Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google,firefox redirects, virus killing pc.


  • This topic is locked This topic is locked
12 replies to this topic

#1 computerstuck

computerstuck

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 28 March 2011 - 02:28 PM

I started with google redirecting me to other websites using firefox or internet explore. I tried using spybot but i didn't get anything. then i used malwarebytes and it got a rootkit, which was this c:\Users\Owner\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\NYVWWDYN\f4b43[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully. and its been taken care of.

Now, i am still having issues with the browsers, and i am getting the blue screen of death, when i load heavy stuff. like if i start doing a scan and browse the web with 5-6 pages opened or something using a lot of ram i guess you could say. it freezes before it shows the blue screen of death. and now when i start windows, i sometimes see some messages saying that something has changed, like priviliges or that something has been disabled. i feel that everyday it gets worse. please help me fix this as soon as possible before it gets to a major issue. I tried to run Gmer to post a log but when i run it, it starts scanning and in a while, i get the blue screen of death, sometimes when Gmer is scanning i get an error and then the blue screen. I already tried in safe mode, and same thing happened.

Also, all my other drives have been renamed "removable disk," although i dont remember them being named like that...

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 15:22:01.33 on Mon 03/28/2011
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_24
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.2942.1592 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ModPS2Key.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Download_Bho Class: {a986e409-30cc-4185-89bb-ab212c104524} - c:\program files\pplive\ppva\DownloaderManager.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [UUSeeMediaCenter] "c:\progra~1\common~1\uusee\UUSeeMediaCenter.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAyADMAMAAzADkANQA0ADAALQBUADUALQBVADgANQArADEALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAEYAUAA5ACsANgAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIA"&"prod=90"&"ver=9.0.872
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
IE: &AIM Toolbar Search
IE: E&xport to Microsoft Excel
IE: ʹUUSeeٲ - c:\program files\uusee\geturltoplay.htm
IE: ʹUUSee - c:\program files\uusee\geturltodown.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {998A88A0-A355-809B-831C-B83A80000992} - c:\program files\uusee\UUSeePlayer.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {25020D44-D4F4-4E4C-A6B8-FE4AC5523FA3} = 208.67.220.220,208.67.222.222
TCP: {31AEA551-5417-48F2-ADDF-42FB72A91D37} = 208.67.220.220,208.67.222.222
TCP: {857AD950-2001-4A75-90DA-39DA52F294AA} = 208.67.220.220,208.67.222.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8bzescwt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npuuseep.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\owner\appdata\roaming\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-30 28544]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2010-10-24 2404488]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-19 24652]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2007-10-19 401408]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S3 apf001;apf001;c:\program files\softnyx\rakionis\bin\apf001.sys [2010-6-28 10872]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 rak;rak;c:\windows\system32\rakion.sys [2009-11-29 60928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-25 27192]
.
=============== Created Last 30 ================
.
2011-03-13 16:47:52 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcF644.tmp
.
==================== Find3M ====================
.
2011-02-21 01:10:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 12:45:39 12920 ----a-w- c:\windows\system32\apl001.sys
2011-02-19 12:45:39 10872 ----a-w- c:\windows\system32\apf001.sys
2008-03-05 20:30:18 97288 ------w- c:\program files\DSETUP.dll
2008-03-05 20:30:18 527880 ------w- c:\program files\DXSETUP.exe
2008-03-05 20:30:18 1694728 ------w- c:\program files\dsetup32.dll
2005-07-23 21:20:20 638976 ----a-w- c:\program files\AutoClick.exe
2005-05-02 18:52:36 45056 ----a-w- c:\program files\AxInterop.SHDocVw.dll
2005-05-02 18:52:36 126976 ----a-w- c:\program files\Interop.SHDocVw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86F8CEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x862d9872; SUB DWORD [EBP-0x4], 0x862d912e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82027F3B] -> \Device\Harddisk0\DR0[0x86174440]
3 nt[0x820B07E2] -> ntkrnlpa!IofCallDriver[0x82027F3B] -> [0x844AB020]
5 acpi[0x8023232A] -> ntkrnlpa!IofCallDriver[0x82027F3B] -> [0x840CC830]
[0x851DAE30] -> IRP_MJ_CREATE -> 0x86F8CEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000067 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-22TMA#4&311ed49&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:24:34.00 ===============

i can't edit my post so i just wanted to add that when i turn on my pc, i see a message like this http://img217.imageshack.us/i/changei.jpg/


and also, i was finally to do a Gmer scan without it freezing, here it is.

