Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads, and script errors galore!


  • This topic is locked This topic is locked
17 replies to this topic

#1 XT-Wax

XT-Wax

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 April 2011 - 04:27 PM

I too am having these same ads.. I have tried Malawarebytes, spybot, housecall, windows defender, (microsoft security essentials wont open), hijack this and adaware. None found anything except cookies. Please help.

Here are my reports.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:27 PM, on 4/27/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\n52te\n52teHid.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\n52te\n52teTra.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Electronic Arts\EADM\EADMUI.exe"
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Reboot.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6982 bytes

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista . (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 3.6.16 (en-US)
.
A:\  [Removable]
C:\  [Fixed-NTFS] .. ( Total:111 Go - Free:39 Go )
D:\  [CD_Rom]
E:\  [Fixed-NTFS] .. ( Total:111 Go - Free:105 Go )
F:\  [Removable]
.
Scan : 17:05.01
Path : C:\Users\Chris\Desktop\Rooter.exe
User : Chris ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (380)
______ C:\Windows\system32\csrss.exe (448)
______ C:\Windows\system32\wininit.exe (492)
______ C:\Windows\system32\services.exe (564)
______ C:\Windows\system32\lsass.exe (584)
______ C:\Windows\system32\lsm.exe (592)
______ C:\Windows\system32\svchost.exe (756)
______ C:\Windows\system32\svchost.exe (812)
______ C:\Windows\System32\svchost.exe (848)
______ C:\Windows\System32\svchost.exe (936)
______ C:\Windows\system32\svchost.exe (968)
______ C:\Windows\System32\svchost.exe (1012)
______ C:\Windows\system32\svchost.exe (1064)
______ C:\Windows\system32\svchost.exe (1080)
______ C:\Windows\system32\svchost.exe (1240)
______ C:\Windows\system32\svchost.exe (1332)
______ C:\Windows\system32\csrss.exe (1024)
______ C:\Windows\system32\winlogon.exe (1284)
______ C:\Windows\Explorer.EXE (1516)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (1168)
______ C:\Windows\system32\wbem\unsecapp.exe (2008)
______ C:\Windows\system32\wbem\wmiprvse.exe (908)
______ C:\Program Files\Windows Defender\MSASCui.exe (424)
______ C:\Program Files\Mozilla Firefox\firefox.exe (884)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (1628)
______ C:\Users\Chris\Desktop\Rooter.exe (1972)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:120031543296)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:05.02
.
C:\Rooter$\Rooter_2.txt - (27/04/2011 | 17:05.02)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6459

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

4/27/2011 4:09:50 PM
mbam-log-2011-04-27 (16-09-50).txt

Scan type: Quick scan
Objects scanned: 165584
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 27 April 2011 - 04:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a64bit machine please run the following tool and post its log.

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 XT-Wax

XT-Wax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 April 2011 - 08:38 PM

Ok.. here are these..

