Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something that makes Google redirect and pop ups randomly appear


  • This topic is locked This topic is locked
5 replies to this topic

#1 laura_air

laura_air

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 06 May 2011 - 05:44 AM

When i google something and click a legit link i will get redirected to Gomeo or Asktofriends etc. There has been one other i've noticed but i cant remember its name. Also ssay for example i googled shoes and didnt click a link but didnt touch anything for a while, a pop up of Gomeo will appear about shoes. I am also getting an issue where the computer shuts down if i leave it for an hour or so, this is the message that appears when the computer restarts :

WINDOWS HAS RECOVERED FROM AN UNEXPECTED SHUT DOWN:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 828F9D46
BCP3: 8CD27B50
BCP4: 8CD27730
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\050611-18579-01.dmp
C:\Users\Air Tech 2011\AppData\Local\Temp\WER-37643-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt




I am DESPERATE to fix this before it gets worse, please see my reports pasted below:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Air 2011 at 9:21:20.27 on 06/05/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3036.1849 [GMT 1:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.9.2\slpcap.exe
c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Air 2011\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Conime] %windir%\system32\conime.exe
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartc~1.lnk - c:\program files\seiko instruments usa inc\smart label printer 6.9.2\slpcap.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\airtec~1\appdata\roaming\mozilla\firefox\profiles\23drud50.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.officelive.com/en-GB/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-5-4 142592]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-10 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-10 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-2-11 326184]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-15 497008]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-15 689416]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-4-26 8192]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-05-05 14:27:18 -------- d-----w- c:\users\airtec~1\appdata\roaming\SUPERAntiSpyware.com
2011-05-05 14:27:18 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-05-05 14:27:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-04 15:34:37 -------- d-----w- c:\users\airtec~1\appdata\roaming\Malwarebytes
2011-05-04 15:34:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 15:34:32 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-04 15:34:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 15:34:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 15:12:03 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-05-04 15:11:59 -------- d-----w- c:\users\airtec~1\appdata\roaming\Spyware Terminator
2011-05-04 15:11:57 -------- d-----w- c:\program files\Spyware Terminator
2011-05-04 15:11:57 -------- d-----w- c:\progra~2\Spyware Terminator
2011-04-29 16:01:32 -------- d-----w- C:\Output
2011-04-29 16:00:13 1872884 ----a-w- c:\windows\system32\cygwin1.dll
2011-04-29 16:00:12 4369408 ----a-w- c:\windows\system32\pdftk.exe
2011-04-29 16:00:12 34816 ----a-w- c:\windows\system32\pdfcrack.exe
2011-04-29 16:00:12 -------- d-----w- c:\program files\Advanced Pdf Splitter Free
2011-04-28 15:33:58 -------- d-----w- c:\users\airtec~1\appdata\local\Apple
2011-04-27 13:56:21 -------- d-----w- c:\users\airtec~1\appdata\local\Intuit
2011-04-27 13:48:04 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-04-27 13:45:18 -------- d-----w- c:\users\airtec~1\appdata\local\Eastman_Kodak_Company
2011-04-27 13:40:45 -------- d-----w- c:\users\airtec~1\appdata\local\Eastman Kodak Company
2011-04-27 13:39:53 -------- d-----w- c:\windows\system32\kodak
2011-04-27 13:36:35 -------- d-----w- c:\program files\common files\supportsoft
2011-04-27 13:36:24 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2011-04-27 13:34:31 -------- d-----w- c:\program files\Intuit
2011-04-27 13:34:31 -------- d-----w- c:\program files\common files\Intuit
2011-04-27 13:34:31 -------- d-----w- c:\progra~2\Intuit
2011-04-27 13:32:11 -------- d-----w- c:\progra~2\SQL Anywhere 10
2011-04-27 13:32:11 -------- d-----w- c:\progra~2\COMMON FILES
2011-04-27 13:31:30 -------- d-----w- c:\program files\Kodak
2011-04-27 13:30:24 -------- d-----w- c:\users\airtec~1\appdata\roaming\Temp
2011-04-27 13:30:24 -------- d-----w- c:\progra~2\Kodak
2011-04-27 12:06:04 -------- d-----w- c:\windows\Intuit
2011-04-27 09:05:56 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-04-27 09:05:23 -------- d-----w- c:\users\airtec~1\appdata\local\Microsoft Help
2011-04-26 16:22:56 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-26 16:22:56 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-26 16:22:56 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-26 16:22:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-26 16:22:56 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-26 16:21:24 -------- d-----w- c:\program files\MSXML 4.0
2011-04-26 16:21:15 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-26 15:53:58 8192 ----a-w- c:\windows\system32\srvany.exe
2011-04-26 14:40:57 -------- d-----w- C:\Downloads
2011-04-26 14:40:43 -------- d-----w- c:\users\airtec~1\appdata\roaming\BitComet
2011-04-26 09:43:33 -------- d-----w- c:\users\airtec~1\appdata\roaming\Smart Label Printer
2011-04-26 09:43:27 -------- d-----w- c:\users\airtec~1\appdata\local\Smart Label Printer
2011-04-26 09:43:27 -------- d-----w- c:\program files\Seiko Instruments USA Inc
2011-04-26 09:43:27 -------- d-----w- c:\progra~2\Smart Label Printer
2011-04-26 09:34:32 -------- d-----w- c:\users\airtec~1\appdata\local\Adobe
