRIVERS\lvpopflt.sys
0x8A000000 \SystemRoot\system32\drivers\usbaudio.sys
0x8A78B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8A014000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8A7A2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8A7AD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A1F6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A7C0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A7CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97990000 \SystemRoot\System32\TSDDD.dll
0x979C0000 \SystemRoot\System32\cdd.dll
0x97600000 \SystemRoot\System32\ATMFD.DLL
0x8A7D7000 \SystemRoot\system32\drivers\luafv.sys
0x8A400000 \SystemRoot\system32\drivers\WudfPf.sys
0x94B97000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94BA7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94BED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94A00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C204000 \SystemRoot\system32\drivers\HTTP.sys
0x9C289000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C2A2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C2B4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C2D7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C312000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C32D000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9C334000 \SystemRoot\System32\Drivers\adfs.SYS
0x9C345000 \SystemRoot\System32\drivers\enodpl.sys
0x9C347000 \SystemRoot\system32\drivers\npf.sys
0x9C356000 \SystemRoot\system32\drivers\peauth.sys
0x9C3ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0215000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA0236000 \SystemRoot\System32\drivers\tandpl.sys
0xA0238000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0245000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0294000 \SystemRoot\System32\DRIVERS\srv.sys
0xA02E5000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77C60000 \Windows\System32\ntdll.dll
0x48270000 \Windows\System32\smss.exe
0x77EA0000 \Windows\System32\apisetschema.dll
0x00EB0000 \Windows\System32\autochk.exe
0x77DE0000 \Windows\System32\msvcrt.dll
0x77DD0000 \Windows\System32\lpk.dll
0x77BE0000 \Windows\System32\comdlg32.dll
0x77A40000 \Windows\System32\setupapi.dll
0x77DC0000 \Windows\System32\psapi.dll
0x779E0000 \Windows\System32\shlwapi.dll
0x77950000 \Windows\System32\clbcatq.dll
0x77DB0000 \Windows\System32\normaliz.dll
0x77870000 \Windows\System32\kernel32.dll
0x77850000 \Windows\System32\imm32.dll
0x77780000 \Windows\System32\msctf.dll
0x776D0000 \Windows\System32\rpcrt4.dll
0x77680000 \Windows\System32\gdi32.dll
0x77580000 \Windows\System32\wininet.dll
0x77440000 \Windows\System32\urlmon.dll
0x77370000 \Windows\System32\user32.dll
0x77340000 \Windows\System32\imagehlp.dll

Processes (total 43):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
364 csrss.exe
436 C:\Windows\System32\wininit.exe
444 csrss.exe
488 C:\Windows\System32\services.exe
512 C:\Windows\System32\lsass.exe
520 C:\Windows\System32\lsm.exe
544 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\spoolsv.exe
1416 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\svchost.exe
1680 C:\Windows\System32\PnkBstrA.exe
1788 C:\Windows\System32\svchost.exe
2052 C:\Windows\System32\svchost.exe
2716 C:\Program Files\Windows Media Player\wmpnetwk.exe
2824 C:\Windows\System32\SearchIndexer.exe
3112 C:\Windows\System32\taskeng.exe
3344 C:\Program Files\Google\Update\GoogleUpdate.exe
360 C:\Windows\System32\dwm.exe
3688 C:\Windows\explorer.exe
2220 C:\Windows\System32\taskhost.exe
1900 C:\Windows\System32\taskhost.exe
2660 C:\Windows\System32\audiodg.exe
3084 C:\Windows\System32\notepad.exe
348 C:\Program Files\Mozilla Firefox\firefox.exe
2012 C:\Windows\System32\svchost.exe
2696 C:\Windows\System32\SearchProtocolHost.exe
3568 C:\Windows\System32\taskeng.exe
3500 C:\Program Files\Mozilla Firefox\plugin-container.exe
3536 C:\Windows\System32\SearchFilterHost.exe
2096 C:\Windows\explorer.exe
1716 C:\Users\Glazed.Myself-PC\Downloads\MBRCheck.exe
1732 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive3 at offset 0x00000020`60700000 (NTFS)
\\.\M: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive3 Model Number: WDCWD1600JB-00REA0, Rev: 20.00K20
PhysicalDrive0 Model Number: MAXTORSTM3500630AS
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01109
PhysicalDrive2 Model Number: ST3500630AS, Rev: 3.AFM
PhysicalDrive4 Model Number: SAMSUNGHM100JC, Rev: 0811

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive3 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
93 GB \\.\PhysicalDrive4 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 AM

Posted 14 August 2010 - 04:07 PM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 August 2010 - 07:40 PM