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-29 21:16:41
Windows 6.0.6000 Harddisk0\DR0 -> \Device\00000032 WDC_WD50 rev.12.0
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kwrcapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8FEDB780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8FEDB830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8FEDB8D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8FEDB970]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E6E0340, 0x3DB197, 0xE8000020]
PAGE spsys.sys!?SPVersion@@3PADA + 1807 A26F603F 504 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1A00 A26F6238 434 Bytes [04, 3B, C1, 73, 05, 8B, 02, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB3 A26F63EB 120 Bytes [5D, 0C, EB, 03, 8B, 4D, 10, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1C2C A26F6464 1379 Bytes [8B, 4E, 10, 31, 4D, D4, 8B, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2190 A26F69C8 478 Bytes [87, 37, 0E, 00, 00, FF, 24, ...]
PAGE ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\nvstor32 -> DriverStartIo \Device\RaidPort0 86F73AEA

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\nvstor32 -> DriverStartIo \Device\RaidPort1 86F73AEA

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Device\00000067 -> \??\SCSI#Disk&Ven_WDC_WD50&Prod_00AAKS-22TMA#4&311ed49&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x03 0xCA 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0x23 0x4D 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x21 0x81 0x22 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0x03 0xCA 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBD 0x23 0x4D 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x21 0x81 0x22 0x6B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x17 0xD2 0x06 0xFD ...

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 30 March 2011 - 03:56 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 03 April 2011 - 09:00 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 computerstuck

computerstuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 03 April 2011 - 07:23 PM

only one report opened. the otl.txt is the only one i have.


OTL logfile created on: 4/3/2011 8:07:45 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.93 Gb Total Space | 278.70 Gb Free Space | 61.13% Space Free | Partition Type: NTFS
Drive D: | 9.83 Gb Total Space | 1.27 Gb Free Space | 12.92% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 20:06:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/04/02 13:33:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 18:46:06 | 000,271,408 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/01/05 14:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/15 14:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/07/28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2009/10/07 08:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/05/19 01:23:16 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/01/29 15:08:38 | 003,583,272 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/18 17:46:56 | 004,349,952 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/10/05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/04/03 20:06:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/07 18:48:18 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011/01/07 18:46:06 | 000,271,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/01/05 14:30:36 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/15 14:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/07/28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009/10/07 08:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/04/26 20:05:00 | 002,870,429 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/05/19 23:09:17 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 21:19:14 | 000,263,168 | ---- | M] (Ares Development Group) [On_Demand | Stopped] -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/02/21 10:19:22 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Softnyx\RakionIS\Bin\apf001.sys -- (apf001)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/22 15:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/12/20 18:41:02 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/14 18:48:09 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\rakion.sys -- (rak)
DRV - [2009/11/12 17:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\taphss.sys -- (taphss)
DRV - [2008/11/19 20:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/06/20 01:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/06 13:53:11 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/05/22 18:22:16 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/08/21 04:13:03 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007/04/08 23:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2007/01/27 21:21:00 | 000,101,160 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 15:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/09/07 16:29:44 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5472
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5472
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://127.0.0.1:10602/application.pac

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 09:31:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 13:33:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/02 13:33:17 | 000,000,000 | ---D | M]

