Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 mbzrf

mbzrf

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 23 June 2011 - 04:05 PM

Hello. My computer seems to be struggling with an infection for a few days now. First, it looked like all my data had been lost. The desktop had turned black and I received all kinds of error messages. A program "WindowsXPRepair" popped up, which was allegedly running a scan and found numerous infections. Luckily, it turned out my data were not really lost, they were just hidden. Next, I tried to change the settings in order to keep using my computer normally. Most things seem to have normalized now, but I keep getting redirects in Google. I tried numerous programs (StopZilla, SuperAntiSpyware, avast, Avira, Hitman Pro 3.5), all without success. I also installed TDSSkiller, but it didn't run (even after renaming the file and the extension). It seems expert advice is needed. I hope someone can help me out on this one? Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Geert at 21:22:53 on 2011-06-23
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.279 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Garmin\MyGarminAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\4media video toolbar\tbcore3.dll
TB: 4Media Video Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\4media video toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\geert\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
uRun: [dONWNfCouomCLQ] c:\documents and settings\all users\application data\dONWNfCouomCLQ.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [MyGarminAgent] c:\program files\garmin\MyGarminAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\geert\menust~1\progra~1\opstar~1\mediac~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
TCP: Interfaces\{1B41C92D-07D9-4F36-BAA6-8F2A2BCC61E0} : DhcpNameServer = 195.130.131.3 195.130.130.131
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-21 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-21 307928]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-17 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2001-9-7 14336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-17 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-17 269480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-21 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-21 42184]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-17 61960]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2006-10-31 35840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-2 27632]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca26d3409d0018;Google Updateservice (gupdate1ca26d3409d0018);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-27 133104]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-7 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-7 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-7 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-7 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-7 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-7 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-7 117672]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-1-2 150528]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
=============== Created Last 30 ================
.
2011-06-22 18:25:28 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-06-22 17:36:18 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-22 17:34:21 -------- d-----w- c:\documents and settings\geert\application data\GetRightToGo
2011-06-21 20:17:35 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-21 20:17:02 40112 ----a-w- c:\windows\avastSS.scr
2011-06-21 20:16:47 -------- d-----w- c:\program files\AVAST Software
2011-06-21 20:16:47 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-21 19:16:39 -------- d-----w- c:\documents and settings\geert\application data\SUPERAntiSpyware.com
2011-06-21 19:16:39 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-21 19:16:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-21 17:56:08 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-21 17:55:37 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-06-20 17:35:28 -------- d-----r- c:\documents and settings\geert\Onlangs geopend
2011-06-20 17:27:07 -------- d-----w- c:\program files\STOPzilla!
2011-06-20 17:27:06 -------- d-----w- c:\program files\common files\iS3
2011-06-20 17:27:06 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-06-17 16:14:46 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-06-17 16:14:46 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-06-17 16:14:46 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-06-17 16:14:46 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-06-17 16:14:46 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-06-17 16:14:44 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-06-17 16:14:44 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-06-17 16:14:44 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-06-17 16:14:44 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-06-17 16:14:44 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-06-17 16:14:42 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-06-17 16:14:42 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-06-15 21:20:38 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-05-02 15:31:53 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05:04 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:33 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-04-28 18:29:10 582144 ------w- c:\program files\snes9x.exe
.
============= FINISH: 21:24:31,90 ===============




RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2269184 bytes (Microsoft Corporation, NT-kernel & -systeem)
0x804D7000 PnpManager 2269184 bytes
0x804D7000 RAW 2269184 bytes
0x804D7000 WMIxWDM 2269184 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32-stuurprogramma)
0xF6885000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1167360 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7670000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9DD79000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xA5F71000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA99AB000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF6738000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA60D0000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9B25C000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0x9DDE9000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBF16E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9A590000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xF6796000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF77C7000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-stuurprogramma voor NT)
0x9B3C8000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7643000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA5FE1000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9A59000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 167936 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xF6849000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA605A000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9DE33000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF7771000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT-schijfbeheer I/O-stuurprogramma)
0xA60AA000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x99B4C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA9A35000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6825000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF67EE000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6038000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA600C000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x80701000 ACPI_HAL 134400 bytes
0x80701000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7739000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7797000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-schijfstuurprogramma)
0xF7629000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x98DEB000 C:\DOCUME~1\Geert\LOCALS~1\Temp\kgrorpoc.sys 102400 bytes
0xF7759000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x9B561000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA9A0B000 C:\WINDOWS\system32\drivers\AEAudio.sys 94208 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0x9B4BD000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7710000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF67D7000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9B54C000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x9B3B3000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6811000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Stuurprogramma voor parallelle poort)
0xF6871000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA6129000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF76FD000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7727000 sr.sys 73728 bytes (Microsoft Corporation, Stuurprogramma voor systeemherstel)
0x9B304000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xF77B6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug en Play PCI-enumerator)
0xF67C6000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA1E24000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7967000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Stuurprogramma voor serieel apparaat)
0xF6CCC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7977000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter-stuurprogramma)
0xF6D2C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6A12000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7937000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, i8042-poortstuurprogramma)
0xF7817000 szkg.sys 57344 bytes (iS3 Inc., szkg Device Driver)
0xF7867000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volume Shadow Copy-stuurprogramma)
0xF7887000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7987000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7827000 szkgfs.sys 53248 bytes (iS3, Inc., STOPzilla Kernel Guard File System, x86-32 )
0xF79A7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA9D06000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Cryptografisch FIPS-stuurprogramma)
0xF7957000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7857000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7997000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA9D46000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF7917000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Processorstuurprogramm)
0xF7847000 isapnp.sys 40960 bytes (Microsoft Corporation, Stuurprogramma voor PNP ISA-bus)
0xF79D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF79C7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7927000 C:\WINDOWS\system32\DRIVERS\atl01_xp.sys 36864 bytes (Attansic Technology corporation., Attansic L1 Gigabit Ethernet Controller ndis miniport driver)
0x98EC4000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7877000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF79B7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA9D26000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7897000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA9D36000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B9F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7BBF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7BC7000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7BCF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Stuurprogramma voor verschillende toetsenbordtypen)
0xA9C96000 C:\DOCUME~1\Geert\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF7A97000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA174D000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7BD7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Stuurprogramma voor muistypen)
0xF7BAF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7BF7000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xF7B8F000 C:\WINDOWS\System32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7BB7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B0F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BA7000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7B6F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7B97000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A9F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BE7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BEF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7BDF000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA9C9E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7CC7000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9F2CC000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF705C000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9F2E8000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7C27000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0x9C074000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7058000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF672C000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D5F000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF7D57000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7DBD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D1B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7D3D000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7DBB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D17000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DBF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7DD5000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM-stuurprogramma (parallel))
0xF7DC1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D61000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DAB000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D19000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E0F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA1693000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E14000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DDF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus-stuurprogramma)
==============================================
>Stealth
==============================================
0x86E88A91 Unknown page with executable code, 1391 bytes
0x86E87288 Unknown page with executable code, 3448 bytes
0x86E89191 Unknown page with executable code, 3695 bytes
0xF7867000 WARNING: Virus alike driver modification [VolSnap.sys], 57344 bytes
0x86E8BE7A Unknown thread object [ ETHREAD 0x86FCB5A0 ] TID: 128, 600 bytes
0x86E8E008 Unknown thread object [ ETHREAD 0x86F715A8 ] TID: 132, 600 bytes
0x86E8DCDC Unknown page with executable code, 804 bytes