ComboFix 10-08-14.02 - Glazed 08/14/2010 18:32:20.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1235 [GMT -5:00]
Running from: c:\users\Glazed.Myself-PC\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Glazed.Myself-PC\AppData\Local\Temp\F1D0.tmp
c:\users\GLAZED~1.MYS\AppData\Local\Temp\F1D0.tmp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Previous Run -------
.
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\users\Glazed.Myself-PC\AppData\Roaming\BITS\BITS.ini
c:\users\Glazed.Myself-PC\AppData\Roaming\BITS\DHTTable.dat
c:\users\Glazed.Myself-PC\AppData\Roaming\BITS\ProxyList.ini
c:\users\Glazed.Myself-PC\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Glazed.Myself-PC\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
c:\users\Glazed.Myself-PC\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Glazed.Myself-PC\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\users\Glazed.Myself-PC\AppData\Roaming\inst.exe
c:\users\Myself\AppData\Roaming\BITS\BITS.ini
c:\users\Myself\AppData\Roaming\BITS\DHTTable.dat
c:\users\Myself\AppData\Roaming\BITS\ProxyList.ini
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\config\systemprofile\AppData\Local\rfsLesc.dll
c:\windows\system32\config\systemprofile\AppData\Roaming\alggui.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wireshark Antivirus\Wireshark Antivirus.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\dbsinit.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\i1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\i2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\i3.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\j1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\j2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\j3.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\jj1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\jj2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\jj3.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\l1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\l2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\l3.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\pix.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\t1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\t2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\Thumbs.db
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\up1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\up2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\w1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\w11.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\w2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\w3.jpg
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\word.doc
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\wt1.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\wt2.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\images\wt3.gif
c:\windows\system32\config\systemprofile\AppData\Roaming\scdata\wispex.html
c:\windows\system32\config\systemprofile\AppData\Roaming\skynet.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\wp3.dat
c:\windows\system32\config\systemprofile\AppData\Roaming\wp4.dat
c:\windows\system32\config\systemprofile\Desktop\Wireshark Antivirus.lnk
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\ReadMe.txt
c:\windows\system32\secushr.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
F:\autorun.inf
J:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-14 23:47 . 2010-08-15 00:21 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Local\temp
2010-08-14 23:47 . 2010-08-14 23:47 -------- d-----w- c:\users\Myself\AppData\Local\temp
2010-08-14 23:47 . 2010-08-14 23:47 -------- d-----w- c:\users\GLAZED~1~MYS\AppData\Local\temp
2010-08-14 23:47 . 2010-08-14 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-09 22:03 . 2010-08-09 22:03 -------- d-----w- C:\Downloads
2010-08-08 19:48 . 2010-08-08 20:05 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\PrimoPDF
2010-08-08 19:47 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-08-08 19:47 . 2010-08-08 19:47 -------- d-----w- c:\program files\Nitro PDF
2010-08-08 01:17 . 2010-08-12 08:21 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\kavjpbepj
2010-08-05 04:14 . 2010-08-05 04:14 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com
2010-08-05 04:14 . 2010-08-05 04:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-05 04:13 . 2010-08-05 04:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-05 02:27 . 2010-08-05 02:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Wireshark Antivirus
2010-08-04 23:34 . 2010-08-04 23:34 -------- d-----w- c:\program files\Lunarsoft
2010-08-03 15:04 . 2010-08-03 15:04 -------- d-----w- c:\program files\Hobbyist Software
2010-08-02 11:57 . 2010-08-03 15:04 120 ----a-w- c:\users\Glazed.Myself-PC\AppData\Local\Ktorefova.dat
2010-08-02 11:57 . 2010-08-03 15:04 0 ----a-w- c:\users\Glazed.Myself-PC\AppData\Local\Flecepa.bin
2010-08-02 11:36 . 2010-08-02 11:36 -------- d-----w- c:\programdata\Affinegy
2010-08-02 11:34 . 2010-08-02 11:34 -------- d-----w- c:\programdata\Belkin
2010-08-02 04:17 . 2010-08-02 04:17 -------- d-----w- c:\program files\Belkin
2010-07-31 14:20 . 2010-08-02 01:04 120 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Ktorefova.dat
2010-07-31 14:20 . 2010-08-01 18:18 0 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\Flecepa.bin
2010-07-31 14:17 . 2010-08-02 12:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-07-31 00:47 . 2010-07-31 00:47 -------- d-----w- c:\program files\Remotewin
2010-07-30 04:08 . 2010-07-30 04:08 -------- d-----w- c:\program files\zabkat
2010-07-29 06:08 . 2010-07-29 06:16 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Local\cubkrqpog
2010-07-24 03:53 . 2010-07-24 04:38 -------- d-----w- c:\program files\FastCopy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 23:49 . 2010-03-25 13:40 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-14 23:48 . 2010-01-04 05:17 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-14 22:38 . 2010-01-05 01:28 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-14 22:38 . 2010-01-05 01:19 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-14 20:39 . 2010-01-13 23:28 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\mIRC
2010-08-14 20:39 . 2010-01-13 23:28 -------- d-----w- c:\program files\mIRC
2010-08-13 15:13 . 2010-01-17 20:55 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\uTorrent