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 3/4/2010 10:35:47 AM
System Uptime: 4/27/2011 5:55:16 PM (4 hours ago)
.
Motherboard: ECS |  | P45T-A
Processor: Intel(R) Core(TM)2 Duo CPU     E8400  @ 3.00GHz | CPU 1 | 3003/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 33.229 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 112 GiB total, 105.105 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP507: 4/27/2011 5:13:03 PM - Installed HiJackThis
RP508: 4/27/2011 5:37:45 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP510: 4/27/2011 6:01:00 PM - StopZILLA! Restore Point.
RP511: 4/27/2011 6:25:24 PM - Removed RingtoneJunkiez Desktop
RP512: 4/27/2011 8:32:50 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
AppInventor Setup
Ask Toolbar
Battlefield 2142
Battlefield Heroes
Battlefield Play4Free
Battlefield: Bad Company 2
Call of Duty 4: Modern Warfare
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
CCleaner
Core Temp version 0.99.8
CPUID CPU-Z 1.57
Crimson Editor SVN286
D3DX10
Download Manager 2.3.10
EA Download Manager
FileZilla Client 3.3.5.1
GameTracker Lite
GIMP 2.6.10
Glary Utilities 2.33.0.1158
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.16)
MSVCRT
n52te Editor
Nostromo Array Programming Software
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 270.61
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.1.34
NVIDIA Update Components
OpenOffice.org 3.2
PunkBuster for Joint Operations: Typhoon Rising
PunkBuster Services
Ralink Wireless LAN
Realtek High Definition Audio Driver
SAMSUNG Android USB Modem Software
Samsung Universal Print Driver
SamsungSimpleDL
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Segoe UI
Steam
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
Team Fortress 2 Beta
TeamSpeak 3 Client
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
4/27/2011 8:33:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
4/27/2011 8:21:03 AM, Error: Microsoft-Windows-ResourcePublication [1002]  - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish.  Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
4/27/2011 8:20:49 AM, Error: EventLog [6008]  - The previous system shutdown at 8:05:46 AM on 4/27/2011 was unexpected.
4/27/2011 6:00:08 PM, Error: Microsoft-Windows-WMPNSS-Service [14344]  - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
4/27/2011 5:59:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/27/2011 5:59:13 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/27/2011 5:59:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/27/2011 5:57:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
4/27/2011 5:57:47 PM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/27/2011 5:57:27 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  is3srv
4/27/2011 5:02:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/27/2011 4:57:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
4/27/2011 4:43:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/27/2011 4:43:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/27/2011 4:43:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/27/2011 4:43:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/27/2011 4:43:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/27/2011 4:43:03 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  spldr Wanarpv6
4/27/2011 4:43:03 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
4/27/2011 4:42:05 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048]  - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
4/27/2011 4:42:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
4/27/2011 4:16:02 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
4/27/2011 4:16:02 PM, Error: disk [11]  - The driver detected a controller error on \Device\Harddisk0\DR0.
4/27/2011 4:10:50 PM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.  	Signatures Attempted: Current  	Error Code: 0x8050a001  	Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.   	Signatures loading: Backup  	Loading signature version: 1.95.191.0  	Loading engine version: 1.1.6301.0
4/27/2011 3:52:26 PM, Error: Service Control Manager [7034]  - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/27/2011 3:51:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Security Essentials - KB2267621.
4/27/2011 3:31:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Malicious Software Removal Tool - April 2011 (KB890830).
4/27/2011 3:31:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Vista (KB2522422).
4/27/2011 3:31:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows Vista (KB2492386).
4/27/2011 3:30:52 PM, Error: Service Control Manager [7031]  - The Windows Mobile 2003-based device connectivity service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 3:30:52 PM, Error: Service Control Manager [7031]  - The Windows Mobile-based device connectivity service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/27/2011 3:30:49 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:  A system shutdown has already been scheduled.
4/27/2011 3:30:49 PM, Error: Service Control Manager [7031]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/27/2011 3:30:49 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/26/2011 7:20:47 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
4/26/2011 7:20:47 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/24/2011 2:39:39 PM, Error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/24/2011 2:21:18 PM, Error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
4/23/2011 8:03:44 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 8:03:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/23/2011 8:03:00 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/23/2011 7:58:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error:  A device attached to the system is not functioning.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/23/2011 7:58:54 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/23/2011 6:59:25 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
4/23/2011 6:58:56 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error:  An instance of the service is already running.
4/23/2011 10:22:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  MpFilter spldr Wanarpv6
4/22/2011 8:25:36 AM, Error: EventLog [6008]  - The previous system shutdown at 8:04:15 AM on 4/22/2011 was unexpected.
4/22/2011 7:01:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.75 for the Network Card with network address 0021970161B0 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
4/22/2011 6:59:08 AM, Error: volsnap [20]  - The shadow copies of volume C: were aborted because of a failed free space computation.
4/21/2011 9:41:51 AM, Error: EventLog [6008]  - The previous system shutdown at 9:39:31 AM on 4/21/2011 was unexpected.
.
==== End Of File ===========================