Attached Files


Edited by mbzrf, 23 June 2011 - 04:14 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 23 June 2011 - 04:36 PM

Hello mbzrf ,

Posted Image


This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to teacup.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 24 June 2011 - 12:43 AM

Hello Tea. Thanks for your quick reply!

I have installed ComboFix, but when I double click the icon on my Desktop, a windows appears with green textlines, indicating it is installing and uninstalling all kinds of thing. Every time, on a certain point, my computer reboots. I have tried renaming the program to teacup, with no success. Do you have any idea what might be causing this problem?

Thanks again!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 24 June 2011 - 03:42 PM

Hi there,

You're welcome. :)

Try to run it in Safe Mode. If that doesn't work we'll do something else. More than one way to do things. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 24 June 2011 - 08:38 PM

Hi again. Safe Mode seems to have worked. Here's the log ComboFix created:



ComboFix 11-06-22.01 - Geert 25/06/2011 3:18:15.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.780 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Geert\Bureaublad\teacup.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!


(((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))


2011-06-22 17:36:18 . 2011-06-22 18:11:33 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-06-22 17:36:05 . 2011-06-22 18:11:46 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-06-22 17:34:21 . 2011-06-22 17:38:32 -------- d-----w- C:\Documents and Settings\Geert\Application Data\GetRightToGo
2011-06-21 20:17:38 . 2011-05-10 12:03:44 307928 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-06-21 20:17:38 . 2011-05-10 11:59:35 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-06-21 20:17:36 . 2011-05-10 11:59:56 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-06-21 20:17:35 . 2011-05-10 12:03:54 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-21 20:17:35 . 2011-05-10 12:02:37 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-06-21 20:17:33 . 2011-05-10 12:02:25 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-06-21 20:17:32 . 2011-05-10 12:02:22 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-06-21 20:17:32 . 2011-05-10 11:59:37 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-06-21 20:17:02 . 2011-05-10 12:10:59 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-06-21 20:17:01 . 2011-05-10 12:10:55 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-06-21 20:16:47 . 2011-06-21 20:16:47 -------- d-----w- C:\Program Files\AVAST Software
2011-06-21 20:16:47 . 2011-06-21 20:16:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-06-21 19:16:39 . 2011-06-21 19:16:39 -------- d-----w- C:\Documents and Settings\Geert\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16:39 . 2011-06-21 19:16:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16:24 . 2011-06-21 19:16:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-21 17:56:08 . 2011-06-21 18:57:31 20552 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-06-21 17:55:37 . 2011-06-21 17:56:07 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2011-06-20 17:35:28 . 2011-06-23 21:14:30 -------- d-----r- C:\Documents and Settings\Geert\Onlangs geopend
2011-06-20 17:27:07 . 2011-06-20 17:27:11 -------- d-----w- C:\Program Files\STOPzilla!
2011-06-20 17:27:06 . 2011-06-25 00:56:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2011-06-20 17:27:06 . 2011-06-20 17:27:06 -------- d-----w- C:\Program Files\Common Files\iS3
2011-06-17 16:14:46 . 2011-06-17 16:14:46 546256 ----a-r- C:\WINDOWS\system32\SZComp5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 456144 ----a-r- C:\WINDOWS\system32\SZBase5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 28624 ----a-r- C:\WINDOWS\system32\IS3XDat5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 22992 ----a-r- C:\WINDOWS\system32\SZIO5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 132560 ----a-r- C:\WINDOWS\system32\IS3HTUI5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 99792 ----a-r- C:\WINDOWS\system32\IS3Svc5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 99792 ----a-r- C:\WINDOWS\system32\IS3Inet5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 67024 ----a-r- C:\WINDOWS\system32\IS3Hks5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 398800 ----a-r- C:\WINDOWS\system32\IS3DBA5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 390608 ----a-r- C:\WINDOWS\system32\IS3UI5.dll
2011-06-17 16:14:42 . 2011-06-17 16:14:42 738768 ----a-r- C:\WINDOWS\system32\IS3Base5.dll
2011-06-17 16:14:42 . 2011-06-17 16:14:42 230864 ----a-r- C:\WINDOWS\system32\IS3Win325.dll
2011-06-15 21:20:38 . 2011-04-21 13:37:43 105472 -c----w- C:\WINDOWS\system32\dllcache\mup.sys
.