2010-08-09 22:44 . 2010-01-05 01:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-09 22:44 . 2010-01-05 01:19 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-05 04:15 . 2010-08-05 04:14 63488 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 04:14 . 2010-08-05 04:14 117760 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-05 04:14 . 2010-08-05 04:14 52224 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-05 02:27 . 2010-08-05 02:27 878592 ----a-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Wireshark Antivirus\Wireshark Antivirus.exe
2010-08-04 23:31 . 2010-02-15 03:59 -------- d-----w- c:\program files\DAP
2010-08-03 15:28 . 2010-08-03 15:28 691 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\GetValue.vbs
2010-08-03 15:28 . 2010-08-03 15:28 35 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SetValue.bat
2010-08-03 15:28 . 2010-08-03 15:28 35 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SetValue.bat
2010-08-03 15:09 . 2010-07-06 02:30 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\vlc
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 04:18 . 2010-03-26 04:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 05:46 . 2010-02-26 22:38 -------- d-----w- c:\programdata\Microsoft Help
2010-07-08 17:18 . 2010-07-08 17:12 -------- d-----w- c:\program files\Quicken
2010-07-08 17:17 . 2010-07-08 17:16 -------- d-----w- c:\program files\Common Files\Config
2010-07-08 17:16 . 2010-07-08 17:16 -------- d-----w- c:\program files\Common Files\Inet
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:13 . 2010-07-08 17:13 2776576 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-07-08 17:12 . 2010-07-08 17:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-07-08 17:12 . 2010-01-03 00:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 17:12 . 2010-07-08 17:12 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-08 17:12 . 2010-07-08 17:12 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\Intuit
2010-07-08 17:11 . 2010-07-08 17:11 -------- d-----w- c:\programdata\Intuit
2010-07-01 06:06 . 2010-06-07 20:15 380 ----a-w- C:\nospin.bat
2010-06-27 05:07 . 2010-04-27 03:41 -------- d-----w- c:\program files\Google
2010-06-26 12:20 . 2010-04-19 04:46 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\Skype
2010-06-26 08:01 . 2010-06-08 15:05 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 05:05 . 2010-04-19 04:47 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\skypePM
2010-06-26 04:55 . 2010-06-26 04:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-09 03:45 . 2010-01-04 05:22 110072 ----a-w- c:\users\Glazed.Myself-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-28 19:13 . 2010-05-28 19:13 0 ----a-w- c:\windows\PowerReg.dat
2010-05-27 07:24 . 2010-06-14 05:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-14 05:28 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14 . 2010-01-03 00:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-14 05:32 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-05-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Glazed.Myself-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Talk.lnk]
path=c:\users\Glazed.Myself-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Talk.lnk
backup=c:\windows\pss\Google Talk.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Glazed.Myself-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mIRC.lnk]
path=c:\users\Glazed.Myself-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIRC.lnk
backup=c:\windows\pss\mIRC.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Glazed.Myself-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent.exe - Shortcut.lnk]
path=c:\users\Glazed.Myself-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent.exe - Shortcut.lnk
backup=c:\windows\pss\uTorrent.exe - Shortcut.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTask]
2009-06-22 17:28 335872 ----a-w- c:\program files\AutoTask\AutoTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-08-17 19:48 85888 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCFile]
2008-08-18 21:47 528384 ----a-w- c:\program files\CCFile\ccfile.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 18:32 19456 ----a-w- c:\windows\System32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 18:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
2006-10-09 22:27 807440 ----a-w- c:\program files\DigitalPersona\Bin\DPAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-03-17 13:48 1141144 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2008-07-17 22:12 177448 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 22:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
2010-06-02 21:22 77656 ----a-w- c:\program files\Quicken\bagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2009-05-26 23:49 316672 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteServer]
2010-01-02 17:04 73216 ----a-w- c:\program files\Deep Thought Software\Remote Server\RemoteServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 07:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2009-05-26 23:49 75008 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-16 07:37 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 35584]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2009-07-13 15872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R4 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-05-26 124160]
R4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2010-04-16 103800]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-30 271856]
R4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-30 218608]
R4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2009-11-06 33280]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 03:40]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 03:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: {171FF07A-3DA4-4116-A22B-D327A9CC3E8D} = 216.146.35.35,216.146.36.36
TCP: {905B636C-2BD1-487B-96FF-F5104FD86C56} = 216.146.35.35,216.146.36.36
TCP: {922D6584-FCB9-4B8B-8312-ADD97B422565} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Glazed.Myself-PC\AppData\Roaming\Mozilla\Firefox\Profiles\p24shvo3.default\
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Glazed.Myself-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(512)
c:\windows\DPPWDFLT.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2010-08-14 19:26:57 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 00:26