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-27 21:36:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3120811AS rev.3.AAE
Running: z7cppmkl.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fxldapoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\drivers\szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)                       ZwTerminateProcess [0x83DCE496]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!KeInsertQueue + 811                                                                                      830BAE08 3 Bytes  [96, E4, DC] {XCHG ESI, EAX; IN AL, 0xdc}
.reloc          C:\Windows\system32\drivers\PnkBstrK.sys                                                                              section is executable [0xA0779000, 0x18FEC, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[3468] WININET.dll!HttpAddRequestHeadersA                                                      76FF1B9C 5 Bytes  JMP 009818D5 
.text           C:\Windows\Explorer.EXE[3468] WININET.dll!HttpAddRequestHeadersW                                                      7703F7A8 5 Bytes  JMP 00981A9D 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:280]                                                                                                        87242E7A
Thread          System [4:284]                                                                                                        87245008

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@Type                                                                  16
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@Start                                                                 2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@ErrorControl                                                          1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@ImagePath                                                             "C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe"
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@DisplayName                                                           STOPzilla Service
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@Group                                                                 Event Log
Reg             HKLM\SYSTEM\CurrentControlSet\Services\szserver@ObjectName                                                            LocalSystem
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1243971789-2364332720-643868777-1000@RefCount  11

---- EOF - GMER 1.0.15 ----

Edited by XT-Wax, 28 April 2011 - 05:56 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 27 April 2011 - 10:27 PM

Hello XT-Wax,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDSSkilerr log
Combofix.txt
Can you Burn CD's and have access to a USB FLASH DRIVE?
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 XT-Wax

XT-Wax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 April 2011 - 01:03 PM

ok.. here are ComboFix and TDDSKiller logs.