2011-04-26 08:50:47 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-26 08:50:44 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7b6c013d-295d-485b-9e66-374bf4497882}\mpengine.dll
2011-04-26 08:46:55 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-26 08:44:53 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-21 10:03:10 0 ----a-w- c:\windows\invcol.tmp
2011-04-21 09:58:00 -------- d-----w- c:\users\airtec~1\appdata\local\Dell
2011-04-21 09:21:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-21 09:15:06 831488 ----a-w- c:\windows\RtlExUpd.dll
2011-04-21 09:15:06 -------- d--h--w- c:\program files\Temp
2011-04-21 09:15:05 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-04-21 09:15:05 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-04-21 09:15:05 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-04-21 09:15:04 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-04-21 09:15:04 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-04-21 09:15:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-21 09:15:04 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-04-21 09:15:04 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-04-21 09:14:54 1536 ----a-w- c:\windows\system32\RtkMsgs.dll
2011-04-21 09:14:22 12288 ----a-w- c:\windows\system32\baspun.exe
2011-04-21 09:14:15 -------- d-----w- c:\program files\Broadcom
2011-04-21 09:13:48 -------- d-----w- c:\users\airtec~1\appdata\local\Downloaded Installations
2011-04-21 09:13:34 -------- d-----w- c:\windows\Dell
2011-04-15 12:20:18 1034544 ----a-w- c:\program files\mozilla firefox\plugins\npBitCometAgent.dll
2011-04-15 04:11:32 544768 ----a-w- c:\windows\system32\RtDSndMg.cpl
2011-04-15 04:07:11 -------- d-----w- c:\windows\system32\oem
2011-04-15 04:07:09 -------- d-----w- c:\windows\Panther
2011-04-15 04:07:09 -------- d-----w- C:\Drivers
2011-04-15 04:04:08 -------- d-----w- C:\dell
2011-04-15 03:23:08 -------- d-----w- c:\windows\system32\RTCOM
2011-04-15 03:23:08 -------- d-----w- c:\program files\Realtek
2011-04-15 03:22:53 -------- d-----w- C:\Intel
2011-04-14 20:01:53 -------- d-----w- c:\progra~2\Uninstall
2011-04-14 19:59:13 -------- d-----w- c:\program files\common files\SureThing Shared
2011-04-14 19:58:46 -------- d-----w- c:\progra~2\PhotoShow Shared Assets
2011-04-14 19:55:53 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-04-14 19:55:24 -------- d-----w- c:\program files\common files\Sonic Shared
2011-04-14 19:55:01 -------- d-----w- c:\program files\Roxio
2011-04-14 19:54:04 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2011-04-14 19:54:04 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2011-04-14 19:54:04 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2011-04-14 19:54:03 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2011-04-14 19:50:41 -------- d-----w- c:\windows\system32\log
2011-04-14 19:50:19 -------- d-----w- c:\program files\Trend Micro
2011-04-14 19:47:49 -------- d-----w- c:\program files\Microsoft
2011-04-14 19:46:56 -------- d-----w- c:\windows\en
2011-04-14 19:46:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-14 19:45:15 -------- d-----w- c:\windows\PCHEALTH
2011-04-14 19:44:20 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-14 19:44:20 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-14 19:44:20 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-14 19:43:49 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-14 19:42:31 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-14 19:42:31 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-14 19:41:13 15712 ----a-w- c:\program files\common files\windows live\.cache\e9b2d0731cbfadb06\MeshBetaRemover.exe
2011-04-14 19:41:12 94040 ----a-w- c:\program files\common files\windows live\.cache\e92b22031cbfadb05\DSETUP.dll
2011-04-14 19:41:12 94040 ----a-w- c:\program files\common files\windows live\.cache\e8b8dff61cbfadb04\DSETUP.dll
2011-04-14 19:41:12 525656 ----a-w- c:\program files\common files\windows live\.cache\e92b22031cbfadb05\DXSETUP.exe
2011-04-14 19:41:12 525656 ----a-w- c:\program files\common files\windows live\.cache\e8b8dff61cbfadb04\DXSETUP.exe
2011-04-14 19:41:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\e92b22031cbfadb05\dsetup32.dll
2011-04-14 19:41:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\e8b8dff61cbfadb04\dsetup32.dll
2011-04-14 19:41:11 6260088 ----a-w- c:\program files\common files\windows live\.cache\e83ab7071cbfadb03\Silverlight.4.0.exe
2011-04-14 19:41:05 -------- d-----w- c:\program files\common files\Windows Live
2011-04-14 19:40:49 -------- d-----w- c:\program files\common files\CyberLink
2011-04-14 19:40:10 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-14 19:35:39 -------- d-----w- c:\windows\Downloaded Installations
2011-04-14 19:35:39 -------- d-----w- c:\progra~2\Wave Systems Corp
2011-04-14 19:34:04 -------- d-----w- c:\program files\NTRU Cryptosystems
2011-04-14 19:34:04 -------- d-----w- c:\progra~2\NTRU Cryptosystems
2011-04-14 19:33:41 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2011-04-14 19:33:41 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2011-04-14 19:32:44 -------- d-----w- c:\program files\common files\SPBA
2011-04-14 19:32:41 -------- d-----w- c:\program files\Gemalto
2011-04-14 19:32:39 -------- d-----w- c:\windows\system32\BioAPIFFDB
2011-04-14 19:31:13 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-14 19:29:44 100864 ----a-w- c:\windows\system32\basp.dll
2011-04-14 19:29:18 -------- d-----w- c:\program files\Dell
2011-04-14 19:28:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 19:27:26 -------- d-----w- c:\program files\Dell Inc
2011-04-14 19:27:23 -------- d-sh--w- c:\windows\Installer
.
==================== Find3M ====================
.
2011-04-14 19:39:58 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-14 19:39:58 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 06:49:02 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 06:45:02 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-02-12 05:30:49 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
============= FINISH: 9:21:32.27 ===============