Pre-Run: 3,027,587,072 bytes free
Post-Run: 3,556,499,456 bytes free

- - End Of File - - 2FF8D754B4D386294C125C2F86324370


#8 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 August 2010 - 07:44 PM

No issues while running combofix. System still exhibits search-redirect. Looking forward to your next suggestion. Thanks again.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 AM

Posted 14 August 2010 - 10:34 PM

Hello

here is what I want you to do next and did you set these as your DNS - 216.146.35.35,216.146.36.36


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 August 2010 - 12:19 AM

I believe those are a result of the DynDNS software I have so I can access my files from work. The dns thing is optional. Should I disable it? I'll run the scan and post the log presently.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 AM

Posted 15 August 2010 - 12:21 AM

no don't disable I just thought they were strange but you gave me a good answer so just run the scan for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 August 2010 - 12:24 AM

2010/08/15 00:19:09.0442 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/15 00:19:09.0442 ================================================================================
2010/08/15 00:19:09.0442 SystemInfo:
2010/08/15 00:19:09.0442
2010/08/15 00:19:09.0442 OS Version: 6.1.7600 ServicePack: 0.0
2010/08/15 00:19:09.0442 Product type: Workstation
2010/08/15 00:19:09.0443 ComputerName: MYSELF-PC
2010/08/15 00:19:09.0443 UserName: Glazed
2010/08/15 00:19:09.0443 Windows directory: C:\Windows
2010/08/15 00:19:09.0444 System windows directory: C:\Windows
2010/08/15 00:19:09.0444 Processor architecture: Intel x86
2010/08/15 00:19:09.0444 Number of processors: 2
2010/08/15 00:19:09.0444 Page size: 0x1000
2010/08/15 00:19:09.0444 Boot type: Normal boot
2010/08/15 00:19:09.0444 ================================================================================
2010/08/15 00:19:09.0925 Initialize success
2010/08/15 00:19:23.0315 ================================================================================
2010/08/15 00:19:23.0315 Scan started
2010/08/15 00:19:23.0315 Mode: Manual;
2010/08/15 00:19:23.0315 ================================================================================
2010/08/15 00:19:23.0831 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/08/15 00:19:23.0899 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/08/15 00:19:23.0946 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/08/15 00:19:24.0032 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2010/08/15 00:19:24.0096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/08/15 00:19:24.0141 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/08/15 00:19:24.0172 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/08/15 00:19:24.0238 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/08/15 00:19:24.0346 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/08/15 00:19:24.0397 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/08/15 00:19:24.0456 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/08/15 00:19:24.0507 amacpi (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\DRIVERS\null.sys
2010/08/15 00:19:24.0530 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/08/15 00:19:24.0558 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/08/15 00:19:24.0606 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/08/15 00:19:24.0635 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/08/15 00:19:24.0670 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/08/15 00:19:24.0707 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/08/15 00:19:24.0739 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/08/15 00:19:24.0782 AN983 (5dc7357b101aef8f5cc292bb8539f5d6) C:\Windows\system32\DRIVERS\AN983.sys
2010/08/15 00:19:24.0878 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/08/15 00:19:24.0943 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/08/15 00:19:24.0969 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/08/15 00:19:25.0016 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/15 00:19:25.0047 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/08/15 00:19:25.0110 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/08/15 00:19:25.0173 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/08/15 00:19:25.0212 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/08/15 00:19:25.0257 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/08/15 00:19:25.0323 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/15 00:19:25.0401 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/08/15 00:19:25.0424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/08/15 00:19:25.0466 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/08/15 00:19:25.0520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/08/15 00:19:25.0551 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/08/15 00:19:25.0576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/08/15 00:19:25.0642 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/08/15 00:19:25.0670 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/08/15 00:19:25.0704 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/08/15 00:19:25.0780 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/08/15 00:19:25.0858 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/08/15 00:19:26.0084 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/15 00:19:26.0253 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/15 00:19:26.0309 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/08/15 00:19:26.0352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/08/15 00:19:26.0402 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/15 00:19:26.0432 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/08/15 00:19:26.0470 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/08/15 00:19:26.0535 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\Windows\system32\COMMONFX.DLL
2010/08/15 00:19:26.0582 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/15 00:19:26.0618 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/08/15 00:19:26.0669 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/08/15 00:19:26.0737 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/08/15 00:19:26.0811 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\Windows\system32\CT20XUT.DLL
2010/08/15 00:19:26.0897 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\Windows\system32\drivers\ctac32k.sys
2010/08/15 00:19:26.0953 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\Windows\system32\drivers\ctaud2k.sys
2010/08/15 00:19:27.0021 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\Windows\system32\CTAUDFX.DLL
2010/08/15 00:19:27.0108 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\Windows\system32\drivers\ctdvda2k.sys
2010/08/15 00:19:27.0157 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\Windows\system32\CTEAPSFX.DLL
2010/08/15 00:19:27.0189 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\Windows\system32\CTEDSPFX.DLL
2010/08/15 00:19:27.0221 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\Windows\system32\CTEDSPIO.DLL
2010/08/15 00:19:27.0283 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\Windows\system32\CTEDSPSY.DLL
2010/08/15 00:19:27.0358 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\Windows\system32\CTERFXFX.DLL
2010/08/15 00:19:27.0408 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\Windows\system32\CTEXFIFX.DLL
2010/08/15 00:19:27.0458 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\Windows\system32\CTHWIUT.DLL
2010/08/15 00:19:27.0491 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\Windows\system32\drivers\ctprxy2k.sys
2010/08/15 00:19:27.0523 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\Windows\system32\CTSBLFX.DLL
2010/08/15 00:19:27.0584 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\Windows\system32\drivers\ctsfm2k.sys
2010/08/15 00:19:27.0638 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/08/15 00:19:27.0699 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/08/15 00:19:27.0760 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/08/15 00:19:27.0843 dpK0Bx01 (aa586b977f26720193e76c6ce4975f0e) C:\Windows\system32\DRIVERS\dpK0Bx01.sys
2010/08/15 00:19:27.0916 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/08/15 00:19:27.0974 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/15 00:19:28.0118 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/08/15 00:19:28.0231 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/08/15 00:19:28.0282 emupia (2885f72d2daffd0329272f12e16d6579) C:\Windows\system32\drivers\emupia2k.sys
