Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 tapdatast

tapdatast

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 12 September 2010 - 09:23 PM

Ok. I am writing to let you know that I have or had what I believe to be the Google redirect virus.
After I enter text in the search bar i would consistently be taken to ...anywhere. Bing seems to be a common place.
As you might have noticed it was propably the same as what has been going on around for all the other redirects lately.
I believe I got it from a "your computer has been detected with a virus" scam and no I did not say say yes or click on it.
It just installed itself. Told me I had a virus and said that if i want to get rid of it its gonna cost me. lmao!
I emailed the sight and they told me in polite terms to go f$#@ myself. cute.

Anyways. i am not helpless with a computer and I like to read so I came here.
I noticed a lot of the reports were very similar so I went ahead and made the logs myself before asking for help.
Everything will be attached in this and the next post.
Again, I am sorry but i could not get the gamer log to work because it kept freezing up the computer.
I did use the RKU..........but not untill after I used the combofix.
It looks as though the combo fix has worked but I will leave that up to you to see.

The DDS log and Attach log are "before" combofix. The RKU log is "after" combofix. IO am sorry for the confusion.




DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 11:02:40.84 on 11/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1149 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: My Security Shield *On-access scanning enabled* (Updated) {647C0B8A-E541-4242-9619-9EE2AD9D72BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: My Security Shield *enabled* {D4360DF4-D446-4908-A8B6-7025348A66FF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\John\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [lxbxmon.exe] "c:\program files\lexmark 7100 series\lxbxmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7100 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Hkey3333] c:\windows\system32\file.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Zboard] c:\program files\ideazon\zengine\Zboard.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250930171718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\john\applic~1\mozilla\firefox\profiles\bsn7nwoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\john\application data\mozilla\firefox\profiles\bsn7nwoc.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-13 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/28 11:41:06];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-4-2 87536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355928]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-8-21 10384]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\motoconnectservice.exe --> c:\program files\motorola\motoconnectservice\MotoConnectService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-27 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-13 15008]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2010-1-12 217088]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-03 17:06:50 0 d-----w- c:\program files\PS3 Media Server
2010-08-22 16:57:17 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-08-21 05:18:42 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-08-21 05:18:42 0 d-----w- c:\program files\Belarc
2010-08-13 22:51:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-13 22:08:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-13 22:08:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-13 22:05:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 22:04:58 0 d-----w- c:\program files\Lavasoft
2010-08-13 20:42:05 0 d-----w- c:\program files\ApecSoft
2010-08-13 07:42:57 0 d-----w- c:\program files\TVersity Codec Pack
2010-08-13 07:42:44 0 d-----w- c:\program files\TVersity

==================== Find3M ====================

2010-09-09 04:53:31 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-09 04:52:31 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-05 23:55:14 56884 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-12 04:07:46 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07:46 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07:46 126448 ------w- c:\windows\system32\PxInsI64.exe
2010-08-12 02:18:08 138056 ----a-w- c:\docume~1\john\applic~1\PnkBstrK.sys
2010-08-12 02:17:47 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-06 22:38:12 52736 --sha-r- c:\windows\system32\rasadhlpx.dll
2010-07-17 11:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 11:03:11.56 ===============


RKU.text




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6398000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10276864 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 196.21 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 196.21 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA9451000 C:\WINDOWS\System32\drivers\CTEXFIFX.SYS 1339392 bytes (Creative Technology Ltd., Creative XFi Effects)
0xABB6B000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1191936 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))
0xB6153000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 958464 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xAB9CC000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))
0xB7DCF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB62BE000 C:\WINDOWS\system32\drivers\ctaud2k.sys 520192 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)
0xA8768000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA85D1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6086000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA86DC000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7D9B000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA6E38000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6265000 C:\WINDOWS\system32\drivers\ctoss2k.sys 217088 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xABB3B000 C:\WINDOWS\system32\drivers\emupia2k.sys 196608 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))
0xB60E4000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA7F0A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7DA2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7AC7000 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl 180224 bytes (CyberLink Corp., -)
0xA9881000 C:\WINDOWS\System32\drivers\CT20XUT.SYS 180224 bytes (Creative Technology Ltd., Creative 20X Utility Effects)
0xA6D6D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8641000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xABA68000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 167936 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xB623D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA86B4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA868E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA857E000 C:\WINDOWS\System32\Drivers\dump_nvgts.sys 151552 bytes
0xB7EE6000 nvgts.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0xB629A000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6360000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB633D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA87E4000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xA866C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7EAE000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D88000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8288000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7ECE000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB613C000 C:\WINDOWS\System32\Drivers\ezplay.sys 94208 bytes (VSO Software, Helper driver to facilitate play of cd backups)
0xB7E6F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6125000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA82C8000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA8272000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB7E86000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA98EB000 C:\WINDOWS\System32\drivers\CTHWIUT.SYS 86016 bytes (Creative Technology Ltd., Creative Utility Effects)
0xA80F5000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6384000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8735000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7E5C000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7E9C000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6114000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAFF66000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8258000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8218000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB6DE5000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB6DF5000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB3041000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB3091000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB372F000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB030A000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB6DC5000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB035A000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB6D75000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xB6DA5000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAFF36000 C:\WINDOWS\system32\DRIVERS\Alpham1.sys 45056 bytes (Ideazon Corporation, ZBoard Keyboards driver)
0xB02FA000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8248000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB6DB5000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB6D85000 C:\WINDOWS\system32\DRIVERS\appliand.sys 40960 bytes (Applian Technologies Inc., APPLIAND helper driver)
0xB5E73000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB82F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB6DD5000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB8128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB6D65000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB034A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8208000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB6D95000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB032A000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7C0B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB031A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xAB93A000 C:\DOCUME~1\John\LOCALS~1\Temp\catchme.sys 32768 bytes
0xB8390000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))
0xB094C000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB0944000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xB8398000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB0954000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB0964000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8440000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8340000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB3151000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB83D8000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB093C000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB3159000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xB8388000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB3149000 C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 24576 bytes (Logitech, Inc., Logitech USB Filter Driver.)
0xAB932000 C:\DOCUME~1\John\LOCALS~1\Temp\mbr.sys 24576 bytes
0xB83E8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB0974000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB0934000 C:\WINDOWS\system32\DRIVERS\Alpham2.sys 20480 bytes (Ideazon Corporation, MM ZBoard Keyboards driver)
0xB4B79000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB095C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB83D0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8378000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xAB972000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA8352000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB371F000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xB84BC000 ifp700.sys 16384 bytes (iRiver, Inc., iRiver Internet Audio Player USB Driver)
0xB3723000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB8558000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA82B8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7D50000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB5DA7000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB370B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAFEA2000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB7D64000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7D44000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAFE96000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8632000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85EC000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB85C6000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8630000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8634000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xAB878000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xB8636000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85EE000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xB85F0000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85AE000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB878F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB86FF000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xB87E9000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8762000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAB870000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xB87F0000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Now. I have the text from after running combofix. Am I clean?

All seems to be well but it's your wise knowledge that I seek for final say.





ComboFix 10-09-12.01 - John 12/09/2010 19:48:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1479 [GMT -6:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.txt
c:\documents and settings\John\Application Data\inst.exe
c:\documents and settings\John\Application Data\My Security Shield
c:\documents and settings\John\Application Data\My Security Shield\cookies.sqlite
c:\documents and settings\John\Recent\ANTIGEN.drv
c:\documents and settings\John\Recent\ANTIGEN.exe
c:\documents and settings\John\Recent\ANTIGEN.sys
c:\documents and settings\John\Recent\DBOLE.dll
c:\documents and settings\John\Recent\FW.exe
c:\documents and settings\John\Recent\grid.dll
c:\documents and settings\John\Recent\grid.exe
c:\documents and settings\John\Recent\hymt.exe
c:\documents and settings\John\Recent\kernel32.tmp
c:\documents and settings\John\Recent\PE.dll
c:\documents and settings\John\Recent\PE.exe
c:\documents and settings\John\Recent\snl2w.tmp
C:\Install.exe
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
.