ComboFix 11-04-27.03 - Chris 04/28/2011   7:12.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3326.2517 [GMT -4:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected 
Restored copy from - Kitty had a snack <img src='http://www.bleepingcomputer.com/forums/public/style_emoticons/<#EMO_DIR#>/tongue.gif' class='bbc_emoticon' alt=':P' /> 
.
(((((((((((((((((((((((((   Files Created from 2011-03-28 to 2011-04-28  )))))))))))))))))))))))))))))))
.
.
2011-04-28 11:20 . 2011-04-28 11:20	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2011-04-28 01:45 . 2011-04-26 00:00	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-04-28 01:45 . 2011-04-28 01:45	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-04-28 01:43 . 2011-04-28 01:43	--------	d-----w-	c:\users\Chris\AppData\Local\Sunbelt Software
2011-04-28 01:42 . 2011-04-28 01:42	--------	dc-h--w-	c:\programdata\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-04-28 01:41 . 2011-04-28 01:43	--------	d-----w-	c:\programdata\Lavasoft
2011-04-28 01:41 . 2011-04-28 01:41	--------	d-----w-	c:\program files\Lavasoft
2011-04-28 00:35 . 2011-04-28 00:35	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-04-28 00:35 . 2011-04-28 00:35	--------	d-----w-	c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2011-04-28 00:34 . 2011-04-28 00:35	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-04-27 22:15 . 2011-04-27 22:15	100480	----a-w-	C:\fxldapoc.sys
2011-04-27 21:50 . 2011-04-27 21:50	--------	d-----w-	c:\users\Chris\AppData\Roaming\GlarySoft
2011-04-27 21:49 . 2011-04-27 21:49	--------	d-----w-	c:\program files\CCleaner
2011-04-27 21:48 . 2011-04-27 21:48	--------	d-----w-	c:\program files\Ask.com
2011-04-27 21:48 . 2011-04-27 21:48	--------	d-----w-	c:\program files\Glary Utilities
2011-04-27 21:38 . 2011-04-28 00:34	--------	d-----w-	c:\programdata\STOPzilla!
2011-04-27 21:16 . 2011-04-27 21:16	388096	----a-r-	c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-27 21:16 . 2011-04-27 21:16	--------	d-----w-	c:\program files\Trend Micro
2011-04-27 21:02 . 2011-04-27 21:05	--------	d-----w-	C:\Rooter$
2011-04-27 20:24 . 2011-04-18 13:15	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4825C78C-55A0-4B24-9B29-5F665B5140E9}\mpengine.dll
2011-04-27 20:05 . 2011-04-27 20:05	--------	d-----w-	c:\windows\en
2011-04-27 20:04 . 2010-09-23 04:21	39272	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2011-04-27 20:03 . 2011-04-27 20:03	--------	d-----w-	c:\users\Chris\AppData\Roaming\Malwarebytes
2011-04-27 20:02 . 2011-04-27 20:02	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-27 20:02 . 2010-12-20 22:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 20:02 . 2011-04-27 20:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-27 20:01 . 2011-04-27 20:01	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2011-04-27 19:58 . 2011-04-27 19:58	--------	d-----w-	c:\windows\PCHEALTH
2011-04-27 19:57 . 2011-04-27 20:06	--------	d-----w-	c:\program files\Windows Live
2011-04-27 19:56 . 2011-04-27 19:57	--------	d-----w-	c:\program files\Microsoft
2011-04-27 19:54 . 2011-04-27 19:54	--------	d-----w-	c:\users\Chris\AppData\Local\Windows Live
2011-04-27 19:54 . 2011-04-27 19:54	--------	d-----w-	c:\program files\Common Files\Windows Live
2011-04-27 19:53 . 2009-08-04 08:02	754688	----a-w-	c:\windows\system32\webservices.dll
2011-04-27 19:53 . 2011-04-28 11:06	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-04-27 19:51 . 2009-06-03 23:56	675152	----a-w-	c:\windows\system32\gpprefcl.dll
2011-04-27 11:47 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 11:47 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 11:47 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-24 01:44 . 2011-04-24 02:18	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-24 01:44 . 2011-04-24 01:52	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-21 23:01 . 2011-04-24 19:27	--------	d-----w-	c:\program files\Core Temp
2011-04-21 22:41 . 2011-04-24 19:27	--------	d-----w-	c:\users\UpdatusUser
2011-04-21 22:39 . 2011-04-08 05:14	944232	----a-w-	c:\windows\system32\nvdispco3220140.dll
2011-04-21 22:39 . 2011-04-08 05:14	855656	----a-w-	c:\windows\system32\nvgenco322060.dll
2011-04-21 22:39 . 2011-04-08 05:14	6299752	----a-w-	c:\windows\system32\nvwgf2um.dll
2011-04-21 22:39 . 2011-04-08 05:14	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-04-21 22:39 . 2011-04-08 05:14	5180824	----a-w-	c:\windows\system32\nvcuda.dll