2010/08/15 00:19:28.0409 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
2010/08/15 00:19:28.0447 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/08/15 00:19:28.0502 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/08/15 00:19:28.0542 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/08/15 00:19:28.0608 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/15 00:19:28.0646 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/08/15 00:19:28.0671 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/08/15 00:19:28.0707 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/15 00:19:28.0747 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/08/15 00:19:28.0795 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/08/15 00:19:28.0819 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/15 00:19:28.0865 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/08/15 00:19:28.0912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/08/15 00:19:29.0015 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\Windows\system32\drivers\ha10kx2k.sys
2010/08/15 00:19:29.0076 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\Windows\system32\drivers\hap16v2k.sys
2010/08/15 00:19:29.0115 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\Windows\system32\drivers\hap17v2k.sys
2010/08/15 00:19:29.0165 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/08/15 00:19:29.0193 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/15 00:19:29.0223 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/08/15 00:19:29.0247 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/08/15 00:19:29.0278 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/08/15 00:19:29.0364 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/15 00:19:29.0415 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/08/15 00:19:29.0454 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/08/15 00:19:29.0506 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/08/15 00:19:29.0559 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/15 00:19:29.0600 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/08/15 00:19:29.0666 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/08/15 00:19:29.0710 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/08/15 00:19:29.0762 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/15 00:19:29.0787 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/15 00:19:29.0823 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/08/15 00:19:29.0849 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/08/15 00:19:29.0888 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/08/15 00:19:29.0916 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/08/15 00:19:29.0947 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/15 00:19:29.0984 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/15 00:19:30.0021 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/08/15 00:19:30.0055 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/15 00:19:30.0141 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/08/15 00:19:30.0231 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/15 00:19:30.0302 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/08/15 00:19:30.0336 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/08/15 00:19:30.0358 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/08/15 00:19:30.0380 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/08/15 00:19:30.0417 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/08/15 00:19:30.0525 lvpopflt (b0456b8a332135c1216ff2374b584161) C:\Windows\system32\DRIVERS\lvpopflt.sys
2010/08/15 00:19:30.0613 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\drivers\LVUSBSta.sys
2010/08/15 00:19:30.0736 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/08/15 00:19:30.0858 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/08/15 00:19:30.0933 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/08/15 00:19:30.0996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/08/15 00:19:31.0038 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/15 00:19:31.0116 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\Windows\system32\DRIVERS\motodrv.sys
2010/08/15 00:19:31.0183 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/15 00:19:31.0218 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/15 00:19:31.0262 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/08/15 00:19:31.0302 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/08/15 00:19:31.0339 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/15 00:19:31.0374 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/08/15 00:19:31.0437 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/15 00:19:31.0508 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/15 00:19:31.0566 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/15 00:19:31.0608 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/08/15 00:19:31.0628 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/08/15 00:19:31.0673 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/08/15 00:19:31.0695 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/08/15 00:19:31.0719 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/08/15 00:19:31.0786 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/15 00:19:31.0824 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/15 00:19:31.0851 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/08/15 00:19:31.0878 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/08/15 00:19:31.0909 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/15 00:19:31.0935 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/08/15 00:19:31.0960 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/08/15 00:19:31.0990 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/08/15 00:19:32.0016 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/08/15 00:19:32.0112 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/15 00:19:32.0169 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/08/15 00:19:32.0217 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/08/15 00:19:32.0245 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/15 00:19:32.0263 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/15 00:19:32.0290 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/15 00:19:32.0333 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/08/15 00:19:32.0379 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/15 00:19:32.0410 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/15 00:19:32.0478 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/08/15 00:19:32.0545 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\Windows\system32\DRIVERS\pctnullport.sys
2010/08/15 00:19:32.0643 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2010/08/15 00:19:32.0678 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/08/15 00:19:32.0711 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/15 00:19:32.0770 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/08/15 00:19:32.0848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/08/15 00:19:32.0911 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2010/08/15 00:19:33.0216 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/08/15 00:19:33.0537 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/08/15 00:19:33.0568 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/08/15 00:19:33.0623 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/08/15 00:19:33.0702 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
2010/08/15 00:19:33.0746 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/15 00:19:33.0801 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\Windows\system32\drivers\ctoss2k.sys