Attached Files


Edited by laura_air, 06 May 2011 - 08:17 AM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 06 May 2011 - 07:56 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 laura_air

laura_air
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 10 May 2011 - 04:37 AM

2011/05/10 10:23:22.0149 4612 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 10:23:22.0453 4612 ================================================================================
2011/05/10 10:23:22.0453 4612 SystemInfo:
2011/05/10 10:23:22.0453 4612
2011/05/10 10:23:22.0453 4612 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/10 10:23:22.0453 4612 Product type: Workstation
2011/05/10 10:23:22.0453 4612 ComputerName: AIRTECH2011-PC
2011/05/10 10:23:22.0453 4612 UserName: Air Tech 2011
2011/05/10 10:23:22.0453 4612 Windows directory: C:\Windows
2011/05/10 10:23:22.0453 4612 System windows directory: C:\Windows
2011/05/10 10:23:22.0453 4612 Processor architecture: Intel x86
2011/05/10 10:23:22.0453 4612 Number of processors: 2
2011/05/10 10:23:22.0453 4612 Page size: 0x1000
2011/05/10 10:23:22.0453 4612 Boot type: Normal boot
2011/05/10 10:23:22.0453 4612 ================================================================================
2011/05/10 10:23:22.0632 4612 Initialize success
2011/05/10 10:23:26.0500 4732 ================================================================================
2011/05/10 10:23:26.0500 4732 Scan started
2011/05/10 10:23:26.0500 4732 Mode: Manual;
2011/05/10 10:23:26.0500 4732 ================================================================================
2011/05/10 10:23:28.0719 4732 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/10 10:23:28.0904 4732 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/10 10:23:29.0107 4732 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/10 10:23:29.0269 4732 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/10 10:23:29.0410 4732 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/10 10:23:29.0607 4732 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/10 10:23:29.0833 4732 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/10 10:23:29.0983 4732 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/10 10:23:30.0095 4732 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/10 10:23:30.0258 4732 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/10 10:23:30.0400 4732 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/10 10:23:30.0605 4732 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/10 10:23:30.0725 4732 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/10 10:23:30.0861 4732 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/10 10:23:30.0985 4732 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/10 10:23:31.0114 4732 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/10 10:23:31.0230 4732 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/10 10:23:31.0339 4732 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/10 10:23:31.0473 4732 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/10 10:23:31.0658 4732 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/10 10:23:31.0859 4732 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 10:23:31.0994 4732 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/10 10:23:32.0242 4732 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/10 10:23:32.0391 4732 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/10 10:23:32.0588 4732 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/10 10:23:32.0740 4732 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/10 10:23:32.0910 4732 Blfp (ed5e8ced1b616590b252c61ec9e9b507) C:\Windows\system32\DRIVERS\basp.sys
2011/05/10 10:23:33.0103 4732 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 10:23:33.0275 4732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/10 10:23:33.0405 4732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/10 10:23:33.0612 4732 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/10 10:23:33.0770 4732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/10 10:23:33.0907 4732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/10 10:23:34.0150 4732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/10 10:23:34.0260 4732 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/10 10:23:34.0443 4732 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 10:23:34.0676 4732 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 10:23:34.0818 4732 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/10 10:23:34.0995 4732 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/10 10:23:35.0238 4732 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/10 10:23:35.0440 4732 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/10 10:23:35.0617 4732 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/10 10:23:35.0792 4732 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/10 10:23:35.0962 4732 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/10 10:23:36.0111 4732 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/10 10:23:36.0353 4732 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/10 10:23:36.0473 4732 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 10:23:36.0568 4732 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/10 10:23:36.0721 4732 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/10 10:23:36.0931 4732 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 10:23:37.0170 4732 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 10:23:37.0539 4732 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/10 10:23:37.0794 4732 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/10 10:23:37.0957 4732 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/10 10:23:38.0168 4732 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/10 10:23:38.0374 4732 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 10:23:38.0613 4732 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/10 10:23:38.0897 4732 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 10:23:39.0186 4732 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 10:23:39.0462 4732 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/10 10:23:39.0643 4732 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 10:23:39.0794 4732 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/10 10:23:39.0946 4732 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 10:23:40.0110 4732 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/10 10:23:40.0274 4732 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/10 10:23:40.0398 4732 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/10 10:23:40.0648 4732 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/10 10:23:40.0798 4732 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/10 10:23:40.0940 4732 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/10 10:23:41.0057 4732 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/10 10:23:41.0192 4732 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/10 10:23:41.0328 4732 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/10 10:23:41.0480 4732 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 10:23:41.0707 4732 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/10 10:23:41.0950 4732 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/10 10:23:42.0274 4732 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/10 10:23:42.0692 4732 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/10 10:23:42.0929 4732 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/10 10:23:43.0325 4732 IntcAzAudAddService (2d8d9516281e27a721897a388f17defb) C:\Windows\system32\drivers\RTDVHDA.sys