((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-02 15:31:53 . 2007-08-28 06:41:54 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 16:19:43 . 2001-09-07 12:00:00 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-04-25 16:05:05 . 2001-09-07 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-04-25 16:05:04 . 2001-09-07 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-04-25 16:05:04 . 2001-09-07 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-04-25 12:01:33 . 2007-08-28 06:57:17 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-04-21 13:37:43 . 2001-09-07 12:00:00 105472 ----a-w- C:\WINDOWS\system32\drivers\mup.sys
2007-04-28 18:29:10 . 2010-07-04 09:27:25 582144 ------w- C:\Program Files\snes9x.exe


((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10:48 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 04:59:50 39408]
"Sony Ericsson PC Companion"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 11:26:56 428544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 16:26:00 2424192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 13:21:30 61952]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 14:00:00 925696]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 10:17:04 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 10:13:40 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 10:17:50 118784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
"MyGarminAgent"="C:\Program Files\Garmin\MyGarminAgent.exe" [2009-06-17 13:39:44 331776]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 18:48:22 281768]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 06:58:34 611712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-03-17 19:53:36 421888]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-05-10 12:10:58 3459712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 17:02:53 15360]

C:\Documents and Settings\Geert\Menu Start\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-26 385024]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"C:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\SZKG.sys [7/12/2009 17:59:32 61328]
R0 szkgfs;szkgfs;C:\WINDOWS\system32\drivers\SZKGFS.sys [12/05/2010 18:01:06 59280]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\WINDOWS\system32\drivers\seehcri.sys [2/02/2010 19:03:10 27632]
S0 is3srv;is3srv;C:\WINDOWS\system32\drivers\is3srv.sys [7/12/2009 17:59:32 61328]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys --> C:\WINDOWS\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys --> C:\WINDOWS\system32\drivers\TfSysMon.sys [?]
S1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [21/06/2011 22:17:35 441176]
S1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [21/06/2011 22:17:38 307928]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41:30 67656]
S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [7/09/2001 14:00:00 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [17/05/2009 8:59:54 136360]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [21/06/2011 22:17:38 19544]
S2 gupdate1ca26d3409d0018;Google Updateservice (gupdate1ca26d3409d0018);C:\Program Files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00:08 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\atl01_xp.sys [31/10/2006 11:10:06 35840]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00:08 133104]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\WINDOWS\system32\drivers\s0017bus.sys [7/12/2008 12:22:36 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s0017mdfl.sys [7/12/2008 12:22:36 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s0017mdm.sys [7/12/2008 12:22:36 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s0017mgmt.sys [7/12/2008 12:22:37 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\WINDOWS\system32\drivers\s0017nd5.sys [7/12/2008 12:22:36 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s0017obex.sys [7/12/2008 12:22:37 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\WINDOWS\system32\drivers\s0017unic.sys [7/12/2008 12:22:37 117672]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2/01/2011 12:07:13 150528]
S3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys --> C:\WINDOWS\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Inhoud van de 'Gedeelde Taken' map

2011-06-25 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 04:59:48 . 2009-08-27 04:59:48]

2011-06-25 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00:08 . 2009-08-27 05:00:04]

2011-06-25 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00:08 . 2009-08-27 05:00:04]

2011-06-07 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003Core.job
- C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:07:32 . 2009-08-27 05:13:47]

2011-06-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003UA.job
- C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:07:32 . 2009-08-27 05:13:47]

2011-06-25 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-04-30 17:05:24 . 2009-03-10 20:18:10]


------- Bijkomende Scan -------

uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-dONWNfCouomCLQ - C:\Documents and Settings\All Users\Application Data\dONWNfCouomCLQ.exe
Notify-TPSvc - TPSvc.dll
AddRemove-4Media Video Toolbar - C:\Program Files\4Media Video Toolbar\UninstallToolbar.exe
AddRemove-HitmanPro35 - C:\Documents and Settings\Geert\Local Settings\Temporary Internet Files\Content.IE5\ULBY0KRS\HitmanPro35[1].exe
AddRemove-SoundTap - C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
AddRemove-Switch - C:\Program Files\NCH Swift Sound\Switch\uninst.exe

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 25 June 2011 - 12:43 PM

Hello,

It looks like the log got cut off.....could you please try to post the report again? :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 25 June 2011 - 04:09 PM

Here it is again:



ComboFix 11-06-22.01 - Geert 25/06/2011 3:18:15.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.780 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Geert\Bureaublad\teacup.exe
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!