2010/08/15 00:19:33.0853 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/08/15 00:19:33.0885 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/08/15 00:19:33.0914 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/08/15 00:19:33.0946 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/08/15 00:19:33.0969 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/08/15 00:19:34.0000 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/15 00:19:34.0072 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/08/15 00:19:34.0130 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2010/08/15 00:19:34.0168 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/08/15 00:19:34.0206 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/08/15 00:19:34.0340 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/15 00:19:34.0369 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/08/15 00:19:34.0426 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/15 00:19:34.0483 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2010/08/15 00:19:34.0537 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/08/15 00:19:34.0608 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/08/15 00:19:34.0671 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/15 00:19:34.0699 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/15 00:19:34.0750 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/08/15 00:19:34.0779 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/15 00:19:34.0822 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/15 00:19:34.0849 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/15 00:19:34.0893 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/15 00:19:34.0923 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/08/15 00:19:34.0951 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/15 00:19:34.0998 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/08/15 00:19:35.0032 RDPENCDD (7e044d377a05df431809fdce75c64a86) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/15 00:19:35.0033 Suspicious file (Forged): C:\Windows\system32\drivers\rdpencdd.sys. Real md5: 7e044d377a05df431809fdce75c64a86, Fake md5: 5a53ca1598dd4156d44196d200c94b8a
2010/08/15 00:19:35.0042 RDPENCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/15 00:19:35.0072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/08/15 00:19:35.0102 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/08/15 00:19:35.0146 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/08/15 00:19:35.0249 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/08/15 00:19:35.0313 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2010/08/15 00:19:35.0331 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2010/08/15 00:19:35.0441 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/15 00:19:35.0485 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/08/15 00:19:35.0604 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/15 00:19:35.0656 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/15 00:19:35.0716 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/08/15 00:19:35.0754 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/08/15 00:19:35.0809 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/15 00:19:35.0861 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/08/15 00:19:35.0908 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/08/15 00:19:35.0933 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/08/15 00:19:35.0969 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/08/15 00:19:35.0990 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/08/15 00:19:36.0011 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/08/15 00:19:36.0032 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/08/15 00:19:36.0069 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/08/15 00:19:36.0110 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/08/15 00:19:36.0137 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/08/15 00:19:36.0168 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/08/15 00:19:36.0213 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/08/15 00:19:36.0313 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2010/08/15 00:19:36.0391 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/08/15 00:19:36.0438 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/15 00:19:36.0467 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/15 00:19:36.0515 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/08/15 00:19:36.0564 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/08/15 00:19:36.0623 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/08/15 00:19:36.0657 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/15 00:19:36.0719 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\Windows\System32\drivers\swmsflt.sys
2010/08/15 00:19:36.0806 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
2010/08/15 00:19:36.0864 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/08/15 00:19:36.0978 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/15 00:19:37.0037 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
2010/08/15 00:19:37.0078 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/15 00:19:37.0112 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/08/15 00:19:37.0133 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/08/15 00:19:37.0161 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/15 00:19:37.0218 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/15 00:19:37.0275 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/15 00:19:37.0343 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/15 00:19:37.0373 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/08/15 00:19:37.0405 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/15 00:19:37.0449 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/08/15 00:19:37.0483 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/15 00:19:37.0500 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/08/15 00:19:37.0569 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2010/08/15 00:19:37.0631 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/15 00:19:37.0656 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/08/15 00:19:37.0708 usbdpfp (334fd1ed28cf35113522d86733ab576c) C:\Windows\system32\DRIVERS\usbdpfp.sys
2010/08/15 00:19:37.0754 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/15 00:19:37.0796 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/15 00:19:37.0878 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/08/15 00:19:37.0910 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/15 00:19:37.0976 usbrndis6 (20158f032eea4fc501118f1992fdf57d) C:\Windows\system32\DRIVERS\usb80236.sys
2010/08/15 00:19:38.0040 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/15 00:19:38.0093 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/15 00:19:38.0144 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/08/15 00:19:38.0174 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/08/15 00:19:38.0207 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/15 00:19:38.0239 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/08/15 00:19:38.0271 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/08/15 00:19:38.0314 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/08/15 00:19:38.0345 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/08/15 00:19:38.0379 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/08/15 00:19:38.0422 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/08/15 00:19:38.0450 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/08/15 00:19:38.0482 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/08/15 00:19:38.0513 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/08/15 00:19:38.0549 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/08/15 00:19:38.0625 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/08/15 00:19:38.0667 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/08/15 00:19:38.0703 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/08/15 00:19:38.0755 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/15 00:19:38.0768 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/15 00:19:38.0832 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/08/15 00:19:38.0872 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/15 00:19:38.0957 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/08/15 00:19:38.0982 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/08/15 00:19:39.0083 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/08/15 00:19:39.0105 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/08/15 00:19:39.0157 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/15 00:19:39.0205 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/08/15 00:19:39.0270 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/15 00:19:39.0417 ================================================================================
2010/08/15 00:19:39.0417 Scan finished
2010/08/15 00:19:39.0417 ================================================================================
2010/08/15 00:19:39.0428 Detected object count: 1
2010/08/15 00:20:34.0470 RDPENCDD (7e044d377a05df431809fdce75c64a86) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/15 00:20:34.0471 Suspicious file (Forged): C:\Windows\system32\drivers\rdpencdd.sys. Real md5: 7e044d377a05df431809fdce75c64a86, Fake md5: 5a53ca1598dd4156d44196d200c94b8a
2010/08/15 00:20:34.0591 Backup copy found, using it..
2010/08/15 00:20:34.0611 C:\Windows\system32\drivers\rdpencdd.sys - will be cured after reboot
2010/08/15 00:20:34.0611 Rootkit.Win32.TDSS.tdl3(RDPENCDD) - User select action: Cure
2010/08/15 00:20:53.0086 Deinitialize success