2011-04-21 22:39 . 2011-04-08 05:14	2765928	----a-w-	c:\windows\system32\nvcuvid.dll
2011-04-21 22:39 . 2011-04-08 05:14	2074216	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-04-21 22:39 . 2011-04-08 05:14	15227496	----a-w-	c:\windows\system32\nvoglv32.dll
2011-04-21 22:39 . 2011-04-08 05:14	13007464	----a-w-	c:\windows\system32\nvcompiler.dll
2011-04-21 22:39 . 2011-04-08 05:14	10690024	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-04-21 22:39 . 2011-04-08 05:14	10071656	----a-w-	c:\windows\system32\nvd3dum.dll
2011-04-10 22:13 . 2011-04-10 22:13	--------	d-----w-	c:\program files\CPUID
2011-04-10 22:13 . 2011-01-19 21:47	22504	----a-w-	c:\windows\system32\drivers\cpuz135_x32.sys
2011-04-08 02:45 . 2011-04-08 02:45	580200	----a-w-	c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:45 . 2011-04-08 02:45	612456	----a-w-	c:\windows\system32\nvvsvc.exe
2011-04-08 02:45 . 2011-04-08 02:45	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-04-08 02:44 . 2011-04-08 02:44	3701352	----a-w-	c:\windows\system32\nvcpl.dll
2011-04-08 02:44 . 2011-04-08 02:44	2565224	----a-w-	c:\windows\system32\nvsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 22:45 . 2010-04-26 23:41	140360	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-04-27 22:45 . 2010-04-27 00:51	281208	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-04-27 22:45 . 2010-04-26 23:41	281208	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-04-27 20:28 . 2010-04-26 23:41	281208	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-04-27 19:57 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-08 05:14 . 2011-04-21 22:39	10920	----a-w-	c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2007-04-26 08:17	2034280	----a-w-	c:\windows\system32\nvapi.dll
2011-03-03 15:40 . 2011-04-27 11:47	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 11:47	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 11:47	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 11:47	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 13:23	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 13:23	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 13:23	797696	----a-w-	c:\windows\system32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44	1400712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Electronic Arts\EADM\EADMUI.exe" [2011-04-03 11857920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Jomantha"="c:\program files\n52te\n52teHid.exe" [2008-06-13 159744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2010-3-8 1560576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Loadout Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Loadout Manager.lnk
backup=c:\windows\pss\Loadout Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18	1103216	----a-w-	c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2009-09-04 30240]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-07-23 22821]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 JTRUX86;Driver for Jastec RU Touch Screen Controller;c:\windows\system32\Drivers\JTRUX86.sys [2008-04-17 35496]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-26 15232]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 131888]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2009-09-11 90240]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2009-09-11 14976]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2009-09-11 121856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-26 64512]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2010-04-14 1648480]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-04-26 2146496]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S3 JmtFltr;n52te;c:\windows\system32\Drivers\JmtFltr.sys [2007-09-27 48896]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 494368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 15:37]
.
2011-04-28 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-04-27 21:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ambi4qbe.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.xtsquad.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 07:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-28  07:23:11
ComboFix-quarantined-files.txt  2011-04-28 11:23
.
Pre-Run: 33,910,059,008 bytes free
Post-Run: 33,864,626,176 bytes free
.
- - End Of File - - 7DD824A6F895E2497E08208AE1030B0C