(((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))


2011-06-22 17:36:18 . 2011-06-22 18:11:33 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-06-22 17:36:05 . 2011-06-22 18:11:46 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-06-22 17:34:21 . 2011-06-22 17:38:32 -------- d-----w- C:\Documents and Settings\Geert\Application Data\GetRightToGo
2011-06-21 20:17:38 . 2011-05-10 12:03:44 307928 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-06-21 20:17:38 . 2011-05-10 11:59:35 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-06-21 20:17:36 . 2011-05-10 11:59:56 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-06-21 20:17:35 . 2011-05-10 12:03:54 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-06-21 20:17:35 . 2011-05-10 12:02:37 49240 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-06-21 20:17:33 . 2011-05-10 12:02:25 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-06-21 20:17:32 . 2011-05-10 12:02:22 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-06-21 20:17:32 . 2011-05-10 11:59:37 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-06-21 20:17:02 . 2011-05-10 12:10:59 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-06-21 20:17:01 . 2011-05-10 12:10:55 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-06-21 20:16:47 . 2011-06-21 20:16:47 -------- d-----w- C:\Program Files\AVAST Software
2011-06-21 20:16:47 . 2011-06-21 20:16:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-06-21 19:16:39 . 2011-06-21 19:16:39 -------- d-----w- C:\Documents and Settings\Geert\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16:39 . 2011-06-21 19:16:39 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16:24 . 2011-06-21 19:16:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-21 17:56:08 . 2011-06-21 18:57:31 20552 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-06-21 17:55:37 . 2011-06-21 17:56:07 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2011-06-20 17:35:28 . 2011-06-23 21:14:30 -------- d-----r- C:\Documents and Settings\Geert\Onlangs geopend
2011-06-20 17:27:07 . 2011-06-20 17:27:11 -------- d-----w- C:\Program Files\STOPzilla!
2011-06-20 17:27:06 . 2011-06-25 00:56:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2011-06-20 17:27:06 . 2011-06-20 17:27:06 -------- d-----w- C:\Program Files\Common Files\iS3
2011-06-17 16:14:46 . 2011-06-17 16:14:46 546256 ----a-r- C:\WINDOWS\system32\SZComp5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 456144 ----a-r- C:\WINDOWS\system32\SZBase5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 28624 ----a-r- C:\WINDOWS\system32\IS3XDat5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 22992 ----a-r- C:\WINDOWS\system32\SZIO5.dll
2011-06-17 16:14:46 . 2011-06-17 16:14:46 132560 ----a-r- C:\WINDOWS\system32\IS3HTUI5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 99792 ----a-r- C:\WINDOWS\system32\IS3Svc5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 99792 ----a-r- C:\WINDOWS\system32\IS3Inet5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 67024 ----a-r- C:\WINDOWS\system32\IS3Hks5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 398800 ----a-r- C:\WINDOWS\system32\IS3DBA5.dll
2011-06-17 16:14:44 . 2011-06-17 16:14:44 390608 ----a-r- C:\WINDOWS\system32\IS3UI5.dll
2011-06-17 16:14:42 . 2011-06-17 16:14:42 738768 ----a-r- C:\WINDOWS\system32\IS3Base5.dll
2011-06-17 16:14:42 . 2011-06-17 16:14:42 230864 ----a-r- C:\WINDOWS\system32\IS3Win325.dll
2011-06-15 21:20:38 . 2011-04-21 13:37:43 105472 -c----w- C:\WINDOWS\system32\dllcache\mup.sys
.


((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-02 15:31:53 . 2007-08-28 06:41:54 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-04-29 16:19:43 . 2001-09-07 12:00:00 456320 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-04-25 16:05:05 . 2001-09-07 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-04-25 16:05:04 . 2001-09-07 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-04-25 16:05:04 . 2001-09-07 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-04-25 12:01:33 . 2007-08-28 06:57:17 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-04-21 13:37:43 . 2001-09-07 12:00:00 105472 ----a-w- C:\WINDOWS\system32\drivers\mup.sys
2007-04-28 18:29:10 . 2010-07-04 09:27:25 582144 ------w- C:\Program Files\snes9x.exe


((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10:48 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 04:59:50 39408]
"Sony Ericsson PC Companion"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 11:26:56 428544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 16:26:00 2424192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 13:21:30 61952]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 14:00:00 925696]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 10:17:04 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 10:13:40 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 10:17:50 118784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
"MyGarminAgent"="C:\Program Files\Garmin\MyGarminAgent.exe" [2009-06-17 13:39:44 331776]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 18:48:22 281768]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 06:58:34 611712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-03-17 19:53:36 421888]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-05-10 12:10:58 3459712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 17:02:53 15360]