2010-09-05 17:37 . 2010-09-05 17:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-03 17:06 . 2010-09-03 17:09 -------- d-----w- c:\program files\PS3 Media Server
2010-09-02 16:39 . 2010-09-02 16:39 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-02 16:39 . 2010-09-02 16:39 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-02 08:55 . 2010-09-02 16:38 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-02 08:55 . 2010-09-02 08:55 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-02 08:55 . 2010-09-02 08:55 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-09-02 08:54 . 2010-09-02 08:54 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-09-02 08:54 . 2010-09-02 08:54 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-30 04:12 . 2010-08-20 05:46 1312120 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-08-30 04:12 . 2010-08-20 05:46 724992 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-08-22 23:37 . 2010-08-23 01:47 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Panda3D
2010-08-22 23:37 . 2010-06-18 20:42 229376 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
2010-08-22 16:57 . 2009-12-22 01:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-08-21 05:18 . 2010-08-21 05:18 -------- d-----w- c:\program files\Belarc
2010-08-21 05:18 . 2008-02-27 19:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 14:21 . 2009-08-22 00:37 -------- d-----w- c:\documents and settings\John\Application Data\uTorrent
2010-09-09 07:01 . 2009-09-03 23:52 -------- d-----w- c:\program files\EVGA Precision
2010-09-09 04:53 . 2009-09-02 05:14 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-09 04:52 . 2009-09-02 05:14 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-05 23:55 . 2009-09-13 00:54 56884 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-05 18:30 . 2009-08-22 08:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 17:42 . 2009-08-22 01:06 -------- d-----w- c:\program files\iTunes
2010-09-05 17:42 . 2009-08-22 01:06 -------- d-----w- c:\program files\iPod
2010-09-05 17:40 . 2009-08-22 01:06 -------- d-----w- c:\program files\QuickTime
2010-09-03 14:33 . 2009-10-16 04:04 -------- d-----w- c:\documents and settings\John\Application Data\DivX
2010-09-02 16:39 . 2010-06-11 00:57 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-02 16:39 . 2010-06-11 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-02 16:39 . 2009-10-16 04:03 -------- d-----w- c:\program files\DivX
2010-09-02 16:38 . 2010-06-11 00:57 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-02 16:38 . 2010-06-11 00:55 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-02 08:53 . 2010-06-11 00:57 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-28 15:52 . 2009-08-22 08:08 -------- d-----w- c:\documents and settings\John\Application Data\Vso
2010-08-15 21:03 . 2009-08-22 09:25 -------- d-----w- c:\documents and settings\Tanya\Application Data\CyberLink
2010-08-13 22:08 . 2010-08-13 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-13 22:08 . 2010-08-13 22:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-13 22:05 . 2010-08-13 22:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 22:04 . 2010-08-13 22:04 -------- d-----w- c:\program files\Lavasoft
2010-08-13 21:42 . 2009-08-22 07:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-08-13 21:42 . 2010-08-07 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-13 20:42 . 2010-08-13 20:42 -------- d-----w- c:\program files\ApecSoft
2010-08-13 14:47 . 2010-08-13 07:42 -------- d-----w- c:\program files\TVersity
2010-08-13 07:42 . 2010-08-13 07:42 -------- d-----w- c:\program files\TVersity Codec Pack
2010-08-13 04:53 . 2009-08-22 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-12 20:58 . 2010-08-12 20:58 2788816 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-08-12 17:01 . 2010-08-12 17:01 -------- d-----w- c:\documents and settings\Tanya\Application Data\Windows Desktop Search
2010-08-12 17:01 . 2009-08-21 20:58 70328 ----a-w- c:\documents and settings\Tanya\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 15:55 . 2009-11-04 05:41 -------- d-----w- c:\documents and settings\John\Application Data\vlc
2010-08-12 05:43 . 2009-08-21 20:36 70328 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 05:40 . 2010-08-12 05:40 193376 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-12 04:07 . 2009-08-22 07:35 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2009-08-22 07:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2007-10-24 22:42 126448 ------w- c:\windows\system32\PxInsI64.exe
2010-08-12 02:18 . 2010-08-12 02:18 138056 ----a-w- c:\documents and settings\John\Application Data\PnkBstrK.sys
2010-08-12 02:18 . 2010-08-12 02:18 138056 ----a-w- c:\documents and settings\John\Application Data\PnkBstrK.sys
2010-08-12 02:17 . 2010-08-12 02:17 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-12 02:03 . 2009-09-01 07:14 -------- d-----w- c:\program files\EA GAMES
2010-08-12 01:38 . 2010-06-08 06:14 -------- d-----w- c:\documents and settings\John\Application Data\Research In Motion
2010-08-12 00:27 . 2009-08-22 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-12 00:25 . 2010-06-08 06:05 -------- d-----w- c:\program files\Research In Motion
2010-08-11 22:35 . 2009-08-22 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-09 23:14 . 2010-08-09 23:14 -------- d-----w- c:\program files\Ares
2010-08-09 00:08 . 2010-08-08 23:02 -------- d-----w- c:\program files\Windows Desktop Search
2010-08-08 23:59 . 2010-08-08 23:59 -------- d-----w- c:\documents and settings\John\Application Data\Windows Search
2010-08-08 23:41 . 2009-08-22 08:27 -------- d-----w- c:\program files\Microsoft.NET
2010-08-08 23:02 . 2010-08-08 23:02 -------- d-----w- c:\documents and settings\John\Application Data\Windows Desktop Search
2010-08-08 05:19 . 2010-08-08 05:19 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ef573c2-n\decora-sse.dll
2010-08-08 05:19 . 2010-08-08 05:19 503808 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-27d0178e-n\msvcp71.dll
2010-08-08 05:19 . 2010-08-08 05:19 499712 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-27d0178e-n\jmc.dll
2010-08-08 05:19 . 2010-08-08 05:19 348160 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-27d0178e-n\msvcr71.dll
2010-08-08 05:19 . 2010-08-08 05:19 12800 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ef573c2-n\decora-d3d.dll
2010-08-07 06:12 . 2010-08-07 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-07 04:08 . 2010-08-07 04:07 -------- d-----w- c:\documents and settings\John\Application Data\Replay Media Catcher 4
2010-08-07 04:07 . 2010-08-07 04:07 -------- d-----w- c:\program files\Applian Technologies
2010-08-07 00:06 . 2010-08-07 00:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-06 23:52 . 2010-08-06 23:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\bb57494
2010-08-06 23:31 . 2010-08-06 23:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSFQXFLYUS
2010-08-06 23:22 . 2010-08-06 23:22 -------- d-----w- c:\documents and settings\John\Application Data\ElevatedDiagnostics
2010-08-06 22:38 . 2010-08-06 22:38 52736 --sha-r- c:\windows\system32\rasadhlpx.dll
2010-08-01 21:20 . 2010-08-01 21:20 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 21:19 . 2009-08-25 06:49 -------- d-----w- c:\program files\Java
2010-07-28 01:07 . 2009-08-22 04:11 256 ----a-w- c:\windows\system32\pool.bin
2010-07-28 01:01 . 2010-07-28 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-07-28 01:01 . 2010-07-28 01:01 -------- d-----w- c:\program files\ParetoLogic
2010-07-27 23:46 . 2010-07-27 23:46 53248 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-27 23:35 . 2010-07-27 23:35 26694 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{128D6B55-8C79-4B96-BD02-EBB94B931102}\BlackBerry.exe
2010-07-25 05:54 . 2009-08-22 07:35 -------- d-----w- c:\documents and settings\John\Application Data\Winamp
2010-07-25 05:50 . 2009-08-22 07:35 -------- d-----w- c:\program files\Winamp
2010-07-25 05:50 . 2010-03-11 20:29 -------- d-----w- c:\program files\Winamp Detect
2010-07-24 15:35 . 2010-08-06 23:31 718296 ----a-w- c:\documents and settings\All Users\Application Data\bb57494\mozcrt19.dll
2010-07-24 15:35 . 2010-08-06 23:31 467928 ----a-w- c:\documents and settings\All Users\Application Data\bb57494\sqlite3.dll
2010-07-22 22:42 . 2010-07-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-17 11:00 . 2010-04-22 06:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:56 . 2010-08-13 22:05 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-08-13 22:08 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-08-13 22:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2004-08-04 00:56 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 19:46 . 2010-06-24 19:46 28256 ----a-w- c:\windows\system32\drivers\appliand.sys
2010-06-24 12:22 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-03 23:17 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-03 23:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 00:56 80384 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-05 57344]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-20 18790432]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tanya\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-21 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\John\\My Documents\\Software And Other Stuff\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\PS3 Media Server\\PMS.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5001:TCP"= 5001:TCP:PS3MS
"6001:TCP"= 6001:TCP:PS3MS2

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/08/2010 4:08 PM 64288]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/28 11:41];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [02/04/2010 9:11 AM 87536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 2:55 AM 1355928]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21/08/2009 5:55 PM 10384]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 3:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 3:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 3:46 AM 72728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27/05/2010 10:05 PM 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [21/08/2009 5:51 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 3:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 3:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 3:46 AM 72728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [13/08/2010 4:08 PM 15008]
S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [12/01/2010 5:24 PM 217088]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [03/08/2004 6:56 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21/08/2009 5:42 PM 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:37]

2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{0CBA23D0-8960-4928-84AF-FA658558A6CA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-09-13 c:\windows\Tasks\User_Feed_Synchronization-{549F6B6A-BC80-49AA-9473-26FCEBA2B93A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Hkey3333 - c:\windows\system32\file.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-09-12 19:56:35
ComboFix-quarantined-files.txt 2010-09-13 01:56

