Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojandownloader win32:unruy.H


  • This topic is locked This topic is locked
4 replies to this topic

#1 sociallyinept

sociallyinept

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 12 April 2011 - 01:48 AM

Hello all :)

About a day ago I was using Google Chrome when it inexplicably stopped loading any pages including history, options etc. Used the --no-sandbox method, which basically removes the sandbox feature in chrome and used chrome for a while. When I restarted my computer, blank windows kept popping up and closing immediately, and windows blocked several startup programs like googleupdate.exe, DivXupdate.exe, Egisupdate.exe. I am not sure these processes are authentic, I have ended them but they reappear immediately on task manager.

After a while windows defender showed me a warning that the Trojandownloader win32:unruy.H was detected and asked me to remove it. I clicked remove all but it obviously did nothing because it kept on reappearing every couple of minutes. I deleted my entire browsing history and temporary files including Java but theres no difference. When I go to processes under task manager I see lots of iexplorer.exe and chrome.exe processes running, when I end them they simply reappear. Up till now I have had 2 pop ups via internet explorer even when I was not using the browser. I also got a couple of BSODs yesterday.

I read in another thread on your forum that ESET online scan works well with this, so I ran it and followed all instructions, the following is the log file from that -


C:\Program Files\Childish Things\International Cricket Captain 2010\Cricket.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU8GGFTL\install.48208[1].exe Win32/TrojanDownloader.FakeAlert.BBT trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Temp\syncupdtr.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\19a918c0-2ddc269c multiple threats deleted - quarantined
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\339aa645-6f8d3729 multiple threats deleted - quarantined
C:\Users\user\Documents\Games\ICC 2010\International Cricket Captain (2010) [Pc Game] [full version] by Hunck.rar NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Users\user\Documents\Games\ICC 2010\International.Cricket.Captain.2010.RIP-Unleashed\Unleashed\Cricket.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan deleted - quarantined
C:\Users\user\Documents\Games\International_Cricket_Captain_2008-Razor1911\rzr-inc8.iso Win32/Agent.NIB trojan deleted - quarantined
C:\Users\user\Downloads\XDelBox\quarantine\winsystem.exe a variant of Win32/Kryptik.BNE trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe a variant of Win32/Kryptik.MMN trojan cleaned by deleting - quarantined
C:\Windows\Temp\csrss.exe a variant of Win32/Kryptik.MMN trojan cleaned by deleting - quarantined
C:\Windows\Temp\grpconva.exe a variant of Win32/Kryptik.MLM trojan cleaned by deleting - quarantined
C:\Windows\Temp\hss_update.exe a variant of Win32/HotSpotShield application deleted - quarantined




Restarted my PC and the same windows defender alert came up together with all the old problems. Only one thing that happened was chrome started working without the no sandbox fix.