C:\Documents and Settings\Geert\Menu Start\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-26 385024]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"C:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\SZKG.sys [7/12/2009 17:59:32 61328]
R0 szkgfs;szkgfs;C:\WINDOWS\system32\drivers\SZKGFS.sys [12/05/2010 18:01:06 59280]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\WINDOWS\system32\drivers\seehcri.sys [2/02/2010 19:03:10 27632]
S0 is3srv;is3srv;C:\WINDOWS\system32\drivers\is3srv.sys [7/12/2009 17:59:32 61328]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys --> C:\WINDOWS\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys --> C:\WINDOWS\system32\drivers\TfSysMon.sys [?]
S1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [21/06/2011 22:17:35 441176]
S1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [21/06/2011 22:17:38 307928]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25:48 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41:30 67656]
S2 Akamai;Akamai NetSession Interface;C:\WINDOWS\System32\svchost.exe -k Akamai [7/09/2001 14:00:00 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [17/05/2009 8:59:54 136360]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [21/06/2011 22:17:38 19544]
S2 gupdate1ca26d3409d0018;Google Updateservice (gupdate1ca26d3409d0018);C:\Program Files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00:08 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\drivers\atl01_xp.sys [31/10/2006 11:10:06 35840]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00:08 133104]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\WINDOWS\system32\drivers\s0017bus.sys [7/12/2008 12:22:36 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\s0017mdfl.sys [7/12/2008 12:22:36 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\s0017mdm.sys [7/12/2008 12:22:36 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\s0017mgmt.sys [7/12/2008 12:22:37 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\WINDOWS\system32\drivers\s0017nd5.sys [7/12/2008 12:22:36 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\s0017obex.sys [7/12/2008 12:22:37 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\WINDOWS\system32\drivers\s0017unic.sys [7/12/2008 12:22:37 117672]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2/01/2011 12:07:13 150528]
S3 TfNetMon;TfNetMon;\??\C:\WINDOWS\system32\drivers\TfNetMon.sys --> C:\WINDOWS\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

Inhoud van de 'Gedeelde Taken' map

2011-06-25 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 04:59:48 . 2009-08-27 04:59:48]

2011-06-25 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00:08 . 2009-08-27 05:00:04]

2011-06-25 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00:08 . 2009-08-27 05:00:04]

2011-06-07 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003Core.job
- C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:07:32 . 2009-08-27 05:13:47]

2011-06-25 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003UA.job
- C:\Documents and Settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 12:07:32 . 2009-08-27 05:13:47]

2011-06-25 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-04-30 17:05:24 . 2009-03-10 20:18:10]


------- Bijkomende Scan -------

uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-dONWNfCouomCLQ - C:\Documents and Settings\All Users\Application Data\dONWNfCouomCLQ.exe
Notify-TPSvc - TPSvc.dll
AddRemove-4Media Video Toolbar - C:\Program Files\4Media Video Toolbar\UninstallToolbar.exe
AddRemove-HitmanPro35 - C:\Documents and Settings\Geert\Local Settings\Temporary Internet Files\Content.IE5\ULBY0KRS\HitmanPro35[1].exe
AddRemove-SoundTap - C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
AddRemove-Switch - C:\Program Files\NCH Swift Sound\Switch\uninst.exe

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 25 June 2011 - 04:15 PM

Hmmmm....that's all of it? Several parts missing.

In your first post you said you tried TDSSKiller but it wouldn't run. Did you try it in safe mode?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 25 June 2011 - 05:12 PM

TDSS won't run in safe mode either. I have tried to run ComboFix again. As yu can read in the log, AntiVir was enabled during the process. However, the icon in the system tray indicated dat it was not activated. Maybe this causes the scan to be incomplete?

Although largely similar, the new ComboFix log seems to contain a few different element. Maybe these are of any help?



ComboFix 11-06-22.01 - Geert 25/06/2011 23:45:50.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.787 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Geert\Bureaublad\teacup.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-25 to 2011-06-25 ))))))))))))))))))))))))))))))
.
.
2011-06-25 01:00 . 2011-06-25 01:00 -------- d-----w- c:\documents and settings\Administrator
2011-06-22 17:36 . 2011-06-22 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-06-22 17:36 . 2011-06-22 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-22 17:34 . 2011-06-22 17:38 -------- d-----w- c:\documents and settings\Geert\Application Data\GetRightToGo
2011-06-21 20:17 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-21 20:17 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-21 20:17 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-21 20:17 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-21 20:17 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-21 20:17 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-21 20:17 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-21 20:17 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-21 20:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-21 20:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-21 20:16 . 2011-06-21 20:16 -------- d-----w- c:\program files\AVAST Software
2011-06-21 20:16 . 2011-06-21 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-21 19:16 . 2011-06-21 19:16 -------- d-----w- c:\documents and settings\Geert\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16 . 2011-06-21 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16 . 2011-06-21 19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-21 17:56 . 2011-06-21 18:57 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-21 17:55 . 2011-06-21 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-06-20 17:35 . 2011-06-25 21:02 -------- d-----r- c:\documents and settings\Geert\Onlangs geopend
2011-06-20 17:27 . 2011-06-20 17:27 -------- d-----w- c:\program files\STOPzilla!
2011-06-20 17:27 . 2011-06-25 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-20 17:27 . 2011-06-20 17:27 -------- d-----w- c:\program files\Common Files\iS3
2011-06-17 16:14 . 2011-06-17 16:14 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-06-17 16:14 . 2011-06-17 16:14 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-06-17 16:14 . 2011-06-17 16:14 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-06-17 16:14 . 2011-06-17 16:14 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-06-17 16:14 . 2011-06-17 16:14 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-06-17 16:14 . 2011-06-17 16:14 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-06-17 16:14 . 2011-06-17 16:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-06-17 16:14 . 2011-06-17 16:14 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-06-17 16:14 . 2011-06-17 16:14 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-06-17 16:14 . 2011-06-17 16:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-06-17 16:14 . 2011-06-17 16:14 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-06-17 16:14 . 2011-06-17 16:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-06-15 21:20 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2007-08-28 06:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2007-08-28 06:57 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-09-07 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-04-28 18:29 . 2010-07-04 09:27 582144 ------w- c:\program files\snes9x.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
"AdobeBridge"="" [BU]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"dONWNfCouomCLQ"="c:\documents and settings\All Users\Application Data\dONWNfCouomCLQ.exe" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-06-17 331776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Geert\Menu Start\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-26 385024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1032:TCP"= 1032:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7/12/2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12/05/2010 18:01 59280]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2/02/2010 19:03 27632]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7/12/2009 17:59 61328]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/06/2011 22:17 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/06/2011 22:17 307928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/09/2001 14:00 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/05/2009 8:59 136360]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/06/2011 22:17 19544]
S2 gupdate1ca26d3409d0018;Google Updateservice (gupdate1ca26d3409d0018);c:\program files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31/10/2006 11:10 35840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00 133104]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [7/12/2008 12:22 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [7/12/2008 12:22 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [7/12/2008 12:22 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [7/12/2008 12:22 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [7/12/2008 12:22 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [7/12/2008 12:22 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [7/12/2008 12:22 117672]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2/01/2011 12:07 150528]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 04:59]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003Core.job
- c:\documents and settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 05:13]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003UA.job
- c:\documents and settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 05:13]
.
2011-06-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 20:18]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-25 23:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(260)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Voltooingstijd: 2011-06-25 23:56:40
ComboFix-quarantined-files.txt 2011-06-25 21:56
.
Pre-Run: 28.327.731.200 bytes beschikbaar
Post-Run: 28.371.910.656 bytes beschikbaar
.
- - End Of File - - C43F52E87749317B00E21C4C4F10EC3C