Pre-Run: 805,858,799,616 bytes free
Post-Run: 807,423,188,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C4A9BFB73B137012030EDA5912CD778C




Add/Remove.text




2007 Microsoft Office Suite Service Pack 2 (SP2)
AC3Filter 1.63b
Ad-Aware
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.3.4 - CPSID_83708
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.6
Audacity 1.2.6
Avanquest update
AviSynth 2.5
Battlefield 2™
Battlefield Heroes (John)
Belarc Advisor 8.1
BlackBerry Desktop Software 5.0.1
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
BlackBerry Device Software v4.5.0 for the BlackBerry 8130 smartphone
BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
BlindWrite 6
Bonjour
CDDRV_Installer
ConvertXtoDVD 3.8.0.193
Creative Audio Control Panel
Creative Software AutoUpdate
CyberLink PowerDVD 10
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVDFab 6.1.2.5 (27/10/2009)
erLT
EVGA Precision 2.0.0
ffdshow v1.1.3466 [2010-05-31]
File And MP3 Tag Renamer 2.2
Free WMA to MP3 Converter 1.16
Google Earth Pro 4.2
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iPhone Configuration Utility
iriver Music Manager
iTunes
Java Auto Updater
Java™ 6 Update 21
K-Lite Mega Codec Pack 5.0.5
KhalInstallWrapper
LAME v3.98.2 for Audacity
Lexmark 7100 Series
Logitech SetPoint
M2TS to AVI MP4 DVD Converter 1.80
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mkv2vob
MKVtoolnix 2.9.8
Mozilla Firefox (3.6.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
Opera 10.10
PDF Settings
PowerISO
Primo
PS3 Media Server
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Replay Media Catcher 4
Revo Uninstaller 1.89
Rosetta Stone Version 3
Runtime
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sonic UDF Reader
Sony Picture Utility
TouchCopy 09
TVersity Codec Pack 1.4
UDoTaxes2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Videora iPod touch Converter 5.04
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.2
VSO CopyToDVD 4
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Z Engine

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 13 September 2010 - 12:11 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 18 September 2010 - 07:37 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 18 September 2010 - 08:30 PM

OK. ready to go.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 19 September 2010 - 06:29 AM

Redirects at the moment are being caused mainly by two types of rootkit. Let's check for them now

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.


Then
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 19 September 2010 - 12:10 PM

Ok. I did both. here are both reports. btw: the tdss report was left on my desktop but not in my C: ......weird huh?




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 159):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spsw.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6E000 ACPI.sys
0xB7E5D000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E3E000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E18000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E00000 atapi.sys
0xB7DDB000 nvgts.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DBB000 fltmgr.sys
0xB7DA9000 sr.sys
0xB8118000 Lbd.sys
0xB7D93000 DRVMCDB.SYS
0xB8128000 PxHelp20.sys
0xB7D7C000 KSecDD.sys
0xB7D69000 WudfPf.sys
0xB84BC000 ifp700.sys
0xB85AE000 \WINDOWS\system32\drivers\USBD.SYS
0xB7CDC000 Ntfs.sys
0xB7CAF000 NDIS.sys
0xB7C95000 Mup.sys
0xB8228000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB586A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB5856000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8390000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB62A7000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7C4D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB5832000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6297000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8604000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB6287000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB6277000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB580F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB5790000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB576C000 \SystemRoot\system32\drivers\portcls.sys
0xB6267000 \SystemRoot\system32\drivers\drmk.sys
0xB5737000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB83B0000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB570F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6257000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB5625000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xAB841000 \SystemRoot\System32\Drivers\a2d3ffkq.SYS
0xAB82A000 \SystemRoot\System32\Drivers\ezplay.sys
0xB8746000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB0087000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C61000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAB813000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB0057000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB0047000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xAEF3C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xAB802000 \SystemRoot\system32\DRIVERS\psched.sys
0xB0037000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAEF34000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xAEF2C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB0027000 \SystemRoot\system32\DRIVERS\appliand.sys
0xB0017000 \SystemRoot\System32\Drivers\pcouffin.sys
0xAB7D2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB0007000 \SystemRoot\system32\DRIVERS\termdd.sys
0xAEF24000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8648000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAB774000 \SystemRoot\system32\DRIVERS\update.sys
0xAB88E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAF1DD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAEC67000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB0067000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xA52DA000 \SystemRoot\system32\drivers\ha20x2k.sys
0xA52AA000 \SystemRoot\system32\drivers\emupia2k.sys
0xA5281000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xA51E5000 \SystemRoot\system32\drivers\ctac32k.sys
0xA51D0000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0xA51A4000 \SystemRoot\System32\drivers\CT20XUT.SYS
0xA505D000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0xA503A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB8664000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAF1ED000 \SystemRoot\System32\Drivers\Null.SYS
0xB8666000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8488000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8408000 \SystemRoot\System32\drivers\vga.sys
0xB85BE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85C6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB035B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5007000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA4FAE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA4F86000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA4F60000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA4F3E000 \SystemRoot\System32\drivers\afd.sys
0xAEC03000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAEBF3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAEBE3000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA4F13000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA4EA3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAEBD3000 \SystemRoot\System32\Drivers\Fips.SYS
0xAEB67000 \SystemRoot\System32\Drivers\BANTExt.sys
0xAEBB3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB48DE000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xAEBA3000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xA4DFF000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB8554000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAEB93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB248C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB249C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB8558000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB24B4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xAB88A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB24BC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAEB38000 \SystemRoot\system32\DRIVERS\Alpham1.sys
0xB24AC000 \SystemRoot\system32\DRIVERS\Alpham2.sys
0xB85A4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8598000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA4D84000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4B61000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8438000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB02E3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8248000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB87F4000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA4A61000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA4AEB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB8600000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xAFE93000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA4A49000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA4A33000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA4A13000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA4826000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8737000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA477F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA44FB000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
0xA4126000 \SystemRoot\system32\drivers\wdmaud.sys
0xB81F8000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3E37000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3225000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 63):
0 System Idle Process
4 System
920 C:\WINDOWS\system32\smss.exe
976 csrss.exe
1000 C:\WINDOWS\system32\winlogon.exe
1044 C:\WINDOWS\system32\services.exe
1056 C:\WINDOWS\system32\lsass.exe
1256 C:\WINDOWS\system32\nvsvc32.exe
1292 C:\WINDOWS\system32\svchost.exe
1340 svchost.exe
1464 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1504 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
1808 svchost.exe
180 C:\WINDOWS\system32\spoolsv.exe
248 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
472 svchost.exe
536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
552 C:\Program Files\Bonjour\mDNSResponder.exe
732 C:\Program Files\Java\jre6\bin\jqs.exe
1408 C:\WINDOWS\system32\PnkBstrA.exe
1428 C:\WINDOWS\system32\PnkBstrB.exe
1528 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1852 C:\WINDOWS\system32\svchost.exe
232 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
744 C:\WINDOWS\system32\searchindexer.exe
1832 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2168 alg.exe
3204 C:\WINDOWS\explorer.exe
3420 C:\WINDOWS\system32\Ctxfihlp.exe
3700 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3720 C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
3728 C:\Program Files\Lexmark 7100 Series\ezprint.exe
3736 C:\WINDOWS\system32\CTxfispi.exe
3752 C:\Program Files\Winamp\winampa.exe
3772 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3832 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3856 C:\WINDOWS\system32\rundll32.exe
3880 C:\Program Files\Ideazon\ZEngine\Zboard.exe
3972 C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
3148 C:\Program Files\CyberLink\Shared files\brs.exe
3016 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3268 C:\Program Files\Microsoft Security Essentials\msseces.exe
3284 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3480 C:\Program Files\iTunes\iTunesHelper.exe
3484 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3496 C:\WINDOWS\system32\ctfmon.exe
588 C:\Program Files\Logitech\SetPoint\SetPoint.exe
1484 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1876 C:\WINDOWS\system32\lxbxcoms.exe
2848 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3616 C:\Program Files\iPod\bin\iPodService.exe
3936 C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
2656 PresentationFontCache.exe
2796 C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
328 C:\Program Files\Java\jre6\bin\javaw.exe
4604 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
4900 unsecapp.exe
960 wmiprvse.exe
3884 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
4040 C:\WINDOWS\system32\wuauclt.exe
440 C:\Documents and Settings\John\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FALS-00J7B1, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


NEXT THE TDSS REPORT!