2011/05/10 10:23:43.0471 4732 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/10 10:23:43.0671 4732 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/10 10:23:43.0835 4732 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 10:23:44.0030 4732 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/10 10:23:44.0198 4732 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/10 10:23:44.0362 4732 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/10 10:23:44.0500 4732 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/10 10:23:44.0675 4732 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/10 10:23:44.0888 4732 k57nd60x (ded0b8fce350983313497da4bf5dd9cb) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/10 10:23:45.0010 4732 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/10 10:23:45.0291 4732 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/10 10:23:45.0447 4732 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 10:23:45.0587 4732 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/10 10:23:45.0728 4732 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 10:23:45.0906 4732 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/10 10:23:46.0056 4732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/10 10:23:46.0223 4732 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/10 10:23:46.0351 4732 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/10 10:23:46.0505 4732 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/10 10:23:46.0710 4732 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/10 10:23:46.0874 4732 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/10 10:23:47.0029 4732 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/10 10:23:47.0142 4732 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 10:23:47.0278 4732 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 10:23:47.0529 4732 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/10 10:23:47.0672 4732 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 10:23:47.0824 4732 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/10 10:23:48.0047 4732 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 10:23:48.0237 4732 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 10:23:48.0426 4732 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 10:23:48.0597 4732 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 10:23:48.0748 4732 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 10:23:48.0852 4732 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/10 10:23:48.0993 4732 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/10 10:23:49.0132 4732 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 10:23:49.0253 4732 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/10 10:23:49.0373 4732 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/10 10:23:49.0712 4732 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 10:23:49.0837 4732 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 10:23:50.0016 4732 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 10:23:50.0205 4732 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 10:23:50.0356 4732 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/10 10:23:50.0517 4732 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 10:23:50.0806 4732 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/10 10:23:50.0920 4732 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/10 10:23:51.0071 4732 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 10:23:51.0223 4732 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/10 10:23:51.0374 4732 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/10 10:23:51.0518 4732 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 10:23:51.0708 4732 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 10:23:51.0928 4732 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 10:23:52.0194 4732 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 10:23:52.0340 4732 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 10:23:52.0451 4732 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 10:23:52.0616 4732 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/10 10:23:52.0732 4732 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 10:23:52.0860 4732 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 10:23:52.0999 4732 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 10:23:53.0124 4732 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/10 10:23:53.0238 4732 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 10:23:53.0354 4732 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 10:23:53.0472 4732 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/10 10:23:53.0581 4732 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/10 10:23:53.0733 4732 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/10 10:23:53.0868 4732 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 10:23:53.0975 4732 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/10 10:23:54.0086 4732 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
2011/05/10 10:23:54.0204 4732 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/10 10:23:54.0315 4732 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/10 10:23:54.0468 4732 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/10 10:23:54.0600 4732 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/10 10:23:54.0728 4732 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/10 10:23:54.0928 4732 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 10:23:55.0038 4732 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/10 10:23:55.0176 4732 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 10:23:55.0296 4732 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/10 10:23:55.0443 4732 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/10 10:23:55.0584 4732 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/10 10:23:55.0698 4732 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 10:23:55.0816 4732 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 10:23:55.0942 4732 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/10 10:23:56.0067 4732 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 10:23:56.0193 4732 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 10:23:56.0320 4732 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 10:23:56.0455 4732 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 10:23:56.0597 4732 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/10 10:23:56.0704 4732 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 10:23:56.0832 4732 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/10 10:23:56.0946 4732 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 10:23:57.0057 4732 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/10 10:23:57.0168 4732 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 10:23:57.0291 4732 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/10 10:23:57.0467 