2011/04/28 14:00:54.0384 3012	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 14:00:54.0823 3012	================================================================================
2011/04/28 14:00:54.0823 3012	SystemInfo:
2011/04/28 14:00:54.0823 3012	
2011/04/28 14:00:54.0823 3012	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/28 14:00:54.0823 3012	Product type: Workstation
2011/04/28 14:00:54.0823 3012	ComputerName: DESKTOP
2011/04/28 14:00:54.0823 3012	UserName: Chris
2011/04/28 14:00:54.0823 3012	Windows directory: C:\Windows
2011/04/28 14:00:54.0823 3012	System windows directory: C:\Windows
2011/04/28 14:00:54.0823 3012	Processor architecture: Intel x86
2011/04/28 14:00:54.0823 3012	Number of processors: 2
2011/04/28 14:00:54.0823 3012	Page size: 0x1000
2011/04/28 14:00:54.0823 3012	Boot type: Normal boot
2011/04/28 14:00:54.0823 3012	================================================================================
2011/04/28 14:00:55.0061 3012	Initialize success
2011/04/28 14:00:59.0012 3164	================================================================================
2011/04/28 14:00:59.0012 3164	Scan started
2011/04/28 14:00:59.0012 3164	Mode: Manual; 
2011/04/28 14:00:59.0012 3164	================================================================================
2011/04/28 14:00:59.0859 3164	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/28 14:00:59.0920 3164	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/28 14:00:59.0984 3164	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/28 14:01:00.0059 3164	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/28 14:01:00.0125 3164	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/28 14:01:00.0205 3164	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/28 14:01:00.0278 3164	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/28 14:01:00.0318 3164	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/28 14:01:00.0373 3164	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/28 14:01:00.0421 3164	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/28 14:01:00.0456 3164	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/28 14:01:00.0692 3164	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/28 14:01:00.0758 3164	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/28 14:01:00.0861 3164	androidusb      (93340c395a2b0470cdf7038c808d4881) C:\Windows\system32\Drivers\ssadadb.sys
2011/04/28 14:01:00.0926 3164	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/28 14:01:00.0978 3164	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/28 14:01:01.0073 3164	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/28 14:01:01.0132 3164	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/28 14:01:01.0218 3164	bcgame          (694a022f3ca43ba0a75ab85a7223cf6c) C:\Windows\system32\drivers\bcgame.sys
2011/04/28 14:01:01.0275 3164	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/28 14:01:01.0356 3164	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/28 14:01:01.0428 3164	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/28 14:01:01.0458 3164	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/28 14:01:01.0538 3164	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/28 14:01:01.0589 3164	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/28 14:01:01.0635 3164	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/28 14:01:01.0647 3164	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/28 14:01:01.0695 3164	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/28 14:01:01.0980 3164	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/28 14:01:02.0015 3164	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/28 14:01:02.0260 3164	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/28 14:01:02.0370 3164	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/28 14:01:02.0483 3164	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/28 14:01:02.0525 3164	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/28 14:01:02.0540 3164	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/28 14:01:02.0588 3164	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/28 14:01:02.0645 3164	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/28 14:01:02.0710 3164	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/28 14:01:02.0883 3164	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/28 14:01:02.0967 3164	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/28 14:01:03.0104 3164	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/28 14:01:03.0181 3164	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/28 14:01:03.0275 3164	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/28 14:01:03.0424 3164	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/28 14:01:03.0516 3164	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/28 14:01:03.0571 3164	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/28 14:01:03.0636 3164	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/28 14:01:03.0686 3164	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/28 14:01:03.0733 3164	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/28 14:01:03.0769 3164	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/28 14:01:03.0816 3164	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/28 14:01:03.0964 3164	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/28 14:01:04.0009 3164	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/28 14:01:04.0070 3164	fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/28 14:01:04.0147 3164	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/28 14:01:04.0229 3164	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/28 14:01:04.0288 3164	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/28 14:01:04.0341 3164	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/28 14:01:04.0369 3164	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/28 14:01:04.0429 3164	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/28 14:01:04.0471 3164	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/28 14:01:04.0520 3164	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/28 14:01:04.0548 3164	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/28 14:01:04.0617 3164	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/28 14:01:04.0648 3164	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/28 14:01:04.0680 3164	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/28 14:01:04.0827 3164	IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/28 14:01:04.0940 3164	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/28 14:01:04.0989 3164	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/28 14:01:05.0095 3164	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/28 14:01:05.0144 3164	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/28 14:01:05.0182 3164	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/28 14:01:05.0265 3164	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/28 14:01:05.0306 3164	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/28 14:01:05.0485 3164	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/28 14:01:05.0605 3164	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/28 14:01:05.0692 3164	JmtFltr         (78cc22326e584d2c02e1ab8b38dbb00f) C:\Windows\system32\Drivers\JmtFltr.sys
2011/04/28 14:01:05.0760 3164	JTRUX86         (040e4835284c4ecdc2036106dfbe0f2c) C:\Windows\system32\Drivers\JTRUX86.sys
2011/04/28 14:01:05.0804 3164	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/28 14:01:05.0896 3164	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/28 14:01:06.0034 3164	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/28 14:01:06.0149 3164	L1E             (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/04/28 14:01:06.0347 3164	Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/04/28 14:01:06.0473 3164	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/28 14:01:06.0523 3164	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/28 14:01:06.0594 3164	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/28 14:01:06.0635 3164	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/28 14:01:06.0692 3164	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/28 14:01:06.0762 3164	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/28 14:01:06.0796 3164	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/28 14:01:06.0863 3164	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/28 14:01:06.0906 3164	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/28 14:01:06.0946 3164	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/28 14:01:06.0968 3164	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/28 14:01:07.0021 3164	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/28 14:01:07.0064 3164	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/28 14:01:07.0105 3164	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/28 14:01:07.0155 3164	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/28 14:01:07.0204 3164	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/28 14:01:07.0242 3164	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/28 14:01:07.0264 3164	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/28 14:01:07.0541 3164	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/28 14:01:07.0912 3164	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/28 14:01:07.0967 3164	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/28 14:01:08.0007 3164	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/28 14:01:08.0078 3164	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/28 14:01:08.0118 3164	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/28 14:01:08.0195 3164	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/28 14:01:08.0546 3164	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/28 14:01:08.0607 3164	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/28 14:01:08.0651 3164	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/28 14:01:08.0678 3164	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/28 14:01:08.0717 3164	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/28 14:01:08.0809 3164	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/28 14:01:08.0882 3164	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/28 14:01:08.0958 3164	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/28 14:01:08.0991 3164	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/28 14:01:09.0047 3164	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/28 14:01:09.0082 3164	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/28 14:01:09.0152 3164	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/28 14:01:09.0187 3164	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/28 14:01:09.0394 3164	netr73          (7df0c8cb171e8d6e3f36421055ff5639) C:\Windows\system32\DRIVERS\netr73.sys