[2008/11/16 21:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/04/02 13:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\extensions
[2011/02/20 01:11:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/01 20:54:12 | 000,000,000 | ---D | M] ("AIM Toolbar") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/08/31 14:49:27 | 000,000,000 | ---D | M] (Frequent Shopper Coupon Clipper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\extensions\CouponClipper@frequentshopper.msn.com
[2009/06/07 00:19:26 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\extensions\iaplayer@instantaction.com
[2009/07/01 20:54:15 | 000,004,207 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\searchplugins\aim-search.xml
[2008/07/15 01:54:38 | 000,004,431 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\searchplugins\scour---search-socially.xml
[2008/06/01 01:28:24 | 000,002,386 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8bzescwt.default\searchplugins\siteadvisor.xml
[2011/03/27 23:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/20 21:11:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/21 14:26:47 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
[2011/03/31 09:31:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/11/22 18:47:12 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\OWNER\APPDATA\ROAMING\MOVE NETWORKS
[2011/04/02 13:33:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/18 16:15:00 | 000,032,768 | ---- | M] (Xunlei Networking Technologies,LTD) -- C:\Program Files\Mozilla Firefox\plugins\npDapCtrlFirefox.dll
[2011/02/20 21:10:49 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/17 15:39:27 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2010/09/17 14:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npuuseep.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2011/04/02 13:33:07 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/22 17:05:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLive\PPVA\DownloaderManager.dll (PPLive Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKU\S-1-5-21-561803190-2091065021-3607023498-1000..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-561803190-2091065021-3607023498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: ʹUUSeeٲ - C:\Program Files\uusee\geturltoplay.htm ()
O8 - Extra context menu item: ʹUUSee - C:\Program Files\uusee\geturltodown.htm ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: UUSee - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : UUSee - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} http://dl.pplive.com/PluginSetup.cab (PPLive Lite Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img31.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BigFix - hkey= - key= - c:\program files\Bigfix\bigfix.exe (BigFix Inc.)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: EPSON Stylus CX7400 Series - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: PPAP - hkey= - key= - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
MsConfig - StartUpReg: PPLive - hkey= - key= - C:\Program Files\PPLive\PPLive.exe ( )
MsConfig - StartUpReg: PPLiveVA - hkey= - key= - C:\Program Files\PPLive\PPVA\PPLiveVA.exe (Synacast)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: UUSEE - hkey= - key= - C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe (UUSEE)
MsConfig - StartUpReg: UUSeeMediaCenter - hkey= - key= - C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe (UUSEE)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {355AD171-6294-4265-95EC-741E081E98F3} - Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9AD2FB23-AC50-435C-8ABC-8119D29CF0C1} - Update for Microsoft Visual Basic 2005 Express Edition - ENU (KB932232)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{03F5D01C-F7DB-4F1A-9389-BF06ECDE5D44} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 20:06:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/03/30 22:31:19 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe
[2008/11/04 23:32:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
[2008/03/05 16:30:18 | 001,694,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2008/03/05 16:30:18 | 000,527,880 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2008/03/05 16:30:18 | 000,097,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2005/07/23 17:20:20 | 000,638,976 | ---- | C] ( ) -- C:\Program Files\AutoClick.exe
[2005/05/02 14:52:36 | 000,126,976 | ---- | C] ( ) -- C:\Program Files\Interop.SHDocVw.dll
[2005/05/02 14:52:36 | 000,045,056 | ---- | C] ( ) -- C:\Program Files\AxInterop.SHDocVw.dll