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 27 June 2011 - 01:26 PM

Let's try this with what you already have :) :

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

FCOPY::
c:\windows\ServicePackFiles\i386\volsnap.sys | C:\Windows\system32\DRIVERS\volsnap.sys


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Let me know how it's running please. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 27 June 2011 - 02:33 PM

Hi Tea,

I reinstalled ComboFix because it indicated that the other version was outdated. I had to run it in Safe Mode. The first time, the computer automatically rebooted before the actual scan begun, the second time it worked. After all the "parts" were completed (numbers 1 through 50), i received an error message indicating that an error had occurred in pev.cfxxe, and that it was aborted. However, ComboFix kept running and it produced a log... I hope it can give you some more information.




ComboFix 11-06-27.01 - Geert 27/06/2011 21:05:57.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.803 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Geert\Bureaublad\teacup2.exe
gebruikte Opdracht switches :: c:\documents and settings\Geert\Bureaublad\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\volsnap.sys --> c:\windows\system32\DRIVERS\volsnap.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))
.
.
2011-06-25 21:44 . 2011-06-25 21:56 -------- d-----w- C:\teacup
2011-06-25 01:00 . 2011-06-25 01:00 -------- d-----w- c:\documents and settings\Administrator
2011-06-22 17:36 . 2011-06-22 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-06-22 17:36 . 2011-06-22 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-06-22 17:34 . 2011-06-22 17:38 -------- d-----w- c:\documents and settings\Geert\Application Data\GetRightToGo
2011-06-21 20:17 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-21 20:17 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-21 20:17 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-21 20:17 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-21 20:17 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-21 20:17 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-21 20:17 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-21 20:17 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-21 20:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-21 20:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-21 20:16 . 2011-06-21 20:16 -------- d-----w- c:\program files\AVAST Software
2011-06-21 20:16 . 2011-06-21 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-21 19:16 . 2011-06-21 19:16 -------- d-----w- c:\documents and settings\Geert\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16 . 2011-06-21 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-21 19:16 . 2011-06-21 19:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-21 17:56 . 2011-06-21 18:57 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-21 17:55 . 2011-06-21 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-06-20 17:35 . 2011-06-26 21:38 -------- d-----r- c:\documents and settings\Geert\Onlangs geopend
2011-06-20 17:27 . 2011-06-20 17:27 -------- d-----w- c:\program files\STOPzilla!
2011-06-20 17:27 . 2011-06-27 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-20 17:27 . 2011-06-20 17:27 -------- d-----w- c:\program files\Common Files\iS3
2011-06-17 16:14 . 2011-06-17 16:14 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-06-17 16:14 . 2011-06-17 16:14 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-06-17 16:14 . 2011-06-17 16:14 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-06-17 16:14 . 2011-06-17 16:14 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-06-17 16:14 . 2011-06-17 16:14 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-06-17 16:14 . 2011-06-17 16:14 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-06-17 16:14 . 2011-06-17 16:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-06-17 16:14 . 2011-06-17 16:14 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-06-17 16:14 . 2011-06-17 16:14 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-06-17 16:14 . 2011-06-17 16:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-06-17 16:14 . 2011-06-17 16:14 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-06-17 16:14 . 2011-06-17 16:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-06-15 21:20 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2007-08-28 06:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2007-08-28 06:57 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2001-09-07 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2007-04-28 18:29 . 2010-07-04 09:27 582144 ------w- c:\program files\snes9x.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-27 39408]
"AdobeBridge"="" [BU]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-04-14 428544]
"dONWNfCouomCLQ"="c:\documents and settings\All Users\Application Data\dONWNfCouomCLQ.exe" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-06-17 331776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Geert\Menu Start\Programma's\Opstarten\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-12-26 385024]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Geert\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7/12/2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12/05/2010 18:01 59280]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2/02/2010 19:03 27632]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7/12/2009 17:59 61328]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21/06/2011 22:17 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/06/2011 22:17 307928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/09/2001 14:00 14336]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/05/2009 8:59 136360]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/06/2011 22:17 19544]
S2 gupdate1ca26d3409d0018;Google Updateservice (gupdate1ca26d3409d0018);c:\program files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00 133104]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [31/10/2006 11:10 35840]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/08/2009 7:00 133104]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [7/12/2008 12:22 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [7/12/2008 12:22 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [7/12/2008 12:22 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [7/12/2008 12:22 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [7/12/2008 12:22 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [7/12/2008 12:22 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [7/12/2008 12:22 117672]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2/01/2011 12:07 150528]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 04:59]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 05:00]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003Core.job
- c:\documents and settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 05:13]
.
2011-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1409082233-725345543-1003UA.job
- c:\documents and settings\Geert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-24 05:13]
.
2011-06-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-30 20:18]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.3 195.130.130.131
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(264)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Voltooingstijd: 2011-06-27 21:24:06 - machine werd herstart
ComboFix-quarantined-files.txt 2011-06-27 19:24
ComboFix2.txt 2011-06-25 21:56
.
Pre-Run: 28.113.506.304 bytes beschikbaar
Post-Run: 28.298.977.280 bytes beschikbaar
.
- - End Of File - - B9658A24F35460D0D358C92256D6D2FF