4732 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 10:23:57.0579 4732 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/10 10:23:57.0675 4732 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/10 10:23:57.0716 4732 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/10 10:23:57.0846 4732 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/10 10:23:57.0963 4732 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/10 10:23:58.0101 4732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 10:23:58.0242 4732 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/10 10:23:58.0352 4732 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/10 10:23:58.0466 4732 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/10 10:23:58.0594 4732 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/10 10:23:58.0702 4732 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/10 10:23:59.0037 4732 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/10 10:23:59.0294 4732 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/10 10:23:59.0576 4732 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/10 10:23:59.0801 4732 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/10 10:23:59.0878 4732 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/10 10:24:00.0004 4732 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 10:24:00.0149 4732 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/10 10:24:00.0305 4732 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys
2011/05/10 10:24:00.0456 4732 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 10:24:00.0589 4732 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 10:24:00.0794 4732 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 10:24:00.0923 4732 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/10 10:24:01.0046 4732 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/10 10:24:01.0168 4732 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/10 10:24:01.0298 4732 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/10 10:24:01.0442 4732 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 10:24:01.0600 4732 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 10:24:01.0722 4732 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 10:24:01.0863 4732 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 10:24:01.0976 4732 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 10:24:02.0089 4732 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 10:24:02.0202 4732 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/10 10:24:02.0337 4732 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/05/10 10:24:02.0407 4732 TmFilter (1d84c335eb869bbe64543c6945a1f3c9) c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys
2011/05/10 10:24:02.0537 4732 tmlwf (4e87d02e56e9b1af831c5d521597d629) C:\Windows\system32\DRIVERS\tmlwf.sys
2011/05/10 10:24:02.0604 4732 TmPreFilter (7aab3fef8b19ae023ee05386f1b0a5dd) c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys
2011/05/10 10:24:02.0709 4732 tmtdi (44c262c1b2412ded35078b6166d2acc2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/05/10 10:24:02.0828 4732 tmwfp (d9882fd91b7c4c35acaa8498d1f3cd68) C:\Windows\system32\DRIVERS\tmwfp.sys
2011/05/10 10:24:02.0992 4732 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 10:24:03.0117 4732 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 10:24:03.0230 4732 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/10 10:24:03.0339 4732 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 10:24:03.0481 4732 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/10 10:24:03.0597 4732 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 10:24:03.0708 4732 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/10 10:24:03.0839 4732 usbccgp (b1edb25bce864ccd58ce771e063756b4) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 10:24:03.0954 4732 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/10 10:24:04.0065 4732 usbehci (6bf08e83a434d511ac3fca6d97c43683) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/10 10:24:04.0175 4732 usbhub (b3be3b01fe8ffcd5b28204dffc0fe19d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/10 10:24:04.0292 4732 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/10 10:24:04.0413 4732 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/10 10:24:04.0549 4732 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/10 10:24:04.0591 4732 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 10:24:04.0662 4732 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/10 10:24:04.0798 4732 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/10 10:24:04.0914 4732 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 10:24:04.0946 4732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/10 10:24:04.0967 4732 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/10 10:24:05.0092 4732 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/10 10:24:05.0209 4732 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/10 10:24:05.0250 4732 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/10 10:24:05.0349 4732 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/10 10:24:05.0462 4732 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/10 10:24:05.0549 4732 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/10 10:24:05.0609 4732 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 10:24:05.0717 4732 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/10 10:24:05.0803 4732 VSApiNt (8b9325c1d1167a703042986df758d799) c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys
2011/05/10 10:24:05.0924 4732 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/10 10:24:05.0965 4732 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/05/10 10:24:06.0036 4732 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/10 10:24:06.0125 4732 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 10:24:06.0140 4732 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 10:24:06.0249 4732 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/10 10:24:06.0296 4732 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 10:24:06.0430 4732 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/10 10:24:06.0460 4732 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/10 10:24:06.0605 4732 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/10 10:24:06.0763 4732 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/10 10:24:06.0919 4732 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 10:24:06.0983 4732 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
2011/05/10 10:24:07.0095 4732 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 10:24:07.0145 4732 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/10 10:24:07.0308 4732 ================================================================================
2011/05/10 10:24:07.0308 4732 Scan finished
2011/05/10 10:24:07.0308 4732 ================================================================================
2011/05/10 10:24:07.0320 4724 Detected object count: 1
2011/05/10 10:24:18.0835 4724 \HardDisk1 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/10 10:24:18.0835 4724 \HardDisk1 - ok
2011/05/10 10:24:18.0836 4724 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2011/05/10 10:24:23.0132 4592 Deinitialize success