I also read somewhere to use TDSSKiller and I did. Heres the log -



2011/04/12 14:34:27.0990 4024 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 14:34:28.0900 4024 ================================================================================
2011/04/12 14:34:28.0900 4024 SystemInfo:
2011/04/12 14:34:28.0900 4024
2011/04/12 14:34:28.0900 4024 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/12 14:34:28.0900 4024 Product type: Workstation
2011/04/12 14:34:28.0900 4024 ComputerName: USER-PC
2011/04/12 14:34:28.0901 4024 UserName: user
2011/04/12 14:34:28.0901 4024 Windows directory: C:\Windows
2011/04/12 14:34:28.0901 4024 System windows directory: C:\Windows
2011/04/12 14:34:28.0901 4024 Processor architecture: Intel x86
2011/04/12 14:34:28.0901 4024 Number of processors: 2
2011/04/12 14:34:28.0901 4024 Page size: 0x1000
2011/04/12 14:34:28.0901 4024 Boot type: Normal boot
2011/04/12 14:34:28.0901 4024 ================================================================================
2011/04/12 14:34:29.0657 4024 Initialize success
2011/04/12 14:34:37.0174 2800 ================================================================================
2011/04/12 14:34:37.0174 2800 Scan started
2011/04/12 14:34:37.0174 2800 Mode: Manual;
2011/04/12 14:34:37.0174 2800 ================================================================================
2011/04/12 14:34:37.0580 2800 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/12 14:34:37.0810 2800 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 14:34:37.0908 2800 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 14:34:37.0964 2800 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 14:34:38.0017 2800 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 14:34:38.0157 2800 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/12 14:34:38.0304 2800 AgereSoftModem (724262247645120a28c2743b7278a91a) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/12 14:34:38.0473 2800 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 14:34:38.0568 2800 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 14:34:38.0652 2800 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 14:34:38.0715 2800 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 14:34:38.0746 2800 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/12 14:34:38.0777 2800 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 14:34:38.0824 2800 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/12 14:34:38.0902 2800 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 14:34:38.0949 2800 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 14:34:39.0042 2800 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 14:34:39.0105 2800 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/12 14:34:39.0341 2800 athr (d6ed40129c5f70a7485185bab27b8330) C:\Windows\system32\DRIVERS\athr.sys
2011/04/12 14:34:39.0547 2800 ATSWPDRV (73742099982cf514512e1941f2862c33) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/04/12 14:34:39.0756 2800 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 14:34:39.0959 2800 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 14:34:40.0059 2800 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 14:34:40.0110 2800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 14:34:40.0185 2800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 14:34:40.0294 2800 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 14:34:40.0403 2800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 14:34:40.0465 2800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 14:34:40.0512 2800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/12 14:34:40.0607 2800 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/12 14:34:40.0686 2800 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/12 14:34:40.0807 2800 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/12 14:34:40.0910 2800 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/12 14:34:40.0957 2800 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/12 14:34:41.0149 2800 btwaudio (f97a9c093e79bf117d9f26f2d31dca5e) C:\Windows\system32\drivers\btwaudio.sys
2011/04/12 14:34:41.0188 2800 btwavdt (143c4c1ee6d131eca8b4ab5f80b3f910) C:\Windows\system32\drivers\btwavdt.sys
2011/04/12 14:34:41.0237 2800 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/12 14:34:41.0280 2800 btwrchid (97cf6c5d3b443344497f1f53e5d0ed50) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/12 14:34:41.0339 2800 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 14:34:41.0484 2800 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 14:34:41.0573 2800 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 14:34:41.0648 2800 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/12 14:34:41.0854 2800 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/12 14:34:41.0932 2800 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 14:34:41.0963 2800 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/12 14:34:42.0088 2800 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/04/12 14:34:42.0150 2800 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 14:34:42.0213 2800 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 14:34:42.0260 2800 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 14:34:42.0398 2800 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/12 14:34:42.0514 2800 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/04/12 14:34:42.0648 2800 DPMemGridVista (2b3d2909393a3e35f930b78c5f260a2a) C:\Program Files\GridVista\DPMemGridVista.sys
2011/04/12 14:34:42.0686 2800 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/04/12 14:34:42.0803 2800 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 14:34:42.0958 2800 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 14:34:43.0032 2800 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 14:34:43.0298 2800 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/12 14:34:43.0392 2800 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 14:34:43.0485 2800 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 14:34:43.0641 2800 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/12 14:34:43.0735 2800 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 14:34:43.0797 2800 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 14:34:43.0814 2800 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 14:34:43.0865 2800 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 14:34:43.0914 2800 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 14:34:43.0998 2800 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 14:34:44.0159 2800 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/04/12 14:34:44.0277 2800 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 14:34:44.0347 2800 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 14:34:44.0729 2800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/12 14:34:45.0056 2800 hamachi (d30b31375c40309425c21efe75db90bb) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/12 14:34:45.0134 2800 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 14:34:45.0243 2800 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 14:34:45.0486 2800 