Edited by mbzrf, 27 June 2011 - 02:38 PM.


#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 27 June 2011 - 03:23 PM

How is it running now? Can you run in normal mode?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 27 June 2011 - 03:59 PM

I can run the computer in normal mode. At first glance, Google is no longer redirecting, I hope the problem is solved?

I have tried to run ComboFix in normal mode (hoping that would generate a more complete log), but it still won't run. The computer automatically reboots. Afterwards, an errorbox indicated that the computer has recovered from a serious error.

Meanwhile, Avast keeps notifying it found a rootkit called volsnap.sys...

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:50 PM

Posted 27 June 2011 - 04:23 PM

Yes, and that's what I replaced, the volsnap.sys. Try TDSSKiller again...get a fresh copy if you can,just in case that one got corrupted. Don't bother with ComboFix then. We'll use something else to make sure the problem is gone. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 mbzrf

mbzrf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 27 June 2011 - 04:54 PM

Okay. I reinstalled TDSSkiller, and this time it worked. It found volsnap.sys, and was able to cure it after reboot. I ran it again, this time TDSSkiller found noting. In case it's of any help, here's the report (Volsnap is still in the list?)...




2011/06/27 23:47:29.0296 2708 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52
2011/06/27 23:47:29.0500 2708 ================================================================================
2011/06/27 23:47:29.0500 2708 SystemInfo:
2011/06/27 23:47:29.0500 2708
2011/06/27 23:47:29.0500 2708 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/27 23:47:29.0500 2708 Product type: Workstation
2011/06/27 23:47:29.0500 2708 ComputerName: WERKSTATION
2011/06/27 23:47:29.0500 2708 UserName: Geert
2011/06/27 23:47:29.0500 2708 Windows directory: C:\WINDOWS
2011/06/27 23:47:29.0500 2708 System windows directory: C:\WINDOWS
2011/06/27 23:47:29.0500 2708 Processor architecture: Intel x86
2011/06/27 23:47:29.0500 2708 Number of processors: 2
2011/06/27 23:47:29.0500 2708 Page size: 0x1000
2011/06/27 23:47:29.0500 2708 Boot type: Normal boot
2011/06/27 23:47:29.0500 2708 ================================================================================
2011/06/27 23:47:33.0812 2708 Initialize success
2011/06/27 23:47:38.0968 2952 ================================================================================
2011/06/27 23:47:38.0968 2952 Scan started
2011/06/27 23:47:38.0968 2952 Mode: Manual;
2011/06/27 23:47:38.0968 2952 ================================================================================
2011/06/27 23:47:39.0890 2952 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/27 23:47:40.0562 2952 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/27 23:47:41.0031 2952 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/27 23:47:41.0281 2952 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/06/27 23:47:41.0406 2952 ADIHdAudAddService (ae3475450bd241598ae60cab4a40fadf) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/06/27 23:47:41.0859 2952 AEAudioService (f932a37fff15d1b35289213089e9c78d) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/06/27 23:47:42.0265 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/27 23:47:43.0187 2952 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/27 23:47:47.0000 2952 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/27 23:47:47.0250 2952 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/27 23:47:48.0187 2952 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/27 23:47:49.0046 2952 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/27 23:47:50.0281 2952 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/27 23:47:51.0218 2952 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/27 23:47:51.0625 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/27 23:47:52.0203 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/27 23:47:52.0468 2952 AtcL001 (4d689ed3049947f311330488e1c055c9) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
2011/06/27 23:47:52.0781 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/27 23:47:53.0187 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/27 23:47:53.0421 2952 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/06/27 23:47:53.0640 2952 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/27 23:47:53.0968 2952 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/27 23:47:54.0515 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/27 23:47:55.0140 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/27 23:47:56.0015 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/27 23:47:56.0343 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/27 23:47:56.0687 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/27 23:47:57.0953 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/27 23:47:58.0750 2952 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/27 23:47:59.0265 2952 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/27 23:47:59.0484 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/27 23:48:00.0265 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/27 23:48:01.0531 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/27 23:48:03.0343 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/27 23:48:04.0015 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/27 23:48:04.0671 2952 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/27 23:48:05.0546 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/27 23:48:06.0171 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/27 23:48:07.0031 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/27 23:48:07.0546 2952 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/27 23:48:09.0375 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/27 23:48:09.0921 2952 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/27 23:48:10.0281 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/27 23:48:11.0046 2952 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/27 23:48:11.0859 2952 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/27 23:48:12.0234 2952 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/27 23:48:12.0453 2952 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/27 23:48:12.0718 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/27 23:48:13.0187 2952 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/27 23:48:13.0500 2952 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/27 23:48:14.0046 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/27 23:48:14.0765 2952 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/27 23:48:15.0031 2952 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/27 23:48:15.0171 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/27 23:48:15.0640 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/27 23:48:16.0187 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/27 23:48:16.0359 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/27 23:48:17.0031 2952 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