========== Files - Modified Within 30 Days ==========

[2011/04/03 20:12:10 | 000,002,305 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/03 20:06:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/04/03 20:00:04 | 000,879,081 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2011/04/03 19:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/03 19:53:48 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 19:53:47 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 17:29:28 | 111,624,437 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/03 09:00:45 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/03 09:00:45 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/03 08:52:50 | 3085,426,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/01 00:23:04 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2011/03/30 21:32:18 | 306,666,507 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/30 15:53:10 | 002,314,627 | ---- | M] () -- C:\Users\Owner\Desktop\img202.jpg
[2011/03/29 15:42:19 | 000,136,429 | ---- | M] () -- C:\Users\Owner\Desktop\change.jpg
[2011/03/28 15:14:11 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Documents\dds.scr
[2011/03/28 01:46:37 | 000,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2011/03/27 23:45:29 | 000,173,680 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/03/27 12:24:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2011/04/03 20:00:03 | 000,879,081 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2011/04/02 13:33:20 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/30 15:51:05 | 002,314,627 | ---- | C] () -- C:\Users\Owner\Desktop\img202.jpg
[2011/03/29 15:42:19 | 000,136,429 | ---- | C] () -- C:\Users\Owner\Desktop\change.jpg
[2011/03/28 22:18:46 | 3085,426,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/28 15:14:11 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\dds.scr
[2011/03/27 23:45:29 | 000,173,680 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/03/27 12:24:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/09/16 00:32:26 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2010/06/28 22:46:53 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2010/06/28 22:46:53 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2010/06/22 16:47:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/22 16:47:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/22 16:47:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/22 16:47:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/22 16:47:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/15 23:05:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/15 23:03:30 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/04/04 23:01:04 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2009/12/25 14:48:51 | 000,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\Qnizabok.bin
[2009/12/25 14:48:50 | 000,000,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\Mjaseqov.dat
[2009/12/13 14:11:39 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2009/11/29 16:52:38 | 000,060,928 | ---- | C] () -- C:\Windows\System32\rakion.sys
[2009/11/06 07:29:28 | 000,073,344 | ---- | C] () -- C:\Windows\System32\gtapi_signed.dll
[2009/06/14 17:54:54 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2009/05/15 21:26:16 | 000,000,769 | ---- | C] () -- C:\Windows\FWUpgrade.ini
[2009/04/18 20:33:10 | 000,000,148 | ---- | C] () -- C:\Windows\kaillera.ini
[2009/02/04 05:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/04 23:33:47 | 000,000,668 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
[2008/11/04 23:32:13 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2008/11/04 23:32:13 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2008/11/04 01:20:27 | 000,000,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d8caps.dat
[2008/10/27 00:39:10 | 000,001,418 | ---- | C] () -- C:\Windows\System32\cid_store.dat
[2008/10/27 00:39:10 | 000,000,026 | ---- | C] () -- C:\Windows\System32\xlhcc.dat
[2008/10/27 00:38:22 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2008/09/06 22:42:28 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2008/06/22 10:09:43 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/06/05 22:03:48 | 000,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/05/30 22:12:52 | 000,000,766 | ---- | C] () -- C:\Windows\CoD.INI
[2008/05/28 01:33:41 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/05/28 01:33:41 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/05/28 01:33:41 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/05/28 01:33:41 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/05/28 01:33:41 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/05/28 01:33:41 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/05/28 01:33:41 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/05/28 01:33:41 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/05/28 01:33:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/05/28 01:33:41 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/05/28 01:33:41 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/05/28 01:33:41 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/05/28 01:33:41 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/05/28 01:33:41 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/05/28 01:33:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/05/28 01:33:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/05/28 01:32:36 | 000,000,079 | ---- | C] () -- C:\Windows\EPSCX7400.ini
[2008/05/19 22:33:56 | 000,033,280 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 16:30:20 | 001,805,306 | ---- | C] () -- C:\Program Files\NOV2007_d3dx9_36_x64.cab
[2008/03/05 16:30:20 | 001,773,110 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2008/03/05 16:30:20 | 001,712,608 | ---- | C] () -- C:\Program Files\NOV2007_d3dx9_36_x86.cab
[2008/03/05 16:30:20 | 001,446,530 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2008/03/05 16:30:20 | 001,413,862 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2008/03/05 16:30:20 | 001,128,177 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2008/03/05 16:30:20 | 000,867,848 | ---- | C] () -- C:\Program Files\NOV2007_d3dx10_36_x64.cab
[2008/03/05 16:30:20 | 000,807,132 | ---- | C] () -- C:\Program Files\NOV2007_d3dx10_36_x86.cab
[2008/03/05 16:30:20 | 000,254,442 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2008/03/05 16:30:20 | 000,229,498 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2008/03/05 16:30:20 | 000,200,010 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2008/03/05 16:30:20 | 000,183,321 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2008/03/05 16:30:20 | 000,151,512 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2008/03/05 16:30:20 | 000,138,977 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2008/03/05 16:30:20 | 000,125,584 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2008/03/05 16:30:20 | 000,096,982 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2008/03/05 16:30:20 | 000,086,925 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2008/03/05 16:30:20 | 000,058,306 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2008/03/05 16:30:20 | 000,049,392 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2008/03/05 16:30:20 | 000,046,247 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2008/03/05 16:30:20 | 000,025,115 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2008/03/05 16:30:20 | 000,021,744 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2008/03/05 16:30:18 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab