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 14:34:45.0819 2800 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 14:34:46.0068 2800 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 14:34:46.0209 2800 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 14:34:46.0408 2800 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/04/12 14:34:46.0683 2800 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 14:34:46.0808 2800 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 14:34:46.0855 2800 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 14:34:46.0980 2800 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/12 14:34:47.0034 2800 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 14:34:47.0090 2800 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 14:34:47.0453 2800 IntcAzAudAddService (02e184ddf8285021c3ae30dd3e5858ed) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 14:34:47.0582 2800 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 14:34:47.0661 2800 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 14:34:47.0779 2800 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 14:34:47.0933 2800 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 14:34:48.0014 2800 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 14:34:48.0213 2800 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 14:34:48.0369 2800 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 14:34:48.0478 2800 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 14:34:48.0540 2800 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 14:34:48.0556 2800 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 14:34:48.0604 2800 JMCR (ddc2f92e0b24999d69b75307e2499095) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/12 14:34:48.0706 2800 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 14:34:48.0877 2800 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/12 14:34:48.0994 2800 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 14:34:49.0101 2800 L1C (846b4d86677fa6627fa531484f58a643) C:\Windows\system32\DRIVERS\L1C60x86.sys
2011/04/12 14:34:49.0227 2800 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 14:34:49.0271 2800 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 14:34:49.0311 2800 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 14:34:49.0346 2800 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 14:34:49.0390 2800 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 14:34:49.0661 2800 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 14:34:49.0724 2800 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 14:34:49.0786 2800 Mkd2kfNt (6f4d79ea861137ef2f9078e265c2aa83) C:\Windows\system32\drivers\Mkd2kfNt.sys
2011/04/12 14:34:49.0895 2800 Mkd2Nadr (fe7925784f6801e983b41ec118ef62ac) C:\Windows\system32\drivers\Mkd2Nadr.sys
2011/04/12 14:34:50.0004 2800 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 14:34:50.0098 2800 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 14:34:50.0160 2800 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 14:34:50.0193 2800 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 14:34:50.0229 2800 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 14:34:50.0277 2800 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 14:34:50.0356 2800 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 14:34:50.0445 2800 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 14:34:50.0509 2800 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 14:34:50.0571 2800 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 14:34:50.0609 2800 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 14:34:50.0681 2800 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 14:34:50.0856 2800 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/12 14:34:50.0919 2800 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 14:34:50.0965 2800 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 14:34:51.0027 2800 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 14:34:51.0077 2800 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 14:34:51.0182 2800 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 14:34:51.0217 2800 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 14:34:51.0259 2800 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 14:34:51.0304 2800 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 14:34:51.0377 2800 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 14:34:51.0481 2800 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 14:34:51.0559 2800 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/04/12 14:34:51.0683 2800 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/04/12 14:34:51.0762 2800 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/04/12 14:34:51.0877 2800 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 14:34:51.0939 2800 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/12 14:34:51.0988 2800 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 14:34:52.0015 2800 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 14:34:52.0071 2800 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 14:34:52.0093 2800 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 14:34:52.0165 2800 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
2011/04/12 14:34:52.0215 2800 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 14:34:52.0272 2800 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 14:34:52.0648 2800 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/12 14:34:52.0755 2800 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 14:34:52.0839 2800 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 14:34:52.0883 2800 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/04/12 14:34:52.0919 2800 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 14:34:53.0016 2800 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 14:34:53.0192 2800 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
2011/04/12 14:34:53.0270 2800 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 14:34:53.0319 2800 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 14:34:53.0370 2800 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/12 14:34:54.0411 2800 nvlddmkm (7faa756fefdd371745c88f8ae3141f0f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 14:34:54.0771 2800 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 14:34:54.0880 2800 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 14:34:54.0989 2800 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 14:34:55.0209 2800 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/12 14:34:55.0284 2800 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/12 14:34:55.0385 2800 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 14:34:55.0497 2800 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/12 14:34:55.0657 2800 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/12 14:34:55.0771 2800 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/12 14:34:55.0870 2800 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 14:34:56.0061 2800 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 14:34:56.0221 2800 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 14:34:56.0314 