2011/06/27 23:48:17.0312 2952 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/27 23:48:17.0937 2952 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/27 23:48:18.0343 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/27 23:48:18.0875 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/27 23:48:19.0250 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/27 23:48:19.0312 2952 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/27 23:48:19.0453 2952 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/27 23:48:19.0562 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/27 23:48:20.0031 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/27 23:48:20.0250 2952 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/27 23:48:20.0593 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/27 23:48:20.0796 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/27 23:48:20.0953 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/27 23:48:21.0171 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/27 23:48:21.0484 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/27 23:48:21.0687 2952 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/06/27 23:48:21.0843 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/27 23:48:22.0359 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/27 23:48:22.0578 2952 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/27 23:48:22.0734 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/27 23:48:22.0765 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/27 23:48:22.0890 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/27 23:48:23.0406 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/27 23:48:23.0562 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/27 23:48:24.0562 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/27 23:48:25.0031 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/27 23:48:25.0890 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/27 23:48:26.0171 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/27 23:48:26.0421 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/27 23:48:26.0562 2952 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/27 23:48:26.0718 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/27 23:48:26.0859 2952 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/27 23:48:27.0078 2952 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/27 23:48:27.0437 2952 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/27 23:48:27.0921 2952 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/27 23:48:28.0515 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/27 23:48:28.0578 2952 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/27 23:48:28.0609 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/27 23:48:28.0656 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/27 23:48:28.0734 2952 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/27 23:48:29.0328 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/27 23:48:29.0437 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/27 23:48:29.0500 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/27 23:48:29.0546 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/27 23:48:29.0640 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/27 23:48:29.0703 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/27 23:48:29.0750 2952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/27 23:48:29.0843 2952 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/27 23:48:29.0953 2952 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/27 23:48:30.0234 2952 s0017bus (6381d7fac6ce956f37aa76031939f8cc) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
2011/06/27 23:48:30.0312 2952 s0017mdfl (3a0b4fc02d9d79a4f7ee9c13e287c5eb) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
2011/06/27 23:48:30.0406 2952 s0017mdm (aa689c79d62caf565357520cae065f17) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
2011/06/27 23:48:30.0500 2952 s0017mgmt (547b1a09017a4c4ce6b535ba810523da) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
2011/06/27 23:48:30.0640 2952 s0017nd5 (6db4820821e819cf61546e1f991a298d) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
2011/06/27 23:48:30.0703 2952 s0017obex (d623bf6f04f7603ee1c4b59c737b69a7) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
2011/06/27 23:48:30.0812 2952 s0017unic (0c970a53fc43815e948628442f8983ad) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
2011/06/27 23:48:30.0968 2952 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/27 23:48:30.0968 2952 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/27 23:48:31.0109 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/27 23:48:31.0218 2952 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2011/06/27 23:48:31.0390 2952 SenFiltService (23228966244cdd9627bde4141b3be1f0) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/06/27 23:48:31.0515 2952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/27 23:48:31.0593 2952 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/27 23:48:31.0718 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/27 23:48:31.0859 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/27 23:48:31.0890 2952 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/27 23:48:32.0000 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/27 23:48:32.0078 2952 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/27 23:48:32.0140 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/27 23:48:32.0203 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/27 23:48:32.0375 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/27 23:48:32.0453 2952 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
2011/06/27 23:48:32.0546 2952 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
2011/06/27 23:48:32.0671 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/27 23:48:32.0750 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/27 23:48:32.0828 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/27 23:48:32.0921 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/27 23:48:33.0593 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/27 23:48:33.0687 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/27 23:48:33.0734 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/27 23:48:33.0781 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/27 23:48:33.0781 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/27 23:48:33.0796 2952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/27 23:48:33.0843 2952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/27 23:48:33.0875 2952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/27 23:48:33.0921 2952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/27 23:48:33.0968 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/27 23:48:34.0000 2952 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/27 23:48:34.0046 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/27 23:48:34.0093 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/27 23:48:34.0140 2952 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/27 23:48:34.0218 2952 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/27 23:48:34.0265 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/27 23:48:34.0328 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/27 23:48:34.0375 2952 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
2011/06/27 23:48:34.0468 2952 Boot (0x1200) (b36eaaae03ea66cf92153aa8e847e80c) \Device\Harddisk0\DR0\Partition0
2011/06/27 23:48:34.0468 2952 ================================================================================
2011/06/27 23:48:34.0468 2952 Scan finished
2011/06/27 23:48:34.0468 2952 ================================================================================
2011/06/27 23:48:34.0468 2924 Detected object count: 0
2011/06/27 23:48:34.0468 2924 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users