[2008/03/05 16:30:18 | 001,803,760 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2008/03/05 16:30:18 | 001,711,752 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2008/03/05 16:30:18 | 001,611,374 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2008/03/05 16:30:18 | 001,610,958 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2008/03/05 16:30:18 | 001,610,886 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2008/03/05 16:30:18 | 001,609,639 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2008/03/05 16:30:18 | 001,575,336 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2008/03/05 16:30:18 | 001,572,114 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2008/03/05 16:30:18 | 001,363,684 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2008/03/05 16:30:18 | 001,358,864 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2008/03/05 16:30:18 | 001,351,430 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2008/03/05 16:30:18 | 001,336,890 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2008/03/05 16:30:18 | 001,248,387 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2008/03/05 16:30:18 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab
[2008/03/05 16:30:18 | 001,085,608 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2008/03/05 16:30:18 | 001,080,344 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2008/03/05 16:30:18 | 001,078,532 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2008/03/05 16:30:18 | 001,065,813 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2008/03/05 16:30:18 | 001,014,113 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2008/03/05 16:30:18 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2008/03/05 16:30:18 | 000,855,886 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2008/03/05 16:30:18 | 000,848,132 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2008/03/05 16:30:18 | 000,821,508 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2008/03/05 16:30:18 | 000,800,467 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2008/03/05 16:30:18 | 000,702,644 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2008/03/05 16:30:18 | 000,702,212 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2008/03/05 16:30:18 | 000,702,072 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2008/03/05 16:30:18 | 000,699,465 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2008/03/05 16:30:18 | 000,213,767 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2008/03/05 16:30:18 | 000,201,696 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2008/03/05 16:30:18 | 000,200,722 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2008/03/05 16:30:18 | 000,199,366 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2008/03/05 16:30:18 | 000,198,275 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2008/03/05 16:30:18 | 000,193,435 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2008/03/05 16:30:18 | 000,192,680 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2008/03/05 16:30:18 | 000,183,863 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2008/03/05 16:30:18 | 000,181,745 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2008/03/05 16:30:18 | 000,179,247 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2008/03/05 16:30:18 | 000,156,612 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2008/03/05 16:30:18 | 000,156,509 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2008/03/05 16:30:18 | 000,154,825 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2008/03/05 16:30:18 | 000,151,583 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2008/03/05 16:30:18 | 000,146,559 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2008/03/05 16:30:18 | 000,138,195 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2008/03/05 16:30:18 | 000,134,631 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2008/03/05 16:30:18 | 000,133,991 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2008/03/05 16:30:18 | 000,133,297 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2008/03/05 16:30:18 | 000,100,417 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2008/03/05 16:30:18 | 000,097,396 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2008/03/05 16:30:18 | 000,088,102 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2008/03/05 16:30:18 | 000,087,989 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2008/03/05 16:30:18 | 000,056,902 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2008/03/05 16:30:18 | 000,047,596 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2008/03/05 16:30:18 | 000,047,018 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2008/03/05 16:30:18 | 000,046,898 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2008/03/05 16:30:16 | 004,163,518 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2008/03/05 16:30:16 | 001,398,718 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2008/03/05 16:30:16 | 001,348,242 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2008/03/05 16:30:16 | 001,116,109 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2008/03/05 16:30:16 | 001,079,850 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2008/03/05 16:30:16 | 000,917,318 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2008/03/05 16:30:16 | 000,180,021 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2007/10/19 15:36:23 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
[2007/10/19 15:24:17 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2007/10/19 15:24:17 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/10/19 15:24:17 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2007/10/19 15:24:17 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,381,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,618,410 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,818 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/13 07:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2005/06/19 13:21:42 | 000,010,743 | ---- | C] () -- C:\Program Files\SURF-EULA.rtf
[2005/06/10 23:35:16 | 000,005,968 | ---- | C] () -- C:\Program Files\cyruslogix.jpg
[2005/06/05 14:57:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\libm4isomedia.dll
[2005/06/05 14:56:08 | 001,971,447 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2005/06/05 14:56:08 | 000,311,258 | ---- | C] () -- C:\Windows\System32\avformat.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/09/18 04:49:52 | 000,061,440 | ---- | M] (TENCENT) -- C:\ChatRoom.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/19 23:12:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/19 23:12:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\System32\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度地址栏