2800 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/12 14:34:56.0408 2800 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 14:34:56.0501 2800 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/12 14:34:56.0642 2800 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 14:34:56.0686 2800 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 14:34:56.0720 2800 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 14:34:56.0745 2800 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 14:34:56.0773 2800 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 14:34:56.0807 2800 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 14:34:56.0845 2800 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 14:34:56.0916 2800 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 14:34:56.0950 2800 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 14:34:57.0011 2800 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 14:34:57.0031 2800 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 14:34:57.0093 2800 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 14:34:57.0149 2800 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/12 14:34:57.0239 2800 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 14:34:57.0288 2800 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 14:34:57.0494 2800 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/12 14:34:57.0571 2800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 14:34:57.0665 2800 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/12 14:34:57.0758 2800 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/12 14:34:57.0836 2800 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 14:34:57.0883 2800 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 14:34:57.0914 2800 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 14:34:57.0961 2800 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 14:34:58.0023 2800 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 14:34:58.0055 2800 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 14:34:58.0133 2800 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 14:34:58.0289 2800 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 14:34:58.0359 2800 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 14:34:58.0397 2800 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 14:34:58.0478 2800 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/12 14:34:58.0478 2800 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/12 14:34:58.0502 2800 sptd - detected Locked file (1)
2011/04/12 14:34:58.0619 2800 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 14:34:58.0711 2800 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 14:34:58.0773 2800 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 14:34:58.0852 2800 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 14:34:58.0889 2800 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 14:34:58.0940 2800 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 14:34:58.0998 2800 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 14:34:59.0059 2800 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/12 14:34:59.0119 2800 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/04/12 14:34:59.0195 2800 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 14:34:59.0250 2800 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 14:34:59.0296 2800 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 14:34:59.0351 2800 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 14:34:59.0443 2800 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 14:34:59.0515 2800 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 14:34:59.0590 2800 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 14:34:59.0675 2800 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 14:34:59.0712 2800 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 14:34:59.0904 2800 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 14:34:59.0964 2800 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 14:35:00.0008 2800 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
2011/04/12 14:35:00.0066 2800 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 14:35:00.0133 2800 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 14:35:00.0246 2800 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 14:35:00.0377 2800 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 14:35:00.0439 2800 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 14:35:00.0491 2800 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 14:35:00.0559 2800 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/12 14:35:00.0584 2800 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 14:35:00.0638 2800 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 14:35:00.0709 2800 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 14:35:00.0774 2800 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 14:35:00.0838 2800 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/12 14:35:00.0925 2800 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 14:35:01.0034 2800 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 14:35:01.0143 2800 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 14:35:01.0174 2800 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 14:35:01.0205 2800 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/12 14:35:01.0243 2800 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 14:35:01.0281 2800 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 14:35:01.0379 2800 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 14:35:01.0421 2800 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 14:35:01.0514 2800 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 14:35:01.0556 2800 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 14:35:01.0628 2800 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 14:35:01.0701 2800 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 14:35:01.0828 2800 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 14:35:01.0924 2800 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 14:35:01.0974 2800 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 14:35:01.0996 2800 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 14:35:02.0052 2800 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 14:35:02.0110 2800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 14:35:02.0238 2800 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\Windows\system32\drivers\windrvr6.sys
2011/04/12 14:35:02.0336 2800 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/12 14:35:02.0437 2800 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/12 14:35:02.0531 2800 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 14:35:02.0749 2800 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 14:35:02.0936 2800 ================================================================================
2011/04/12 14:35:02.0936 2800 Scan finished
2011/04/12 14:35:02.0936 2800 ================================================================================
2011/04/12 14:35:02.0936 4932 Detected object count: 1
2011/04/12 14:35:06.0371 4932 Locked file(sptd) - User select action: Skip