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:33 AM

Posted 15 August 2010 - 12:35 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
Folder::
c:\windows\system32\config\systemprofile\AppData\Local\kavjpbepj
c:\users\Glazed.Myself-PC\AppData\Local\cubkrqpog

File::
c:\users\Glazed.Myself-PC\AppData\Local\Ktorefova.dat
c:\users\Glazed.Myself-PC\AppData\Local\Flecepa.bin
c:\windows\system32\config\systemprofile\AppData\Local\Ktorefova.dat
c:\windows\system32\config\systemprofile\AppData\Local\Flecepa.bin


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 August 2010 - 08:32 AM

No issues running script.


ComboFix 10-08-14.02 - Glazed 08/15/2010 0:40.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1250 [GMT -5:00]
Running from: c:\users\Glazed.Myself-PC\Downloads\ComboFix.exe
Command switches used :: c:\users\Glazed.Myself-PC\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point

FILE ::
"c:\users\Glazed.Myself-PC\AppData\Local\Flecepa.bin"
"c:\users\Glazed.Myself-PC\AppData\Local\Ktorefova.dat"
"c:\windows\system32\config\systemprofile\AppData\Local\Flecepa.bin"
"c:\windows\system32\config\systemprofile\AppData\Local\Ktorefova.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Glazed.Myself-PC\AppData\Local\cubkrqpog
c:\users\Glazed.Myself-PC\AppData\Local\Flecepa.bin
c:\users\Glazed.Myself-PC\AppData\Local\Ktorefova.dat
c:\windows\system32\config\systemprofile\AppData\Local\Flecepa.bin
c:\windows\system32\config\systemprofile\AppData\Local\kavjpbepj
c:\windows\system32\config\systemprofile\AppData\Local\Ktorefova.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 05:53 . 2010-08-15 05:54 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Local\temp
2010-08-15 05:53 . 2010-08-15 05:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-15 05:53 . 2010-08-15 05:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-15 05:53 . 2010-08-15 05:53 -------- d-----w- c:\users\Myself\AppData\Local\temp
2010-08-15 05:53 . 2010-08-15 05:53 -------- d-----w- c:\users\GLAZED~1~MYS\AppData\Local\temp
2010-08-15 05:53 . 2010-08-15 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-09 22:03 . 2010-08-09 22:03 -------- d-----w- C:\Downloads
2010-08-08 19:48 . 2010-08-08 20:05 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\PrimoPDF
2010-08-08 19:47 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-08-08 19:47 . 2010-08-08 19:47 -------- d-----w- c:\program files\Nitro PDF
2010-08-05 04:14 . 2010-08-05 04:15 63488 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-05 04:14 . 2010-08-05 04:14 52224 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-05 04:14 . 2010-08-05 04:14 117760 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-05 04:14 . 2010-08-05 04:14 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\SUPERAntiSpyware.com
2010-08-05 04:14 . 2010-08-05 04:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-05 04:13 . 2010-08-05 04:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-05 02:27 . 2010-08-05 02:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Wireshark Antivirus
2010-08-05 02:27 . 2010-08-05 02:27 878592 ----a-w- c:\windows\System32\config\systemprofile\AppData\Roaming\Wireshark Antivirus\Wireshark Antivirus.exe
2010-08-04 23:34 . 2010-08-04 23:34 -------- d-----w- c:\program files\Lunarsoft
2010-08-03 15:28 . 2010-08-03 15:28 35 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\SetValue.bat
2010-08-03 15:04 . 2010-08-03 15:04 -------- d-----w- c:\program files\Hobbyist Software
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 16:24 . 2010-08-02 16:24 2373712 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\id Software\QuakeLive\pbsvc.exe
2010-08-02 11:36 . 2010-08-02 11:36 -------- d-----w- c:\programdata\Affinegy
2010-08-02 04:17 . 2010-08-02 04:17 -------- d-----w- c:\program files\Belkin
2010-07-31 14:17 . 2010-08-02 12:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-07-31 00:47 . 2010-07-31 00:47 -------- d-----w- c:\program files\Remotewin
2010-07-30 04:08 . 2010-07-30 04:08 -------- d-----w- c:\program files\zabkat
2010-07-24 03:53 . 2010-07-24 04:38 -------- d-----w- c:\program files\FastCopy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 05:54 . 2010-03-25 13:40 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-15 05:22 . 2010-01-04 05:17 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-15 05:21 . 2009-07-14 00:01 6656 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys
2010-08-15 03:11 . 2010-01-05 01:28 139336 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-15 03:11 . 2010-01-05 01:19 214720 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-15 00:46 . 2010-01-13 23:28 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\mIRC
2010-08-15 00:46 . 2010-01-13 23:28 -------- d-----w- c:\program files\mIRC
2010-08-13 15:13 . 2010-01-17 20:55 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\uTorrent
2010-08-09 22:44 . 2010-01-05 01:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-08-09 22:44 . 2010-01-05 01:19 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-08-04 23:31 . 2010-02-15 03:59 -------- d-----w- c:\program files\DAP
2010-08-03 15:28 . 2010-08-03 15:28 691 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\GetValue.vbs
2010-08-03 15:09 . 2010-07-06 02:30 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\vlc
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:35 . 2010-08-02 11:34 21409808 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
2010-08-02 11:34 . 2010-08-02 11:34 -------- d-----w- c:\programdata\Belkin
2010-08-02 04:18 . 2010-03-26 04:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 05:46 . 2010-02-26 22:38 -------- d-----w- c:\programdata\Microsoft Help
2010-07-08 17:18 . 2010-07-08 17:12 -------- d-----w- c:\program files\Quicken
2010-07-08 17:17 . 2010-07-08 17:16 -------- d-----w- c:\program files\Common Files\Config
2010-07-08 17:16 . 2010-07-08 17:16 -------- d-----w- c:\program files\Common Files\Inet
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:15 . 2010-07-08 17:15 7410688 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191319-191429.dll
2010-07-08 17:13 . 2010-07-08 17:13 2776576 ----a-w- c:\programdata\Intuit\Quicken\Inet\Common\patch\Update\191429-19153.dll
2010-07-08 17:12 . 2010-07-08 17:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-07-08 17:12 . 2010-01-03 00:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 17:12 . 2010-07-08 17:12 -------- d-----w- c:\program files\Common Files\Intuit
2010-07-08 17:12 . 2010-07-08 17:12 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\Intuit
2010-07-08 17:11 . 2010-07-08 17:11 -------- d-----w- c:\programdata\Intuit
2010-07-01 06:06 . 2010-06-07 20:15 380 ----a-w- C:\nospin.bat
2010-06-27 05:07 . 2010-04-27 03:41 -------- d-----w- c:\program files\Google
2010-06-26 12:20 . 2010-04-19 04:46 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\Skype
2010-06-26 08:01 . 2010-06-08 15:05 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 05:05 . 2010-04-19 04:47 -------- d-----w- c:\users\Glazed.Myself-PC\AppData\Roaming\skypePM
2010-06-26 04:55 . 2010-06-26 04:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-09 03:45 . 2010-01-04 05:22 110072 ----a-w- c:\users\Glazed.Myself-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-28 19:13 . 2010-05-28 19:13 0 ----a-w- c:\windows\PowerReg.dat