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Owner\Desktop\Zatch Bell - 075 - Free Yourself From a Thousand Years of Pain {C_P}.avi:TOC.WMV

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 04 April 2011 - 07:26 AM

Hi,

did TDSSKiller take care of the infection? How is your PC currently doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 computerstuck

computerstuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 April 2011 - 04:32 PM

TDSSKiller seems to have taken care of it. but i feel the computer is a bit slow, maybe because of all the years i have had it for. but besides deleting cookies, temporary files, the usual. i want to check to see if there are programs that are running but i dont use anymore. I already checked the uninstalling thing and msconfig startup, is there anything else? also, somethings when i am loading something, it freezes and then it crashes and shows me the blue screen. sometimes it just freezes and goes back to normal.

Edited by computerstuck, 04 April 2011 - 04:33 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 05 April 2011 - 06:28 AM

Hi,

there is a number of utilities on your PC that could be considered unwanted programs: HotSpot, uuSee and Viewpoint, for example.

If you really use those, keep them, if you don't I would remove them.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 computerstuck

computerstuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 April 2011 - 02:21 PM

i use those. also the redirecting thing came back yesterday but i fixed it with TDSSKILLER, but maybe it will come back again?. i just thought i should let you know. also, i was told that i had panda scan booting up in the system, i dont use that but i did once because i was asked to scan something. its not in the program list so i can't unistall it and i dont know where to find it. any ideas? or do you know of anything else running like that that i maybe dont need?

Edited by computerstuck, 05 April 2011 - 02:22 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 05 April 2011 - 02:40 PM

Hi,

can you post the tdsskiller log please.

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 computerstuck

computerstuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 05 April 2011 - 09:19 PM

I guess this is what you want?