2010/09/19 10:56:22.0656 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/19 10:56:22.0656 ================================================================================
2010/09/19 10:56:22.0656 SystemInfo:
2010/09/19 10:56:22.0656
2010/09/19 10:56:22.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/19 10:56:22.0656 Product type: Workstation
2010/09/19 10:56:22.0656 ComputerName: YOUR-037F4B307B
2010/09/19 10:56:22.0656 UserName: John
2010/09/19 10:56:22.0656 Windows directory: C:\WINDOWS
2010/09/19 10:56:22.0656 System windows directory: C:\WINDOWS
2010/09/19 10:56:22.0656 Processor architecture: Intel x86
2010/09/19 10:56:22.0656 Number of processors: 2
2010/09/19 10:56:22.0656 Page size: 0x1000
2010/09/19 10:56:22.0656 Boot type: Normal boot
2010/09/19 10:56:22.0656 ================================================================================
2010/09/19 10:56:23.0593 Initialize success
2010/09/19 10:57:24.0125 ================================================================================
2010/09/19 10:57:24.0125 Scan started
2010/09/19 10:57:24.0125 Mode: Manual;
2010/09/19 10:57:24.0125 ================================================================================
2010/09/19 10:57:24.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/19 10:57:24.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/19 10:57:24.0390 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/19 10:57:24.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/19 10:57:24.0515 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
2010/09/19 10:57:24.0531 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
2010/09/19 10:57:24.0593 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/19 10:57:24.0656 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/09/19 10:57:24.0671 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/09/19 10:57:24.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/19 10:57:24.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/19 10:57:24.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/19 10:57:24.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/19 10:57:24.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/19 10:57:24.0812 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/09/19 10:57:24.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/19 10:57:25.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/19 10:57:25.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/19 10:57:25.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/19 10:57:25.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/19 10:57:25.0156 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
2010/09/19 10:57:25.0171 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
2010/09/19 10:57:25.0203 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/09/19 10:57:25.0218 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/09/19 10:57:25.0265 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/09/19 10:57:25.0281 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
2010/09/19 10:57:25.0312 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
2010/09/19 10:57:25.0328 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
2010/09/19 10:57:25.0343 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
2010/09/19 10:57:25.0343 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/09/19 10:57:25.0375 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/09/19 10:57:25.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/19 10:57:25.0437 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/19 10:57:25.0453 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/19 10:57:25.0468 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/19 10:57:25.0484 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/19 10:57:25.0500 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/19 10:57:25.0515 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/19 10:57:25.0515 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/19 10:57:25.0531 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/19 10:57:25.0546 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/19 10:57:25.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/19 10:57:25.0593 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/19 10:57:25.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/19 10:57:25.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/19 10:57:25.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/19 10:57:25.0671 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/19 10:57:25.0671 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/19 10:57:25.0687 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/09/19 10:57:25.0734 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
2010/09/19 10:57:25.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/19 10:57:25.0765 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/19 10:57:25.0781 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/19 10:57:25.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/19 10:57:25.0828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/19 10:57:25.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/19 10:57:25.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/19 10:57:25.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/19 10:57:25.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/19 10:57:25.0906 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
2010/09/19 10:57:25.0937 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/19 10:57:25.0968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/19 10:57:26.0031 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/19 10:57:26.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/09/19 10:57:26.0140 IFP700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp700.sys
2010/09/19 10:57:26.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/19 10:57:26.0312 IntcAzAudAddService (c42f37a1f345219b4888188bf297ddef) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/19 10:57:26.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/19 10:57:26.0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/19 10:57:26.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/19 10:57:26.0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/19 10:57:26.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/19 10:57:26.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/19 10:57:26.0562 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/19 10:57:26.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/19 10:57:26.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/19 10:57:26.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/19 10:57:26.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/19 10:57:26.0687 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/19 10:57:26.0796 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/19 10:57:26.0812 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/19 10:57:26.0843 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/09/19 10:57:26.0875 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/09/19 10:57:26.0890 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/09/19 10:57:26.0906 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/09/19 10:57:26.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/19 10:57:26.0953 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/19 10:57:27.0000 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/19 10:57:27.0046 motmodem (0064b0a000d87a79e01331b8ec5a5cab) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/09/19 10:57:27.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/19 10:57:27.0062 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/19 10:57:27.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/19 10:57:27.0093 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/09/19 10:57:27.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/19 10:57:27.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/19 10:57:27.0171 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/19 10:57:27.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/19 10:57:27.0250 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/19 10:57:27.0265 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/19 10:57:27.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/19 10:57:27.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/19 10:57:27.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/19 10:57:27.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/19 10:57:27.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/19 10:57:27.0359 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/19 10:57:27.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/19 10:57:27.0375 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/19 10:57:27.0375 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/19 10:57:27.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/19 10:57:27.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/19 10:57:27.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/19 10:57:27.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/19 10:57:27.0734 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/19 10:57:27.0937 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/19 10:57:27.0937 nvgts (75e2e77c5497f34e60491d27bf03f1cb) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2010/09/19 10:57:27.0953 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/19 10:57:27.0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/19 10:57:28.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/19 10:57:28.0000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/19 10:57:28.0031 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/09/19 10:57:28.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/19 10:57:28.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/19 10:57:28.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/19 10:57:28.0093 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/19 10:57:28.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/19 10:57:28.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/19 10:57:28.0187 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/09/19 10:57:28.0281 PnkBstrK (db7f8840c92865ca6f3d2db063a5b999) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/09/19 10:57:28.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/19 10:57:28.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/19 10:57:28.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/19 10:57:28.0375 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/19 10:57:28.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/19 10:57:28.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/19 10:57:28.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/19 10:57:28.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/19 10:57:28.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/19 10:57:28.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/19 10:57:28.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/19 10:57:28.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/19 10:57:28.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/19 10:57:28.0593 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/19 10:57:28.0640 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/19 10:57:28.0687 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/19 10:57:28.0718 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/09/19 10:57:28.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/19 10:57:28.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/19 10:57:28.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/19 10:57:28.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/19 10:57:28.0921 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/19 10:57:28.0968 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/19 10:57:28.0968 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/09/19 10:57:28.0968 sptd - detected Locked file (1)
2010/09/19 10:57:28.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/19 10:57:29.0015 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/19 10:57:29.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/19 10:57:29.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/19 10:57:29.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/19 10:57:29.0187 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/19 10:57:29.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/19 10:57:29.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/19 10:57:29.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/19 10:57:29.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/19 10:57:29.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/19 10:57:29.0343 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/19 10:57:29.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/19 10:57:29.0406 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/19 10:57:29.0421 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/19 10:57:29.0437 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/19 10:57:29.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/19 10:57:29.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/19 10:57:29.0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/19 10:57:29.0515 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/19 10:57:29.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/19 10:57:29.0578 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/19 10:57:29.0625 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/19 10:57:29.0687 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/19 10:57:29.0734 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/19 10:57:29.0781 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/19 10:57:29.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/19 10:57:29.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/19 10:57:29.0906 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2010/09/19 10:57:29.0937 ================================================================================
2010/09/19 10:57:29.0937 Scan finished
2010/09/19 10:57:29.0937 ================================================================================
2010/09/19 10:57:29.0937 Detected object count: 1
2010/09/19 10:58:42.0140 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2010/09/19 10:58:42.0140 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2010/09/19 10:58:42.0140 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2010/09/19 10:58:42.0140 Locked file(sptd) - User select action: Delete
2010/09/19 10:58:54.0578 Deinitialize success


Ok. I did both. here are both reports. btw: the tdss report was left on my desktop but not in my C: ......weird huh?