2010-05-27 07:24 . 2010-06-14 05:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-14 05:28 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14 . 2010-01-03 00:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-14 05:32 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-05-03 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-15_00.21.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-11 15:49 . 2010-08-15 05:23 32776 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-15 05:23 43338 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-11 15:49 . 2010-08-15 05:23 10452 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3828720701-1418755444-3874934446-1003_UserData.bin
- 2010-01-03 14:49 . 2010-08-14 23:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-03 14:49 . 2010-08-15 05:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-03 14:49 . 2010-08-14 23:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 14:49 . 2010-08-15 05:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-03 14:49 . 2010-08-14 23:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-03 14:49 . 2010-08-15 05:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-03 04:08 . 2010-08-14 23:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-03 04:08 . 2010-08-15 05:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-03 15:08 . 2010-08-15 00:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 15:08 . 2010-08-15 05:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 15:08 . 2010-08-15 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-03 15:08 . 2010-08-15 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-03 15:08 . 2010-08-15 00:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-03 15:08 . 2010-08-15 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-03 04:08 . 2010-08-15 00:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 04:08 . 2010-08-15 05:24 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-03 04:08 . 2010-08-14 23:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-03 04:08 . 2010-08-15 05:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 00:01 . 2010-08-15 05:21 6656 c:\windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys
- 2009-07-14 00:01 . 2009-07-14 00:01 6656 c:\windows\winsxs\x86_microsoft-windows-t..llaboration-drivers_31bf3856ad364e35_6.1.7600.16385_none_06a5a17a3714c64d\RDPENCDD.sys
- 2010-08-10 03:27 . 2010-08-14 23:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-15 05:22 . 2010-08-15 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-10 03:27 . 2010-08-14 23:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-15 05:22 . 2010-08-15 05:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-03 00:06 . 2010-08-10 03:43 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-03 00:06 . 2010-08-15 00:03 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
backup=c:\windows\pss\DynDNS Updater Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Glazed.Myself-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Google Talk.lnk]
path=c:\users\Glazed.Myself-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Talk.lnk
backup=c:\windows\pss\Google Talk.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Glazed.Myself-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^mIRC.lnk]
path=c:\users\Glazed.Myself-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIRC.lnk
backup=c:\windows\pss\mIRC.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Glazed.Myself-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent.exe - Shortcut.lnk]
path=c:\users\Glazed.Myself-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent.exe - Shortcut.lnk
backup=c:\windows\pss\uTorrent.exe - Shortcut.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTask]
2009-06-22 17:28 335872 ----a-w- c:\program files\AutoTask\AutoTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2009-08-17 19:48 85888 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCFile]
2008-08-18 21:47 528384 ----a-w- c:\program files\CCFile\ccfile.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 18:32 19456 ----a-w- c:\windows\System32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2007-04-09 18:32 19968 ----a-w- c:\windows\System32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
2006-10-09 22:27 807440 ----a-w- c:\program files\DigitalPersona\Bin\DPAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Glazed.Myself-PC\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-03-17 13:48 1141144 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2008-07-17 22:12 177448 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 22:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickenScheduledUpdates]
2010-06-02 21:22 77656 ----a-w- c:\program files\Quicken\bagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2009-05-26 23:49 316672 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteServer]
2010-01-02 17:04 73216 ----a-w- c:\program files\Deep Thought Software\Remote Server\RemoteServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 07:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2009-05-26 23:49 75008 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-16 07:37 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dpK0Bx01;Fingerprint Reader Filter Driver;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2006-09-16 35584]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 usbdpfp;Fingerprint Reader Class Driver;c:\windows\system32\DRIVERS\usbdpfp.sys [2006-09-16 47360]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2009-07-13 15872]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-25 1343400]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R4 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-05-26 124160]
R4 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [2010-04-16 103800]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-30 271856]
R4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-30 218608]
R4 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2009-11-06 33280]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-13 691696]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2009-07-13 4608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 03:40]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 03:40]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: {171FF07A-3DA4-4116-A22B-D327A9CC3E8D} = 216.146.35.35,216.146.36.36
TCP: {905B636C-2BD1-487B-96FF-F5104FD86C56} = 216.146.35.35,216.146.36.36
TCP: {922D6584-FCB9-4B8B-8312-ADD97B422565} = 216.146.35.35,216.146.36.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Glazed.Myself-PC\AppData\Roaming\Mozilla\Firefox\Profiles\p24shvo3.default\
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Glazed.Myself-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(540)
c:\windows\DPPWDFLT.DLL
.
Completion time: 2010-08-15 00:57:42
ComboFix-quarantined-files.txt 2010-08-15 05:57
ComboFix2.txt 2010-08-15 00:26

Pre-Run: 3,347,116,032 bytes free
Post-Run: 3,286,425,600 bytes free

- - End Of File - - A178D1510AECC61D270B549278C74C0C


#15 GLAzedFAith

GLAzedFAith
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 15 August 2010 - 09:03 AM

Another side-effect I hadn't mentioned before, but that is ever present, is periodically my web-browsing ability will just lock up. IE, FF, Chrome, they all just sit there and try to load. I know it's not my internet connection, because I run mIRC and uTorrent and neither lose connection. Also, I'm able to ping just fine.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users