2011/04/04 23:18:15.0634 4800 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 23:18:16.0083 4800 ================================================================================
2011/04/04 23:18:16.0083 4800 SystemInfo:
2011/04/04 23:18:16.0084 4800
2011/04/04 23:18:16.0084 4800 OS Version: 6.0.6000 ServicePack: 0.0
2011/04/04 23:18:16.0084 4800 Product type: Workstation
2011/04/04 23:18:16.0084 4800 ComputerName: OWNER-PC
2011/04/04 23:18:16.0084 4800 UserName: Owner
2011/04/04 23:18:16.0084 4800 Windows directory: C:\Windows
2011/04/04 23:18:16.0084 4800 System windows directory: C:\Windows
2011/04/04 23:18:16.0084 4800 Processor architecture: Intel x86
2011/04/04 23:18:16.0084 4800 Number of processors: 2
2011/04/04 23:18:16.0084 4800 Page size: 0x1000
2011/04/04 23:18:16.0084 4800 Boot type: Normal boot
2011/04/04 23:18:16.0084 4800 ================================================================================
2011/04/04 23:18:16.0475 4800 Initialize success
2011/04/04 23:18:17.0774 5624 ================================================================================
2011/04/04 23:18:17.0775 5624 Scan started
2011/04/04 23:18:17.0775 5624 Mode: Manual;
2011/04/04 23:18:17.0775 5624 ================================================================================
2011/04/04 23:18:22.0196 5624 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2011/04/04 23:18:22.0251 5624 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/04/04 23:18:22.0300 5624 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/04 23:18:22.0328 5624 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/04 23:18:22.0361 5624 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/04 23:18:22.0381 5624 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/04 23:18:22.0462 5624 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/04/04 23:18:22.0546 5624 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/04 23:18:22.0612 5624 AgereSoftModem (2e3abaacbf547abbb5e73a504a56d05a) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/04 23:18:22.0697 5624 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/04 23:18:22.0752 5624 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/04 23:18:22.0790 5624 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/04 23:18:22.0823 5624 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/04 23:18:22.0842 5624 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/04 23:18:22.0868 5624 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/04 23:18:22.0908 5624 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/04 23:18:23.0006 5624 apf001 (0bf848f3cdd883843769a9070f55a023) C:\Program Files\Softnyx\RakionIS\Bin\apf001.sys
2011/04/04 23:18:23.0056 5624 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/04 23:18:23.0081 5624 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/04 23:18:23.0118 5624 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/04 23:18:23.0167 5624 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/04/04 23:18:23.0240 5624 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys
2011/04/04 23:18:23.0330 5624 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/04/04 23:18:23.0359 5624 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/04/04 23:18:23.0386 5624 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/04/04 23:18:23.0409 5624 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/04/04 23:18:23.0463 5624 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/04/04 23:18:23.0519 5624 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/04/04 23:18:23.0563 5624 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/04/04 23:18:23.0595 5624 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/04/04 23:18:23.0679 5624 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/04/04 23:18:23.0722 5624 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/04 23:18:23.0821 5624 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/04 23:18:23.0844 5624 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/04 23:18:23.0867 5624 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/04 23:18:23.0913 5624 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/04 23:18:23.0933 5624 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/04 23:18:23.0956 5624 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/04 23:18:23.0978 5624 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/04 23:18:24.0001 5624 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/04 23:18:24.0072 5624 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/04 23:18:24.0128 5624 Cdr4_xp (814acb9b8a55804d9878248b3c79f862) C:\Windows\system32\drivers\Cdr4_xp.sys
2011/04/04 23:18:24.0153 5624 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
2011/04/04 23:18:24.0174 5624 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/04 23:18:24.0232 5624 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/04 23:18:24.0287 5624 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/04/04 23:18:24.0317 5624 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/04 23:18:24.0340 5624 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/04 23:18:24.0380 5624 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/04 23:18:24.0409 5624 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/04 23:18:24.0433 5624 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/04 23:18:24.0498 5624 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/04 23:18:24.0545 5624 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/04 23:18:24.0595 5624 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/04 23:18:24.0839 5624 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/04 23:18:24.0914 5624 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/04 23:18:25.0009 5624 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/04 23:18:25.0076 5624 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/04 23:18:25.0138 5624 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/04 23:18:25.0157 5624 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/04 23:18:25.0204 5624 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/04 23:18:25.0221 5624 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/04 23:18:25.0257 5624 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/04 23:18:25.0276 5624 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/04 23:18:25.0325 5624 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/04 23:18:25.0358 5624 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/04 23:18:25.0424 5624 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/04/04 23:18:25.0483 5624 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/04 23:18:25.0535 5624 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/04 23:18:25.0570 5624 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/04 23:18:25.0587 5624 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/04 23:18:25.0632 5624 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/04 23:18:25.0701 5624 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/04 23:18:25.0755 5624 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/04/04 23:18:25.0858 5624 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2011/04/04 23:18:25.0937 5624 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/04 23:18:25.0964 5624 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/04 23:18:26.0054 5624 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/04/04 23:18:26.0104 5624 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/04 23:18:26.0170 5624 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/04 23:18:26.0276 5624 IntcAzAudAddService (721b1a0434647418f98d034bebd4b4db) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/04 23:18:26.0341 5624 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/04 23:18:26.0367 5624 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/04 23:18:26.0414 5624 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/04 23:18:26.0474 5624 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/04 23:18:26.0501 5624 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/04 23:18:26.0525 5624 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/04 23:18:26.0547 5624 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/04 23:18:26.0587 5624 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/04 23:18:26.0605 5624 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/04 23:18:26.0631 5624 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/04 23:18:26.0686 5624 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/04 23:18:26.0734 5624 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/04 23:18:26.0816 5624 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/04 23:18:26.0929 5624 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/04 23:18:26.0979 5624 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/04 23:18:26.0997 5624 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/04 23:18:27.0036 5624 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/04 23:18:27.0071 5624 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/04 23:18:27.0096 5624 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/04 23:18:27.0141 5624 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/04 23:18:27.0210 5624 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/04 23:18:27.0235 5624 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/04 23:18:27.0273 5624 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/04 23:18:27.0296 5624 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/04 23:18:27.0336 5624 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/04 23:18:27.0385 5624 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/04 23:18:27.0413 5624 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/04 23:18:27.0449 5624 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/04/04 23:18:27.0505 5624 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/04 23:18:27.0563 5624 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/04 23:18:27.0601 5624 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/04 23:18:27.0630 5624 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/04 23:18:27.0769 5624 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/04 23:18:27.0833 5624 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/04 23:18:27.0862 5624 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/04 23:18:27.0907 5624 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/04 23:18:27.0930 5624 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/04 23:18:27.0966 5624 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/04 23:18:28.0008 5624 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/04 23:18:28.0042 5624 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/04 23:18:28.0068 5624 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/04 23:18:28.0099 5624 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/04 23:18:28.0179 5624 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/04 23:18:28.0252 5624 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/04 23:18:28.0322 5624 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/04 23:18:28.0350 5624 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/04 23:18:28.0382 5624 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/04 23:18:28.0432 5624 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/04/04 23:18:28.0454 5624 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/04 23:18:28.0483 5624 netbt (fe8c67c71e3f5dcc00082cf01d701f86) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 23:18:28.0485 5624 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: fe8c67c71e3f5dcc00082cf01d701f86, Fake md5: f1ea7a9b6deeb41c19ba6f9271d6fb81