#4 laura_air

laura_air
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 10 May 2011 - 04:48 AM

ComboFix 11-05-09.02 - Air Tech 2011 10/05/2011 10:40:24.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3036.1823 [GMT 1:00]
Running from: c:\users\Air Tech 2011\Desktop\ComboFix.exe
AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-10 09:43 . 2011-05-10 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 16:01 . 2011-05-06 16:01 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2011-05-06 16:01 . 2011-05-06 16:01 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2011-05-06 16:00 . 2011-05-06 16:02 -------- d-----w- c:\program files\ITAX
2011-05-06 15:58 . 2011-05-06 15:58 -------- d-----w- c:\windows\system32\URTTEMP
2011-05-05 14:27 . 2011-05-05 14:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-05-05 14:27 . 2011-05-05 14:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-04 15:34 . 2011-05-04 15:34 -------- d-----w- c:\programdata\Malwarebytes
2011-05-04 15:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 15:34 . 2011-05-05 13:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-04 15:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 15:12 . 2011-05-04 15:12 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-05-04 15:11 . 2011-05-10 09:27 -------- d-----w- c:\programdata\Spyware Terminator
2011-05-04 15:11 . 2011-05-04 15:24 -------- d-----w- c:\program files\Spyware Terminator
2011-04-29 16:01 . 2011-04-29 16:01 -------- d-----w- C:\Output
2011-04-29 16:00 . 2008-06-13 00:35 1872884 ----a-w- c:\windows\system32\cygwin1.dll
2011-04-29 16:00 . 2011-04-29 16:00 -------- d-----w- c:\program files\Advanced Pdf Splitter Free
2011-04-29 16:00 . 2008-09-21 09:32 34816 ----a-w- c:\windows\system32\pdfcrack.exe
2011-04-29 16:00 . 2007-06-27 15:15 4369408 ----a-w- c:\windows\system32\pdftk.exe
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-04-28 15:34 . 2011-04-28 15:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-04-28 15:34 . 2011-04-28 15:34 -------- d-----w- c:\program files\QuickTime
2011-04-28 15:34 . 2011-04-28 15:34 -------- d-----w- c:\programdata\Apple Computer
2011-04-28 15:34 . 2011-04-28 15:34 -------- d-----w- c:\program files\Common Files\Apple
2011-04-28 15:33 . 2011-04-28 15:33 -------- d-----w- c:\program files\Apple Software Update
2011-04-28 15:33 . 2011-04-28 15:33 -------- d-----w- c:\programdata\Apple
2011-04-27 13:48 . 2011-03-03 06:45 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-04-27 13:39 . 2011-04-27 13:39 -------- d-----w- c:\windows\system32\kodak
2011-04-27 13:36 . 2011-04-27 13:36 -------- d-----w- c:\program files\Common Files\supportsoft
2011-04-27 13:36 . 2010-01-11 16:47 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2011-04-27 13:34 . 2011-04-27 15:22 -------- d-----w- c:\programdata\Intuit
2011-04-27 13:34 . 2011-04-27 13:34 -------- d-----w- c:\program files\Common Files\Intuit
2011-04-27 13:34 . 2011-04-27 13:34 -------- d-----w- c:\program files\Intuit
2011-04-27 13:32 . 2011-04-27 13:59 -------- d-----w- c:\programdata\SQL Anywhere 10
2011-04-27 13:32 . 2011-04-27 13:32 -------- d-----w- c:\programdata\COMMON FILES
2011-04-27 13:31 . 2011-04-27 13:33 -------- d-----w- c:\program files\Kodak
2011-04-27 13:30 . 2011-05-10 09:44 -------- d-----w- c:\programdata\Kodak
2011-04-27 12:06 . 2011-04-27 12:06 -------- d-----w- c:\windows\Intuit
2011-04-27 09:05 . 2011-04-27 09:05 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-04-27 09:05 . 2011-04-27 09:11 -------- d-----w- c:\programdata\Microsoft Help
2011-04-27 09:05 . 2011-04-27 09:05 -------- d-----r- C:\MSOCache
2011-04-26 16:22 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-26 16:22 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-26 16:22 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-26 16:22 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-26 16:22 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-26 16:21 . 2011-04-26 16:21 -------- d-----w- c:\program files\MSXML 4.0
2011-04-26 16:21 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-04-26 15:53 . 2011-04-26 15:50 8192 ----a-w- c:\windows\system32\srvany.exe
2011-04-26 14:40 . 2011-05-03 08:27 -------- d-----w- C:\Downloads