2011/04/28 14:01:09.0595 3164	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/28 14:01:09.0671 3164	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/28 14:01:09.0716 3164	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/28 14:01:09.0785 3164	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/28 14:01:09.0840 3164	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/28 14:01:09.0895 3164	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/28 14:01:10.0168 3164	nvlddmkm        (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/28 14:01:10.0292 3164	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/28 14:01:10.0350 3164	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/28 14:01:10.0427 3164	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/28 14:01:10.0508 3164	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/28 14:01:10.0723 3164	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/28 14:01:10.0770 3164	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/28 14:01:10.0799 3164	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/28 14:01:10.0846 3164	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/28 14:01:10.0914 3164	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/28 14:01:10.0942 3164	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/28 14:01:11.0013 3164	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/28 14:01:11.0121 3164	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/28 14:01:11.0151 3164	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/28 14:01:11.0195 3164	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/28 14:01:11.0288 3164	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/28 14:01:11.0341 3164	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/28 14:01:11.0380 3164	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/28 14:01:11.0462 3164	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/28 14:01:11.0499 3164	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/28 14:01:11.0542 3164	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/28 14:01:11.0592 3164	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/28 14:01:11.0650 3164	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/28 14:01:11.0713 3164	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/28 14:01:11.0766 3164	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/28 14:01:11.0793 3164	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/28 14:01:11.0867 3164	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/28 14:01:11.0934 3164	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/28 14:01:12.0045 3164	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/28 14:01:12.0072 3164	SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/28 14:01:12.0136 3164	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/28 14:01:12.0173 3164	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/28 14:01:12.0222 3164	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/28 14:01:12.0276 3164	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/28 14:01:12.0315 3164	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/28 14:01:12.0367 3164	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/28 14:01:12.0411 3164	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/28 14:01:12.0468 3164	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/28 14:01:12.0502 3164	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/28 14:01:12.0557 3164	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/28 14:01:12.0592 3164	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/28 14:01:12.0624 3164	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/28 14:01:12.0668 3164	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/28 14:01:12.0880 3164	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/28 14:01:12.0971 3164	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/28 14:01:13.0004 3164	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/28 14:01:13.0021 3164	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/28 14:01:13.0082 3164	ssadbus         (0b565af603eea1df046ff980ac54ec6d) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/04/28 14:01:13.0181 3164	ssadmdfl        (080766dfc1cc8d36c28b4003673c8cb0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/04/28 14:01:13.0288 3164	ssadmdm         (e83b435413580a8707ed8070072c0da2) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/04/28 14:01:13.0353 3164	sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/04/28 14:01:13.0405 3164	sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/04/28 14:01:13.0453 3164	sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/04/28 14:01:13.0548 3164	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/28 14:01:13.0597 3164	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/28 14:01:13.0652 3164	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/28 14:01:13.0707 3164	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/28 14:01:13.0821 3164	Tcpip           (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/28 14:01:13.0863 3164	Tcpip6          (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/28 14:01:13.0888 3164	tcpipreg        (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/28 14:01:13.0921 3164	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/28 14:01:13.0978 3164	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/28 14:01:14.0014 3164	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/28 14:01:14.0045 3164	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/28 14:01:14.0122 3164	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/28 14:01:14.0154 3164	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/28 14:01:14.0216 3164	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/28 14:01:14.0263 3164	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/28 14:01:14.0325 3164	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/28 14:01:14.0370 3164	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/28 14:01:14.0401 3164	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/28 14:01:14.0444 3164	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/28 14:01:14.0466 3164	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/28 14:01:14.0512 3164	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/28 14:01:14.0608 3164	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/28 14:01:14.0646 3164	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/28 14:01:14.0708 3164	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/28 14:01:14.0771 3164	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/28 14:01:14.0795 3164	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/28 14:01:14.0836 3164	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/28 14:01:14.0896 3164	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/28 14:01:14.0974 3164	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/28 14:01:15.0020 3164	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/28 14:01:15.0069 3164	usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/04/28 14:01:15.0124 3164	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/28 14:01:15.0171 3164	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/28 14:01:15.0253 3164	vhidmini        (dffab3374f554977c4bb1b575a7b6502) C:\Windows\system32\DRIVERS\vhidmini.sys
2011/04/28 14:01:15.0296 3164	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/28 14:01:15.0325 3164	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/28 14:01:15.0366 3164	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/28 14:01:15.0400 3164	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/28 14:01:15.0454 3164	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/28 14:01:15.0534 3164	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/28 14:01:15.0587 3164	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/28 14:01:15.0631 3164	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/28 14:01:15.0689 3164	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 14:01:15.0724 3164	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 14:01:15.0831 3164	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/28 14:01:15.0897 3164	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/28 14:01:15.0995 3164	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/28 14:01:16.0079 3164	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/28 14:01:16.0137 3164	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/28 14:01:16.0312 3164	================================================================================
2011/04/28 14:01:16.0312 3164	Scan finished
2011/04/28 14:01:16.0312 3164	================================================================================