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 159):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7EB4000 spsw.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E6E000 ACPI.sys
0xB7E5D000 pci.sys
0xB80A8000 ohci1394.sys
0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB80C8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7E3E000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7E18000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7E00000 atapi.sys
0xB7DDB000 nvgts.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DBB000 fltmgr.sys
0xB7DA9000 sr.sys
0xB8118000 Lbd.sys
0xB7D93000 DRVMCDB.SYS
0xB8128000 PxHelp20.sys
0xB7D7C000 KSecDD.sys
0xB7D69000 WudfPf.sys
0xB84BC000 ifp700.sys
0xB85AE000 \WINDOWS\system32\drivers\USBD.SYS
0xB7CDC000 Ntfs.sys
0xB7CAF000 NDIS.sys
0xB7C95000 Mup.sys
0xB8228000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB586A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB5856000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8390000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB62A7000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7C4D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB5832000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB6297000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8604000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB6287000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB6277000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB580F000 \SystemRoot\system32\DRIVERS\ks.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB5790000 \SystemRoot\system32\drivers\ctaud2k.sys
0xB576C000 \SystemRoot\system32\drivers\portcls.sys
0xB6267000 \SystemRoot\system32\drivers\drmk.sys
0xB5737000 \SystemRoot\system32\drivers\ctoss2k.sys
0xB83B0000 \SystemRoot\system32\drivers\ctprxy2k.sys
0xB570F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB6257000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB5625000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xAB841000 \SystemRoot\System32\Drivers\a2d3ffkq.SYS
0xAB82A000 \SystemRoot\System32\Drivers\ezplay.sys
0xB8746000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB0087000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C61000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAB813000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB0057000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB0047000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xAEF3C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xAB802000 \SystemRoot\system32\DRIVERS\psched.sys
0xB0037000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAEF34000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xAEF2C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB0027000 \SystemRoot\system32\DRIVERS\appliand.sys
0xB0017000 \SystemRoot\System32\Drivers\pcouffin.sys
0xAB7D2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB0007000 \SystemRoot\system32\DRIVERS\termdd.sys
0xAEF24000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8648000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAB774000 \SystemRoot\system32\DRIVERS\update.sys
0xAB88E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAF1DD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAEC67000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB0067000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xA52DA000 \SystemRoot\system32\drivers\ha20x2k.sys
0xA52AA000 \SystemRoot\system32\drivers\emupia2k.sys
0xA5281000 \SystemRoot\system32\drivers\ctsfm2k.sys
0xA51E5000 \SystemRoot\system32\drivers\ctac32k.sys
0xA51D0000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0xA51A4000 \SystemRoot\System32\drivers\CT20XUT.SYS
0xA505D000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0xA503A000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB8664000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAF1ED000 \SystemRoot\System32\Drivers\Null.SYS
0xB8666000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8488000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8408000 \SystemRoot\System32\drivers\vga.sys
0xB85BE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85C6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8420000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83E8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB035B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA5007000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA4FAE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA4F86000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA4F60000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA4F3E000 \SystemRoot\System32\drivers\afd.sys
0xAEC03000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAEBF3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAEBE3000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA4F13000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA4EA3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAEBD3000 \SystemRoot\System32\Drivers\Fips.SYS
0xAEB67000 \SystemRoot\System32\Drivers\BANTExt.sys
0xAEBB3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB48DE000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xAEBA3000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xA4DFF000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB8554000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAEB93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB248C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB249C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB8558000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB24B4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xAB88A000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xB24BC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xAEB38000 \SystemRoot\system32\DRIVERS\Alpham1.sys
0xB24AC000 \SystemRoot\system32\DRIVERS\Alpham2.sys
0xB85A4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB8598000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA4D84000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB4B61000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8438000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB02E3000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8248000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB87F4000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA4A61000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA4AEB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB8600000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xAFE93000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA4A49000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA4A33000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA4A13000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA4826000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8737000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xA477F000 \SystemRoot\system32\DRIVERS\srv.sys
0xA44FB000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
0xA4126000 \SystemRoot\system32\drivers\wdmaud.sys
0xB81F8000 \SystemRoot\system32\drivers\sysaudio.sys
0xA3E37000 \SystemRoot\System32\Drivers\HTTP.sys
0xA3225000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 63):
0 System Idle Process
4 System
920 C:\WINDOWS\system32\smss.exe
976 csrss.exe
1000 C:\WINDOWS\system32\winlogon.exe
1044 C:\WINDOWS\system32\services.exe
1056 C:\WINDOWS\system32\lsass.exe
1256 C:\WINDOWS\system32\nvsvc32.exe
1292 C:\WINDOWS\system32\svchost.exe
1340 svchost.exe
1464 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1504 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
1808 svchost.exe
180 C:\WINDOWS\system32\spoolsv.exe
248 C:\Program Files\Creative\Shared Files\CTAudSvc.exe
472 svchost.exe
536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
552 C:\Program Files\Bonjour\mDNSResponder.exe
732 C:\Program Files\Java\jre6\bin\jqs.exe
1408 C:\WINDOWS\system32\PnkBstrA.exe
1428 C:\WINDOWS\system32\PnkBstrB.exe
1528 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1852 C:\WINDOWS\system32\svchost.exe
232 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
744 C:\WINDOWS\system32\searchindexer.exe
1832 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2168 alg.exe
3204 C:\WINDOWS\explorer.exe
3420 C:\WINDOWS\system32\Ctxfihlp.exe
3700 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3720 C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
3728 C:\Program Files\Lexmark 7100 Series\ezprint.exe
3736 C:\WINDOWS\system32\CTxfispi.exe
3752 C:\Program Files\Winamp\winampa.exe
3772 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3832 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3856 C:\WINDOWS\system32\rundll32.exe
3880 C:\Program Files\Ideazon\ZEngine\Zboard.exe
3972 C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
3148 C:\Program Files\CyberLink\Shared files\brs.exe
3016 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3268 C:\Program Files\Microsoft Security Essentials\msseces.exe
3284 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3480 C:\Program Files\iTunes\iTunesHelper.exe
3484 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3496 C:\WINDOWS\system32\ctfmon.exe
588 C:\Program Files\Logitech\SetPoint\SetPoint.exe
1484 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1876 C:\WINDOWS\system32\lxbxcoms.exe
2848 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
3616 C:\Program Files\iPod\bin\iPodService.exe
3936 C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
2656 PresentationFontCache.exe
2796 C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
328 C:\Program Files\Java\jre6\bin\javaw.exe
4604 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
4900 unsecapp.exe
960 wmiprvse.exe
3884 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
4040 C:\WINDOWS\system32\wuauclt.exe
440 C:\Documents and Settings\John\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FALS-00J7B1, Rev: 05.00K05

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


NEXT THE TDSS REPORT!