2011-04-26 09:43 . 2011-04-26 10:43 -------- d-----w- c:\programdata\Smart Label Printer
2011-04-26 09:43 . 2011-04-26 09:43 -------- d-----w- c:\program files\Seiko Instruments USA Inc
2011-04-26 09:33 . 2011-04-26 09:33 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-26 08:50 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B6C013D-295D-485B-9E66-374BF4497882}\mpengine.dll
2011-04-26 08:46 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-26 08:44 . 2011-02-03 05:45 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-21 10:03 . 2011-04-21 10:03 0 ----a-w- c:\windows\invcol.tmp
2011-04-21 09:58 . 2011-04-21 09:58 -------- d-----w- c:\programdata\Dell
2011-04-21 09:57 . 2011-05-06 08:17 -------- d-----w- c:\users\Air Tech 2011
2011-04-21 09:21 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-21 09:15 . 2011-04-21 09:15 -------- d--h--w- c:\program files\Temp
2011-04-21 09:15 . 2009-09-29 02:49 831488 ----a-w- c:\windows\RtlExUpd.dll
2011-04-21 09:15 . 2011-04-21 09:15 -------- d-----w- c:\program files\Common Files\InstallShield
2011-04-21 09:14 . 2011-04-21 09:14 1536 ----a-w- c:\windows\system32\RtkMsgs.dll
2011-04-21 09:14 . 2010-02-10 11:38 12288 ----a-w- c:\windows\system32\baspun.exe
2011-04-21 09:14 . 2011-04-21 09:14 -------- d-----w- c:\program files\Broadcom
2011-04-21 09:13 . 2011-04-21 09:13 -------- d-----w- c:\windows\Dell
2011-04-15 04:11 . 2009-11-16 23:21 2748064 ----a-w- c:\windows\system32\drivers\RTDVHDA.sys
2011-04-15 04:07 . 2011-04-26 16:00 -------- d-----w- c:\windows\system32\oem
2011-04-15 04:07 . 2011-04-21 09:54 -------- d-----w- c:\windows\Panther
2011-04-15 04:07 . 2011-04-15 04:11 -------- d-----w- C:\Drivers
2011-04-15 04:04 . 2011-04-26 16:00 -------- d-----w- C:\dell
2011-04-15 03:23 . 2011-04-21 09:15 -------- d-----w- c:\windows\system32\RTCOM
2011-04-15 03:23 . 2011-04-15 03:23 -------- d-----w- c:\program files\Realtek
2011-04-15 03:22 . 2011-04-15 03:22 -------- d-----w- c:\program files\Intel
2011-04-15 03:22 . 2011-04-15 03:22 -------- d-----w- C:\Intel
2011-04-14 20:01 . 2011-04-14 20:01 -------- d-----w- c:\programdata\Uninstall
2011-04-14 19:59 . 2011-04-14 19:59 -------- d-----w- c:\program files\Common Files\SureThing Shared
2011-04-14 19:58 . 2011-04-14 19:58 -------- d-----w- c:\programdata\PhotoShow Shared Assets
2011-04-14 19:57 . 2011-04-14 20:04 -------- d-----w- c:\programdata\Sonic
2011-04-14 19:56 . 2011-04-14 20:10 -------- d-----w- c:\programdata\Roxio
2011-04-14 19:55 . 2011-04-14 20:00 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-04-14 19:55 . 2011-04-14 19:59 -------- d-----w- c:\program files\Common Files\Sonic Shared
2011-04-14 19:55 . 2011-04-14 19:59 -------- d-----w- c:\program files\Roxio
2011-04-14 19:55 . 2011-04-14 19:55 -------- d-----w- c:\programdata\Macrovision
2011-04-14 19:54 . 2011-04-14 20:01 -------- d-----w- c:\program files\Common Files\Roxio Shared
2011-04-14 19:54 . 2007-10-22 02:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2011-04-14 19:54 . 2007-10-12 14:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2011-04-14 19:54 . 2007-10-02 08:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2011-04-14 19:54 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2011-04-14 19:50 . 2011-04-14 19:50 -------- d-----w- c:\windows\system32\log
2011-04-14 19:50 . 2011-04-14 19:50 -------- d-----w- c:\program files\Trend Micro
2011-04-14 19:47 . 2011-04-21 10:03 -------- d-----w- c:\program files\Microsoft
2011-04-14 19:46 . 2011-04-14 19:46 -------- d-----w- c:\windows\en
2011-04-14 19:46 . 2011-04-14 19:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-04-14 19:45 . 2011-05-04 16:27 -------- d-----w- c:\windows\PCHEALTH
2011-04-14 19:44 . 2011-04-14 19:47 -------- d-----w- c:\program files\Windows Live
2011-04-14 19:44 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-04-14 19:44 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-04-14 19:44 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-04-14 19:43 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-04-14 19:43 . 2011-04-26 16:23 -------- d-----w- c:\program files\Microsoft Silverlight
2011-04-14 19:42 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2011-04-14 19:42 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-04-14 19:41 . 2011-04-14 19:41 -------- d-----w- c:\program files\Common Files\Windows Live