As of now, about 12 hours after the ESET scan and right after the TDSS one, the problem still persists. I have attached all the logs as the sticky guide to posting malware problems suggested.


DDS LOG


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 14:10:23.32 on Tue 12/04/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3069.1841 [GMT 8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Windows\runservice.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray .exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl .exe
C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Lexmark Pro200-S500 Series\ezprint .exe
C:\Program Files\Lexmark Pro200-S500 Series\lxebmon .exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.ask.com/?o=15183&l=dis
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&m=aspire_4736&r=2v3508098915l03f4zql5t47j2x27q
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&m=aspire_4736&r=2v3508098915l03f4zql5t47j2x27q
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&m=aspire_4736&r=2v3508098915l03f4zql5t47j2x27q
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-7825349359-6393860164-794283295-2654\winsystem.exe,Explorer.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Microsoft Driver Setup] c:\windows\WindowsUpdate.exe
mExplorerRun: [Microsoft Driver Setup] c:\windows\WindowsUpdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\i1p43nmt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\gridvista\DPMemGridVista.sys [2009-7-25 10504]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-5 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-5 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-5 59952]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-30 21992]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-7-25 707104]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2011-4-8 2560]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-15 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-7-2 62208]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-18 144640]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-25 112992]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-9-4 53248]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2010-11-23 98984]
S2 SCardSvrPNRPAutoReg;Smart Card SCardSvrPNRPAutoReg;c:\windows\system32\adsntg.exe srv --> c:\windows\system32\adsntg.exe srv [?]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-27 29472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-1-6 36608]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-10-24 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-10-24 79360]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-18 50432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-12 05:32:13 -------- d-----w- C:\TDSSKiller_Quarantine
2011-04-11 12:12:26 -------- d-----w- c:\program files\ESET
2011-04-11 11:37:46 146434 ----a-w- c:\progra~2\cY1532y3.exe
2011-04-11 11:36:03 -------- d-----w- c:\users\user\appdata\local\{921F4BDD-5D99-4594-B816-99D63A341388}
2011-04-10 13:15:12 -------- d--h--w- C:\$AVG
2011-04-10 13:06:33 -------- d-----w- c:\users\user\appdata\roaming\AVG10
2011-04-10 13:05:40 -------- d--h--w- c:\progra~2\Common Files
2011-04-10 13:04:45 -------- d-----w- c:\progra~2\AVG10
2011-04-10 13:04:04 -------- d-----w- c:\program files\AVG
2011-04-10 12:58:05 -------- d-----w- c:\progra~2\MFAData
2011-04-10 10:45:00 -------- d-----w- c:\users\user\appdata\local\{FF5E53A8-E92C-433C-9342-EB70FD98F664}
2011-04-10 09:17:46 67584 ----a-w- c:\windows\system\rog.exe
2011-04-10 08:00:36 67588 --sh--r- c:\windows\WindowsUpdate.exe
2011-04-10 08:00:36 55296 --sha-r- c:\windows\WindowsUpdate .exe
2011-04-09 10:36:05 -------- d-----w- c:\users\user\appdata\local\{640F660F-554C-4CC5-9A32-80F92F92BE37}
2011-04-08 22:35:31 -------- d-----w- c:\users\user\appdata\local\{55FAE138-90C2-4E0C-A9A7-9DA2611666DE}
2011-04-08 12:12:44 -------- d-----w- c:\users\user\appdata\roaming\Childish Things
2011-04-08 12:11:04 126976 ----a-w- c:\windows\lcmmfu.cpl
2011-04-08 12:11:03 673 --sha-w- c:\windows\system32\mmf.sys
2011-04-08 12:11:01 48640 ----a-w- c:\windows\mmfs.dll
2011-04-08 12:11:01 2560 ----a-w- c:\windows\Runservice.exe
2011-04-08 12:09:52 348160 ----a-w- c:\windows\msvcr71.dll
2011-04-08 12:09:47 -------- d-----w- c:\program files\Childish Things
2011-04-08 10:39:29 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3be65adf-9d4c-43d3-9033-5c6299be84ea}\mpengine.dll
2011-04-08 10:35:08 -------- d-----w- c:\users\user\appdata\local\{3ACB8BFA-50AA-46B0-9AFF-AAD05ABEA037}
2011-04-07 12:09:12 -------- d-----w- c:\users\user\appdata\local\{3A25C577-D9E5-4754-B798-569BAA53CD2A}
2011-04-06 10:11:58 -------- d-----w- c:\users\user\appdata\local\{FD897E99-5B4C-4EC5-9495-0C954118C0FD}
2011-04-05 08:01:59 -------- d-----w- c:\users\user\appdata\local\{711EF9AA-3401-48F9-8D43-108264A04A01}
2011-04-04 12:00:07 -------- d-----w- c:\users\user\appdata\local\{3C0FBBA8-18D6-4D09-B0D1-33751B0EE09D}
2011-04-03 07:43:49 -------- d-----w- c:\users\user\appdata\local\{138E4FC6-0A1B-4630-9889-B844DAB49179}
2011-04-02 19:43:16 -------- d-----w- c:\users\user\appdata\local\{79EFDB20-55AF-4F41-B6DD-055A48D3E46B}
2011-04-01 12:46:46 -------- d-----w- c:\users\user\appdata\local\{9EA8058E-50E6-4251-A2A0-CF595193354B}
2011-03-31 12:47:30 -------- d-----w- c:\users\user\appdata\local\{174929FE-9DFC-4C28-BBD9-FA400660804F}
2011-03-23 14:37:52 57436 ----a-w- c:\windows\DASShp.dll
2011-03-23 14:37:52 217174 ----a-w- c:\program files\common files\microsoft shared\cleartype\ctras.dll
2011-03-23 14:37:52 -------- d-----w- c:\program files\Microsoft Reader
2011-03-23 08:51:23 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 08:51:22 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 08:51:22 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-20 13:47:34 -------- d-----w- c:\users\user\appdata\local\Imation
2011-03-14 13:23:41 -------- d-----w- c:\program files\iPod
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-03-14 13:21:36 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-02-25 16:34:09 1761264 ----a-w- c:\windows\system32\GoogleInput_hi.ime
2011-02-18 08:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 13:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 10:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 14:11:20.33 ===============

Thanks in advance! :)

Attached Files


Edited by sociallyinept, 12 April 2011 - 01:57 AM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 19 April 2011 - 03:52 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 sociallyinept

sociallyinept
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 22 April 2011 - 05:44 AM

Hi, Sorry but I currently do not have time to carry out these steps. I will try to do it within the next few days, sorry about this ST.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 22 April 2011 - 02:29 PM

Okay. Thanks for letting me know, if your thread gets closed by accident, please send me a PM and I'll re-open it.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:53 AM

Posted 03 May 2011 - 03:31 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users