2010/09/19 10:56:22.0656 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/19 10:56:22.0656 ================================================================================
2010/09/19 10:56:22.0656 SystemInfo:
2010/09/19 10:56:22.0656
2010/09/19 10:56:22.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/19 10:56:22.0656 Product type: Workstation
2010/09/19 10:56:22.0656 ComputerName: YOUR-037F4B307B
2010/09/19 10:56:22.0656 UserName: John
2010/09/19 10:56:22.0656 Windows directory: C:\WINDOWS
2010/09/19 10:56:22.0656 System windows directory: C:\WINDOWS
2010/09/19 10:56:22.0656 Processor architecture: Intel x86
2010/09/19 10:56:22.0656 Number of processors: 2
2010/09/19 10:56:22.0656 Page size: 0x1000
2010/09/19 10:56:22.0656 Boot type: Normal boot
2010/09/19 10:56:22.0656 ================================================================================
2010/09/19 10:56:23.0593 Initialize success
2010/09/19 10:57:24.0125 ================================================================================
2010/09/19 10:57:24.0125 Scan started
2010/09/19 10:57:24.0125 Mode: Manual;
2010/09/19 10:57:24.0125 ================================================================================
2010/09/19 10:57:24.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/19 10:57:24.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/19 10:57:24.0390 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/19 10:57:24.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/19 10:57:24.0515 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
2010/09/19 10:57:24.0531 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
2010/09/19 10:57:24.0593 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/19 10:57:24.0656 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/09/19 10:57:24.0671 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/09/19 10:57:24.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/19 10:57:24.0734 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/19 10:57:24.0734 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/19 10:57:24.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/19 10:57:24.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/19 10:57:24.0812 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/09/19 10:57:24.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/19 10:57:25.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/19 10:57:25.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/19 10:57:25.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/19 10:57:25.0078 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/19 10:57:25.0156 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
2010/09/19 10:57:25.0171 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
2010/09/19 10:57:25.0203 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/09/19 10:57:25.0218 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/09/19 10:57:25.0265 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/09/19 10:57:25.0281 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
2010/09/19 10:57:25.0312 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
2010/09/19 10:57:25.0328 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
2010/09/19 10:57:25.0343 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
2010/09/19 10:57:25.0343 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/09/19 10:57:25.0375 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/09/19 10:57:25.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/19 10:57:25.0437 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/19 10:57:25.0453 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/19 10:57:25.0468 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/19 10:57:25.0484 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/19 10:57:25.0500 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/19 10:57:25.0515 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/19 10:57:25.0515 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/19 10:57:25.0531 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/19 10:57:25.0546 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/19 10:57:25.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/19 10:57:25.0593 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/19 10:57:25.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/19 10:57:25.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/19 10:57:25.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/19 10:57:25.0671 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/19 10:57:25.0671 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/19 10:57:25.0687 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/09/19 10:57:25.0734 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
2010/09/19 10:57:25.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/19 10:57:25.0765 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/19 10:57:25.0781 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/19 10:57:25.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/19 10:57:25.0828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/19 10:57:25.0828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/19 10:57:25.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/19 10:57:25.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/19 10:57:25.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/19 10:57:25.0906 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
2010/09/19 10:57:25.0937 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/19 10:57:25.0968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/19 10:57:26.0031 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/19 10:57:26.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/09/19 10:57:26.0140 IFP700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp700.sys
2010/09/19 10:57:26.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/19 10:57:26.0312 IntcAzAudAddService (c42f37a1f345219b4888188bf297ddef) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/19 10:57:26.0437 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/19 10:57:26.0468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/19 10:57:26.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/19 10:57:26.0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/19 10:57:26.0515 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/19 10:57:26.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/19 10:57:26.0562 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/19 10:57:26.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/19 10:57:26.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/19 10:57:26.0609 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/19 10:57:26.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/19 10:57:26.0687 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/19 10:57:26.0796 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/19 10:57:26.0812 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/19 10:57:26.0843 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/09/19 10:57:26.0875 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/09/19 10:57:26.0890 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/09/19 10:57:26.0906 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/09/19 10:57:26.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/19 10:57:26.0953 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/19 10:57:27.0000 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/19 10:57:27.0046 motmodem (0064b0a000d87a79e01331b8ec5a5cab) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/09/19 10:57:27.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/19 10:57:27.0062 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/19 10:57:27.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/19 10:57:27.0093 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/09/19 10:57:27.0109 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/19 10:57:27.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/19 10:57:27.0171 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/19 10:57:27.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/19 10:57:27.0250 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/19 10:57:27.0265 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/19 10:57:27.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/19 10:57:27.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/19 10:57:27.0312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/19 10:57:27.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/19 10:57:27.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/19 10:57:27.0359 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/19 10:57:27.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/19 10:57:27.0375 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/19 10:57:27.0375 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/19 10:57:27.0406 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/19 10:57:27.0421 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/19 10:57:27.0437 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/19 10:57:27.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/19 10:57:27.0734 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/19 10:57:27.0937 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/19 10:57:27.0937 nvgts (75e2e77c5497f34e60491d27bf03f1cb) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2010/09/19 10:57:27.0953 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/19 10:57:27.0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/19 10:57:28.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/19 10:57:28.0000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/19 10:57:28.0031 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/09/19 10:57:28.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/19 10:57:28.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/19 10:57:28.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/19 10:57:28.0093 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/19 10:57:28.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/19 10:57:28.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/19 10:57:28.0187 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/09/19 10:57:28.0281 PnkBstrK (db7f8840c92865ca6f3d2db063a5b999) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/09/19 10:57:28.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/19 10:57:28.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/19 10:57:28.0343 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/19 10:57:28.0375 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/19 10:57:28.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/19 10:57:28.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/19 10:57:28.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/19 10:57:28.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/19 10:57:28.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/19 10:57:28.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/19 10:57:28.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/19 10:57:28.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/19 10:57:28.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/19 10:57:28.0593 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/19 10:57:28.0640 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/19 10:57:28.0687 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/19 10:57:28.0718 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/09/19 10:57:28.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/19 10:57:28.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/19 10:57:28.0812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/19 10:57:28.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/19 10:57:28.0921 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/19 10:57:28.0968 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/19 10:57:28.0968 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/09/19 10:57:28.0968 sptd - detected Locked file (1)
2010/09/19 10:57:28.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/19 10:57:29.0015 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/19 10:57:29.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/19 10:57:29.0078 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/19 10:57:29.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/19 10:57:29.0187 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/19 10:57:29.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/19 10:57:29.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/19 10:57:29.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/19 10:57:29.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/19 10:57:29.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/19 10:57:29.0343 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/19 10:57:29.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/19 10:57:29.0406 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/19 10:57:29.0421 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/19 10:57:29.0437 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/19 10:57:29.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/19 10:57:29.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/19 10:57:29.0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/19 10:57:29.0515 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/19 10:57:29.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/19 10:57:29.0578 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/19 10:57:29.0625 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/19 10:57:29.0687 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/19 10:57:29.0734 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/19 10:57:29.0781 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/19 10:57:29.0812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/19 10:57:29.0828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/19 10:57:29.0906 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2010/09/19 10:57:29.0937 ================================================================================
2010/09/19 10:57:29.0937 Scan finished
2010/09/19 10:57:29.0937 ================================================================================
2010/09/19 10:57:29.0937 Detected object count: 1
2010/09/19 10:58:42.0140 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2010/09/19 10:58:42.0140 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot
2010/09/19 10:58:42.0140 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted after reboot
2010/09/19 10:58:42.0140 Locked file(sptd) - User select action: Delete
2010/09/19 10:58:54.0578 Deinitialize success

#6 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 19 September 2010 - 12:11 PM

Oh. and so I don't forget. Thank you for your time and effort ahead of time.
Very much appreciated.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 19 September 2010 - 02:22 PM

TDSSKiller flagged a driver. It is a legitimate file but let's keep an eye on that.

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 21 September 2010 - 01:51 PM

Ok. Here you go.