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 28 April 2011 - 06:26 PM

Hello,

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 XT-Wax

XT-Wax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 April 2011 - 07:48 PM

No more ads.. seems to be gone. Does my Logs look clear?

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 28 April 2011 - 10:40 PM

Hello,

No more ads.. seems to be gone. Does my Logs look clear?


Yes, things look good lets run a couple other scanners just to make sure no more leftovers.

1.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 30 April 2011 - 09:01 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 XT-Wax

XT-Wax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 May 2011 - 09:39 AM

yes.. i am away for the weekend. Will do these soon. Ty

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 01 May 2011 - 09:40 PM

Ok, thanks for letting me know.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 03 May 2011 - 05:54 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 07 May 2011 - 10:50 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:28 AM

Posted 07 May 2011 - 08:20 PM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 XT-Wax

XT-Wax
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 07 May 2011 - 09:14 PM

Ty...


ESET Find:
C:\Users\Chris\Desktop\InterceptFroyoRoot v0.2\rageagainstthecage-arm5.bin	Android/Exploit.RageCage.A trojan	cleaned by deleting - quarantined

C:\Windows\System32\Tools\Hide.exe	Win32/KillProc.C application	cleaned by deleting - quarantined

These 2 are files I had to hack/root my android phone. Not sure if it just picked them up falsely or if they contained trojens too.


Malaware bytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6528

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/7/2011 5:23:41 PM
mbam-log-2011-05-07 (17-23-41).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 282964
Time elapsed: 50 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users