2011-04-14 19:40 . 2011-04-14 19:40 -------- d-----w- c:\program files\Common Files\CyberLink
2011-04-14 19:40 . 2011-04-14 19:40 -------- d-----w- c:\program files\CyberLink
2011-04-14 19:40 . 2011-04-14 19:39 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-04-14 19:35 . 2011-04-14 19:37 -------- d-----w- c:\programdata\Wave Systems Corp
2011-04-14 19:35 . 2011-04-14 19:35 -------- d-----w- c:\windows\Downloaded Installations
2011-04-14 19:34 . 2011-04-14 19:34 -------- d-----w- c:\programdata\NTRU Cryptosystems
2011-04-14 19:34 . 2011-04-14 19:34 -------- d-----w- c:\program files\NTRU Cryptosystems
2011-04-14 19:33 . 2011-04-14 19:33 -------- d-----w- c:\program files\DIFX
2011-04-14 19:33 . 2011-04-14 19:33 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-14 19:33 . 2008-06-04 12:14 80368 ----a-w- c:\windows\system32\pbadrvdll.dll
2011-04-14 19:33 . 2008-06-04 12:14 26608 ----a-w- c:\windows\system32\drivers\PBADRV.sys
2011-04-14 19:32 . 2011-04-14 19:34 -------- d-----w- c:\program files\Common Files\SPBA
2011-04-14 19:32 . 2011-04-14 19:32 -------- d-----w- c:\program files\Gemalto
2011-04-14 19:32 . 2011-04-14 19:32 -------- d-----w- c:\windows\system32\BioAPIFFDB
2011-04-14 19:31 . 2011-04-21 09:15 -------- d--h--w- c:\program files\InstallShield Installation Information
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-21 09:57 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-14 19:39 . 2006-08-14 09:02 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-14 19:39 . 2006-08-14 09:02 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-03 06:49 . 2011-03-03 06:49 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 06:45 . 2011-03-03 06:45 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-05-03 08:19 . 2011-04-21 09:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 15:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 15:10 119664 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-05-04 3318784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 170520]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2010-06-25 1099088]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-03-03 2510848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-3-8 984408]
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.9.2\slpcap.exe [2009-11-23 75136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 10:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-04-26 8192]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-05-04 142592]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-07-15 146448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2010-07-05 45056]
S2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2010-05-10 230928]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2010-05-10 36368]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-07-15 283152]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-02-11 326184]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\Trend Micro\Client Server Security Agent\TmProxy.exe [2009-07-15 689416]
.
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Air Tech 2011\AppData\Roaming\Mozilla\Firefox\Profiles\23drud50.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.officelive.com/en-GB/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2240)
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
c:\program files\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-10 10:47:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-10 09:47
.
Pre-Run: 196,882,096,128 bytes free
Post-Run: 198,028,992,512 bytes free
.
- - End Of File - - FA837036C9867221FF8888420CE08324

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 10 May 2011 - 01:05 PM

laura_air:

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java™ can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Posted Image Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes copy and paste the results into your next reply.
Please include the following in your next post:
  • MBAM log
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 15 May 2011 - 10:53 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users