ComboFix 10-09-20.07 - John 21/09/2010 12:35:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1474 [GMT -6:00]
Running from: c:\documents and settings\John\Desktop\comfix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-19 17:13 . 2010-09-19 17:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-19 17:13 . 2010-09-19 17:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-16 20:14 . 2010-09-16 20:19 -------- d-----w- c:\documents and settings\John\Application Data\Winamp
2010-09-16 20:14 . 2010-09-16 20:19 -------- d-----w- c:\program files\Winamp
2010-09-15 06:09 . 2010-09-15 06:10 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2010-09-05 17:37 . 2010-09-05 17:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-03 17:06 . 2010-09-03 17:09 -------- d-----w- c:\program files\PS3 Media Server
2010-09-02 16:39 . 2010-09-02 16:39 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-02 16:39 . 2010-09-02 16:39 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-09-02 08:55 . 2010-09-02 16:38 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-02 08:55 . 2010-09-02 08:55 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-02 08:55 . 2010-09-02 08:55 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-09-02 08:54 . 2010-09-02 08:54 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-09-02 08:54 . 2010-09-02 08:54 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-30 04:12 . 2010-08-20 05:46 1312120 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2010-08-30 04:12 . 2010-08-20 05:46 724992 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2010-08-22 23:37 . 2010-08-23 01:47 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Panda3D
2010-08-22 23:37 . 2010-06-18 20:42 229376 ----a-w- c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 18:24 . 2009-08-22 00:37 -------- d-----w- c:\documents and settings\John\Application Data\uTorrent
2010-09-19 16:59 . 2010-08-12 05:40 285912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-16 22:46 . 2010-06-08 06:14 -------- d-----w- c:\documents and settings\John\Application Data\Research In Motion
2010-09-16 04:46 . 2009-08-22 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-09 07:01 . 2009-09-03 23:52 -------- d-----w- c:\program files\EVGA Precision
2010-09-09 04:53 . 2009-09-02 05:14 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-09 04:52 . 2009-09-02 05:14 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-09-05 23:55 . 2009-09-13 00:54 56884 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-05 18:30 . 2009-08-22 08:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 17:42 . 2009-08-22 01:06 -------- d-----w- c:\program files\iTunes
2010-09-05 17:42 . 2009-08-22 01:06 -------- d-----w- c:\program files\iPod
2010-09-05 17:40 . 2009-08-22 01:06 -------- d-----w- c:\program files\QuickTime
2010-09-03 14:33 . 2009-10-16 04:04 -------- d-----w- c:\documents and settings\John\Application Data\DivX
2010-09-02 16:39 . 2010-06-11 00:57 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-02 16:39 . 2010-06-11 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-02 16:39 . 2009-10-16 04:03 -------- d-----w- c:\program files\DivX
2010-09-02 16:38 . 2010-06-11 00:57 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-02 16:38 . 2010-06-11 00:55 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-02 08:53 . 2010-06-11 00:57 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-28 15:52 . 2009-08-22 08:08 -------- d-----w- c:\documents and settings\John\Application Data\Vso
2010-08-21 05:18 . 2010-08-21 05:18 -------- d-----w- c:\program files\Belarc
2010-08-17 13:17 . 2004-08-04 00:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-15 21:03 . 2009-08-22 09:25 -------- d-----w- c:\documents and settings\Tanya\Application Data\CyberLink
2010-08-13 22:08 . 2010-08-13 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-13 22:08 . 2010-08-13 22:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-13 22:05 . 2010-08-13 22:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-13 22:04 . 2010-08-13 22:04 -------- d-----w- c:\program files\Lavasoft
2010-08-13 21:42 . 2009-08-22 07:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-08-13 21:42 . 2010-08-07 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-13 20:42 . 2010-08-13 20:42 -------- d-----w- c:\program files\ApecSoft
2010-08-13 14:47 . 2010-08-13 07:42 -------- d-----w- c:\program files\TVersity
2010-08-13 07:42 . 2010-08-13 07:42 -------- d-----w- c:\program files\TVersity Codec Pack
2010-08-13 04:53 . 2009-08-22 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-12 20:58 . 2010-08-12 20:58 2788816 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-08-12 17:01 . 2010-08-12 17:01 -------- d-----w- c:\documents and settings\Tanya\Application Data\Windows Desktop Search
2010-08-12 17:01 . 2009-08-21 20:58 70328 ----a-w- c:\documents and settings\Tanya\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 15:55 . 2009-11-04 05:41 -------- d-----w- c:\documents and settings\John\Application Data\vlc
2010-08-12 05:43 . 2009-08-21 20:36 70328 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-12 04:07 . 2009-08-22 07:35 45648 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-08-12 04:07 . 2009-08-22 07:35 133616 ------w- c:\windows\system32\pxafs.dll
2010-08-12 04:07 . 2007-10-24 22:42 126448 ------w- c:\windows\system32\PxInsI64.exe
2010-08-12 02:18 . 2010-08-12 02:18 138056 ----a-w- c:\documents and settings\John\Application Data\PnkBstrK.sys
2010-08-12 02:18 . 2010-08-12 02:18 138056 ----a-w- c:\documents and settings\John\Application Data\PnkBstrK.sys
2010-08-12 02:17 . 2010-08-12 02:17 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-08-12 02:03 . 2009-09-01 07:14 -------- d-----w- c:\program files\EA GAMES
2010-08-12 00:27 . 2009-08-22 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-08-12 00:25 . 2010-06-08 06:05 -------- d-----w- c:\program files\Research In Motion
2010-08-09 23:14 . 2010-08-09 23:14 -------- d-----w- c:\program files\Ares
2010-08-09 00:08 . 2010-08-08 23:02 -------- d-----w- c:\program files\Windows Desktop Search
2010-08-08 23:59 . 2010-08-08 23:59 -------- d-----w- c:\documents and settings\John\Application Data\Windows Search
2010-08-08 23:41 . 2009-08-22 08:27 -------- d-----w- c:\program files\Microsoft.NET
2010-08-08 23:02 . 2010-08-08 23:02 -------- d-----w- c:\documents and settings\John\Application Data\Windows Desktop Search
2010-08-08 05:19 . 2010-08-08 05:19 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ef573c2-n\decora-sse.dll
2010-08-08 05:19 . 2010-08-08 05:19 503808 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-27d0178e-n\msvcp71.dll
2010-08-08 05:19 . 2010-08-08 05:19 499712 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-27d0178e-n\jmc.dll
2010-08-08 05:19 . 2010-08-08 05:19 348160 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-27d0178e-n\msvcr71.dll
2010-08-08 05:19 . 2010-08-08 05:19 12800 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7ef573c2-n\decora-d3d.dll
2010-08-07 06:12 . 2010-08-07 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-07 04:08 . 2010-08-07 04:07 -------- d-----w- c:\documents and settings\John\Application Data\Replay Media Catcher 4
2010-08-07 04:07 . 2010-08-07 04:07 -------- d-----w- c:\program files\Applian Technologies
2010-08-07 00:06 . 2010-08-07 00:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-06 23:52 . 2010-08-06 23:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\bb57494
2010-08-06 23:31 . 2010-08-06 23:31 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSFQXFLYUS
2010-08-06 23:22 . 2010-08-06 23:22 -------- d-----w- c:\documents and settings\John\Application Data\ElevatedDiagnostics
2010-08-06 22:38 . 2010-08-06 22:38 52736 --sha-r- c:\windows\system32\rasadhlpx.dll
2010-08-01 21:20 . 2010-08-01 21:20 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 21:19 . 2009-08-25 06:49 -------- d-----w- c:\program files\Java
2010-07-28 01:07 . 2009-08-22 04:11 256 ----a-w- c:\windows\system32\pool.bin
2010-07-28 01:01 . 2010-07-28 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FileCure
2010-07-28 01:01 . 2010-07-28 01:01 -------- d-----w- c:\program files\ParetoLogic
2010-07-27 23:46 . 2010-07-27 23:46 53248 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{3360D505-B0AA-4284-92DF-F872AF90A448}\ARPPRODUCTICON.exe
2010-07-24 15:35 . 2010-08-06 23:31 718296 ----a-w- c:\documents and settings\All Users\Application Data\bb57494\mozcrt19.dll
2010-07-24 15:35 . 2010-08-06 23:31 467928 ----a-w- c:\documents and settings\All Users\Application Data\bb57494\sqlite3.dll
2010-07-22 15:49 . 2004-08-04 00:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-08-21 20:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 11:00 . 2010-04-22 06:05 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:56 . 2010-08-13 22:05 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-08-13 22:08 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-08-13 22:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2004-08-04 00:56 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 19:46 . 2010-06-24 19:46 28256 ----a-w- c:\windows\system32\drivers\appliand.sys
2010-06-24 12:22 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-13_01.54.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-21 18:30 . 2010-09-21 18:30 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat
+ 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2009-08-21 19:54 . 2010-09-15 02:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-21 19:54 . 2010-09-02 19:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-21 19:54 . 2010-09-15 02:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-08-21 19:54 . 2010-09-02 19:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-15 02:10 . 2010-09-15 02:10 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-21 19:54 . 2010-09-02 19:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-22 08:28 . 2010-09-16 04:46 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-04 00:56 . 2008-04-14 00:12 293376 c:\windows\system32\winsrv.dll
+ 2004-08-04 00:56 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2004-08-04 00:56 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-04 00:56 . 2008-04-14 00:12 406016 c:\windows\system32\usp10.dll
+ 2006-10-19 04:47 . 2010-03-30 18:24 317440 c:\windows\system32\mp4sdecd.dll
- 2006-10-19 04:47 . 2006-10-19 04:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2009-08-21 19:48 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll
+ 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2009-04-15 14:51 . 2010-07-22 15:49 590848 c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-03-30 18:24 . 2010-03-30 18:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2009-08-21 20:31 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-08-08 02:23 . 2010-09-15 02:10 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-08-08 02:23 . 2010-09-02 19:25 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-08-04 21:13 . 2010-08-04 21:13 686080 c:\windows\Installer\fe98dfb.msp
+ 2009-08-22 08:28 . 2010-09-16 04:46 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-02-23 05:41 . 2007-02-23 05:41 304544 c:\windows\Downloaded Program Files\MessengerStatsPAClient.dll
+ 2010-08-19 23:57 . 2010-08-19 23:57 3395584 c:\windows\Installer\fe98de5.msp
+ 2009-08-22 08:28 . 2010-09-16 04:46 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-08-22 08:28 . 2010-08-11 22:35 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-22 08:28 . 2010-09-16 04:46 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-21 21:10 . 2010-09-16 04:44 35552200 c:\windows\system32\MRT.exe
+ 2010-07-23 07:04 . 2010-07-23 07:04 11395072 c:\windows\Installer\fe98dcf.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-20 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-05 57344]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-20 18790432]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-04-02 75048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Tanya\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-21 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\John\\My Documents\\Software And Other Stuff\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\PS3 Media Server\\PMS.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"5001:TCP"= 5001:TCP:PS3MS
"6001:TCP"= 6001:TCP:PS3MS2

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/08/2010 4:08 PM 64288]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/05/28 11:41];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [02/04/2010 9:11 AM 87536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 2:55 AM 1355928]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21/08/2009 5:55 PM 10384]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 3:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 3:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 3:46 AM 72728]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [13/08/2010 4:08 PM 15008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27/05/2010 10:05 PM 1691480]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [24/06/2010 1:46 PM 28256]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [21/08/2009 5:51 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 3:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 3:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 3:46 AM 72728]
S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [12/01/2010 5:24 PM 217088]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [03/08/2004 6:56 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/09/2010 11:13 AM 691696]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 14:33]

2010-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{0CBA23D0-8960-4928-84AF-FA658558A6CA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2010-09-21 c:\windows\Tasks\User_Feed_Synchronization-{549F6B6A-BC80-49AA-9473-26FCEBA2B93A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\bsn7nwoc.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-21 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-09-21 12:45:49
ComboFix-quarantined-files.txt 2010-09-21 18:45
ComboFix2.txt 2010-09-13 01:56

Pre-Run: 806,621,757,440 bytes free
Post-Run: 806,639,579,136 bytes free

- - End Of File - - 5CB81C17D982BDE91A937DD6C1878735


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 21 September 2010 - 05:31 PM

Combofix is clean.

Are you still getting redirects? If so, in what browser(s) are these occurring?

Please also rerun TDSSKiller and we'll see if it's still flagging spdt
Posted Image
m0le is a proud member of UNITE

#10 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 21 September 2010 - 06:36 PM

Nope. Nada. Nothing. It's all fixed now. No more redirects or anything.
again. I appreciate your help. This was one that in my well read but under-educated experience, I could not solve.
I learned a lot through this. Much appreciated.