2011/04/04 23:18:28.0494 5624 netbt - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/04 23:18:28.0625 5624 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/04/04 23:18:29.0123 5624 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/04 23:18:29.0152 5624 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/04 23:18:29.0266 5624 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/04 23:18:29.0349 5624 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/04/04 23:18:29.0406 5624 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/04 23:18:29.0440 5624 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/04 23:18:29.0665 5624 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/04 23:18:30.0503 5624 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/04 23:18:30.0537 5624 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/04 23:18:30.0577 5624 nvstor32 (4a9a6368bef61c9608fe7cc21b1f8886) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/04/04 23:18:30.0612 5624 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/04 23:18:30.0834 5624 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/04 23:18:30.0929 5624 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
2011/04/04 23:18:30.0948 5624 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/04 23:18:30.0976 5624 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/04 23:18:31.0033 5624 pavboot (210a628a0d7b3f45257850efbff27538) C:\Windows\system32\drivers\pavboot.sys
2011/04/04 23:18:31.0065 5624 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/04 23:18:31.0113 5624 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/04/04 23:18:31.0150 5624 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/04 23:18:31.0198 5624 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/04 23:18:31.0250 5624 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/04 23:18:31.0372 5624 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
2011/04/04 23:18:31.0424 5624 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/04 23:18:31.0457 5624 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/04 23:18:31.0539 5624 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/04 23:18:31.0605 5624 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/04 23:18:31.0804 5624 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/04 23:18:31.0919 5624 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/04 23:18:31.0987 5624 rak (5805322e2e4212d0bef79dad873f38bc) C:\Windows\system32\rakion.sys
2011/04/04 23:18:32.0016 5624 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/04 23:18:32.0052 5624 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/04 23:18:32.0086 5624 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/04 23:18:32.0120 5624 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/04 23:18:32.0148 5624 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/04 23:18:32.0199 5624 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/04 23:18:32.0241 5624 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/04 23:18:32.0273 5624 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/04 23:18:32.0358 5624 Revoflt (3b590b5c0ca39850568eea283ca98eac) C:\Windows\system32\DRIVERS\revoflt.sys
2011/04/04 23:18:32.0402 5624 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/04 23:18:32.0435 5624 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/04 23:18:32.0514 5624 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/04 23:18:32.0553 5624 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/04 23:18:32.0594 5624 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/04 23:18:32.0624 5624 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
2011/04/04 23:18:32.0779 5624 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/04/04 23:18:32.0859 5624 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/04 23:18:32.0894 5624 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/04 23:18:32.0915 5624 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/04 23:18:32.0937 5624 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/04 23:18:32.0971 5624 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/04 23:18:32.0993 5624 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/04 23:18:33.0025 5624 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/04 23:18:33.0073 5624 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/04 23:18:33.0123 5624 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/04 23:18:33.0201 5624 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/04/04 23:18:33.0273 5624 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2011/04/04 23:18:33.0315 5624 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/04 23:18:33.0358 5624 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/04 23:18:33.0416 5624 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
2011/04/04 23:18:33.0503 5624 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
2011/04/04 23:18:33.0554 5624 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
2011/04/04 23:18:33.0615 5624 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/04/04 23:18:33.0666 5624 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/04 23:18:33.0788 5624 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/04 23:18:33.0811 5624 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/04 23:18:33.0837 5624 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/04 23:18:33.0937 5624 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/04 23:18:33.0991 5624 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/04/04 23:18:34.0075 5624 Tcpip (8734bd051ffdcbf8425cf222141c3741) C:\Windows\system32\drivers\tcpip.sys
2011/04/04 23:18:34.0136 5624 Tcpip6 (8734bd051ffdcbf8425cf222141c3741) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/04 23:18:34.0177 5624 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/04 23:18:34.0216 5624 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/04 23:18:34.0237 5624 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/04 23:18:34.0280 5624 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/04 23:18:34.0317 5624 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/04 23:18:34.0381 5624 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/04 23:18:34.0440 5624 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/04 23:18:34.0465 5624 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/04 23:18:34.0489 5624 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/04 23:18:34.0535 5624 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/04 23:18:34.0588 5624 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/04 23:18:34.0623 5624 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/04 23:18:34.0728 5624 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/04 23:18:34.0831 5624 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/04 23:18:34.0856 5624 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/04 23:18:34.0925 5624 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/04 23:18:34.0968 5624 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/04 23:18:35.0008 5624 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/04 23:18:35.0033 5624 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/04 23:18:35.0054 5624 usbohci (4f8dd5c9b756efce251784d6ac63e4ab) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/04 23:18:35.0080 5624 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/04 23:18:35.0119 5624 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/04 23:18:35.0167 5624 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/04 23:18:35.0204 5624 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/04 23:18:35.0252 5624 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/04 23:18:35.0280 5624 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/04 23:18:35.0301 5624 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/04 23:18:35.0324 5624 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/04 23:18:35.0347 5624 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/04 23:18:35.0391 5624 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/04 23:18:35.0416 5624 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/04 23:18:35.0473 5624 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/04/04 23:18:35.0516 5624 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/04 23:18:35.0557 5624 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/04 23:18:35.0615 5624 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 23:18:35.0634 5624 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 23:18:35.0808 5624 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/04 23:18:35.0895 5624 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/04 23:18:36.0036 5624 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/04 23:18:36.0093 5624 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/04 23:18:36.0171 5624 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/04 23:18:36.0242 5624 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/04 23:18:36.0309 5624 ================================================================================
2011/04/04 23:18:36.0309 5624 Scan finished
2011/04/04 23:18:36.0309 5624 ================================================================================
2011/04/04 23:18:36.0330 4124 Detected object count: 1
2011/04/04 23:23:58.0339 4124 netbt (fe8c67c71e3f5dcc00082cf01d701f86) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 23:23:58.0339 4124 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: fe8c67c71e3f5dcc00082cf01d701f86, Fake md5: f1ea7a9b6deeb41c19ba6f9271d6fb81
2011/04/04 23:24:03.0284 4124 Backup copy found, using it..
2011/04/04 23:24:03.0456 4124 C:\Windows\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/04/04 23:24:03.0456 4124 Rootkit.Win32.TDSS.tdl3(netbt) - User select action: Cure
2011/04/04 23:24:10.0772 2632 Deinitialize success

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 06 April 2011 - 06:07 AM

Hi,
please reboot your PC and let me know how it's doing.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 computerstuck

computerstuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 15 April 2011 - 07:30 PM

it looks normal again. do you see any programs running at reboot that i may not see in msconfig?

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 19 April 2011 - 04:53 AM

Hi,

I see some things, like the UUSee videoplayer, that are considered borderline malware. Please also runa scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:17 PM

Posted 01 May 2011 - 08:24 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users