2010/09/21 17:33:01.0593 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/21 17:33:01.0593 ================================================================================
2010/09/21 17:33:01.0593 SystemInfo:
2010/09/21 17:33:01.0593
2010/09/21 17:33:01.0593 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/21 17:33:01.0593 Product type: Workstation
2010/09/21 17:33:01.0593 ComputerName: YOUR-037F4B307B
2010/09/21 17:33:01.0593 UserName: John
2010/09/21 17:33:01.0593 Windows directory: C:\WINDOWS
2010/09/21 17:33:01.0593 System windows directory: C:\WINDOWS
2010/09/21 17:33:01.0593 Processor architecture: Intel x86
2010/09/21 17:33:01.0593 Number of processors: 2
2010/09/21 17:33:01.0593 Page size: 0x1000
2010/09/21 17:33:01.0593 Boot type: Normal boot
2010/09/21 17:33:01.0593 ================================================================================
2010/09/21 17:33:01.0750 Initialize success
2010/09/21 17:33:10.0593 ================================================================================
2010/09/21 17:33:10.0593 Scan started
2010/09/21 17:33:10.0593 Mode: Manual;
2010/09/21 17:33:10.0593 ================================================================================
2010/09/21 17:33:10.0703 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/21 17:33:10.0734 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/21 17:33:10.0765 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/21 17:33:10.0812 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/21 17:33:10.0890 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\WINDOWS\system32\DRIVERS\Alpham1.sys
2010/09/21 17:33:10.0921 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\WINDOWS\system32\DRIVERS\Alpham2.sys
2010/09/21 17:33:10.0968 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/09/21 17:33:11.0015 appliand (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/09/21 17:33:11.0031 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32\DRIVERS\appliand.sys
2010/09/21 17:33:11.0046 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/21 17:33:11.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/21 17:33:11.0093 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/21 17:33:11.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/21 17:33:11.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/21 17:33:11.0171 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/09/21 17:33:11.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/21 17:33:11.0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/21 17:33:11.0359 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/21 17:33:11.0359 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/21 17:33:11.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/21 17:33:11.0453 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
2010/09/21 17:33:11.0468 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
2010/09/21 17:33:11.0515 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
2010/09/21 17:33:11.0546 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
2010/09/21 17:33:11.0562 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2010/09/21 17:33:11.0593 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
2010/09/21 17:33:11.0625 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
2010/09/21 17:33:11.0640 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
2010/09/21 17:33:11.0640 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
2010/09/21 17:33:11.0656 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2010/09/21 17:33:11.0671 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2010/09/21 17:33:11.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/21 17:33:11.0750 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/21 17:33:11.0750 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/21 17:33:11.0765 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/09/21 17:33:11.0781 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/21 17:33:11.0796 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/21 17:33:11.0812 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/21 17:33:11.0828 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/09/21 17:33:11.0843 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/21 17:33:11.0859 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/21 17:33:11.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/21 17:33:11.0906 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/21 17:33:11.0921 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/21 17:33:11.0953 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/21 17:33:11.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/21 17:33:11.0984 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/21 17:33:12.0000 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/21 17:33:12.0281 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
2010/09/21 17:33:12.0328 ezplay (73e701e0fa4d2fc7d22efceff276c50a) C:\WINDOWS\system32\Drivers\ezplay.sys
2010/09/21 17:33:12.0343 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/21 17:33:12.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/21 17:33:12.0375 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/21 17:33:12.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/21 17:33:12.0406 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/21 17:33:12.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/21 17:33:12.0421 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/21 17:33:12.0437 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/21 17:33:12.0453 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/21 17:33:12.0484 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
2010/09/21 17:33:12.0515 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/21 17:33:12.0562 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/21 17:33:12.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/21 17:33:12.0687 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/09/21 17:33:12.0718 IFP700 (7d19431e613a70262e5586fa76bb29f0) C:\WINDOWS\system32\drivers\ifp700.sys
2010/09/21 17:33:12.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/21 17:33:12.0875 IntcAzAudAddService (c42f37a1f345219b4888188bf297ddef) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/21 17:33:13.0000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/21 17:33:13.0015 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/21 17:33:13.0046 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/21 17:33:13.0062 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/21 17:33:13.0062 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/21 17:33:13.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/21 17:33:13.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/21 17:33:13.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/21 17:33:13.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/21 17:33:13.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/21 17:33:13.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/21 17:33:13.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/21 17:33:13.0234 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/21 17:33:13.0250 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/09/21 17:33:13.0281 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/09/21 17:33:13.0312 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/09/21 17:33:13.0312 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/09/21 17:33:13.0328 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/09/21 17:33:13.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/21 17:33:13.0390 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/21 17:33:13.0421 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/09/21 17:33:13.0468 motmodem (0064b0a000d87a79e01331b8ec5a5cab) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/09/21 17:33:13.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/21 17:33:13.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/21 17:33:13.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/21 17:33:13.0515 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/09/21 17:33:13.0531 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/21 17:33:13.0562 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/21 17:33:13.0578 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/21 17:33:13.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/21 17:33:13.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/21 17:33:13.0671 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/21 17:33:13.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/21 17:33:13.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/21 17:33:13.0703 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/21 17:33:13.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/21 17:33:13.0750 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/21 17:33:13.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/21 17:33:13.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/21 17:33:13.0765 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/21 17:33:13.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/21 17:33:13.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/21 17:33:13.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/21 17:33:13.0859 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/21 17:33:13.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/21 17:33:14.0125 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/21 17:33:14.0328 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/09/21 17:33:14.0343 nvgts (75e2e77c5497f34e60491d27bf03f1cb) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2010/09/21 17:33:14.0343 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/09/21 17:33:14.0375 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/21 17:33:14.0375 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/21 17:33:14.0406 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/21 17:33:14.0437 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\drivers\ctoss2k.sys
2010/09/21 17:33:14.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/21 17:33:14.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/21 17:33:14.0484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/21 17:33:14.0500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/21 17:33:14.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/21 17:33:14.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/21 17:33:14.0578 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/09/21 17:33:14.0656 PnkBstrK (db7f8840c92865ca6f3d2db063a5b999) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/09/21 17:33:14.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/21 17:33:14.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/21 17:33:14.0718 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/21 17:33:14.0734 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/21 17:33:14.0796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/21 17:33:14.0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/21 17:33:14.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/21 17:33:14.0828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/21 17:33:14.0875 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/21 17:33:14.0890 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/21 17:33:14.0906 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/21 17:33:14.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/21 17:33:14.0937 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/21 17:33:14.0984 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/21 17:33:15.0031 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/21 17:33:15.0062 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/21 17:33:15.0093 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/09/21 17:33:15.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/21 17:33:15.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/21 17:33:15.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/21 17:33:15.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/21 17:33:15.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/21 17:33:15.0359 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/21 17:33:15.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/21 17:33:15.0406 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/21 17:33:15.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/21 17:33:15.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/21 17:33:15.0546 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/21 17:33:15.0578 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/21 17:33:15.0609 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/21 17:33:15.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/21 17:33:15.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/21 17:33:15.0687 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/21 17:33:15.0734 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/21 17:33:15.0750 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/21 17:33:15.0781 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/21 17:33:15.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/21 17:33:15.0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/21 17:33:15.0828 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/21 17:33:15.0843 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/21 17:33:15.0906 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/21 17:33:15.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/21 17:33:15.0937 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/21 17:33:15.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/21 17:33:15.0984 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/21 17:33:16.0015 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/09/21 17:33:16.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/21 17:33:16.0125 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/21 17:33:16.0171 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/09/21 17:33:16.0203 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/21 17:33:16.0218 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/21 17:33:16.0265 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
2010/09/21 17:33:16.0281 ================================================================================
2010/09/21 17:33:16.0281 Scan finished
2010/09/21 17:33:16.0281 ================================================================================


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 21 September 2010 - 06:49 PM

Nearly there, please run an ESET scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#12 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 22 September 2010 - 12:37 AM

and this......one of them was legit but....

C:\Documents and Settings\John\Application Data\Sun\Java\Deployment\cache\6.0\48\3b356d70-4f1de3e1 a variant of Java/Exploit.Agent.W trojan deleted - quarantined
C:\Documents and Settings\John\My Documents\Software And Other Stuff\Adobe Acrobat Professional\ADOBE.ACROBAT-V9.0.PRO.EXTENDED.Keygen.Only-EDGE.rar probably a variant of Win32/Agent.DQPHVKD trojan deleted - quarantined

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 22 September 2010 - 05:05 AM

The second entry is the entry point for the virus, through an infected keygen.

The first is a Java cache entry, essentially a copy if malware cached by Java.

Drum roll please....


You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it tapdatast, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#14 tapdatast

tapdatast
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 22 September 2010 - 09:48 PM

Ok. I at one point thought the microsoft security essentials was a good one because it had a good rating. It also kept from slowing down my computer but I guess I will try out the avast or go back to the avira. Loved the avira but it was a little to glitchy when I wanted to visit certain....websites...lol.

Thought Ad-aware was good but then again. I will try the superantispyware.
I appreciate all you have done. Thank you.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:10 PM

Posted 27 September 2010 - 07:30 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users