Jump to content

nick2124

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I don't know the contests of the BSOD and I couldn't find the dump file, the folder where it should be 'memorydumps' is empty. I'll keep you posted incase any BSODs/redirects return. If you don't hear from me in 2 weeks then all is well. ty.
  2. by the way I ran ESET antivirus and TDDKILLER and my computer seems much better, haven't had a single page redirect in about 48 hours, but I can't be 100% confident I'm safe just yet.
  3. I tried but I got a BSOD. apparently I'm not the only one. http://www.google.com.au/search?q=combo+fix+bsod&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
  4. 2011/02/24 17:31:53.0938 5640 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08 2011/02/24 17:31:54.0874 5640 ================================================================================ 2011/02/24 17:31:54.0874 5640 SystemInfo: 2011/02/24 17:31:54.0874 5640 2011/02/24 17:31:54.0874 5640 OS Version: 6.1.7600 ServicePack: 0.0 2011/02/24 17:31:54.0874 5640 Product type: Workstation 2011/02/24 17:31:54.0875 5640 ComputerName: ASDASD-PC 2011/02/24 17:31:54.0875 5640 UserName: asdasd 2011/02/24 17:31:54.0875 5640 Windows directory: C:\Windows 2011/02/24 17:31:54.0875 5640 System windows directory: C:\Windows 2011/02/24 17:31:54.0875 5640 Processor architecture: Intel x86 2011/02/24 17:31:54.0875 5640 Number of processors: 4 2011/02/24 17:31:54.0875 5640 Page size: 0x1000 2011/02/24 17:31:54.0875 5640 Boot type: Normal boot 2011/02/24 17:31:54.0875 5640 ================================================================================ 2011/02/24 17:31:58.0047 5640 Initialize success 2011/02/24 17:32:03.0563 3456 ================================================================================ 2011/02/24 17:32:03.0563 3456 Scan started 2011/02/24 17:32:03.0563 3456 Mode: Manual; 2011/02/24 17:32:03.0563 3456 ================================================================================ 2011/02/24 17:32:04.0820 3456 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/02/24 17:32:04.0956 3456 16457101 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\16457101.sys 2011/02/24 17:32:05.0180 3456 16457102 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\16457102.sys 2011/02/24 17:32:05.0548 3456 90995881 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\90995881.sys 2011/02/24 17:32:05.0589 3456 90995882 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\90995882.sys 2011/02/24 17:32:05.0632 3456 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/02/24 17:32:05.0659 3456 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/02/24 17:32:05.0684 3456 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/02/24 17:32:05.0711 3456 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/02/24 17:32:05.0723 3456 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/02/24 17:32:05.0769 3456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/02/24 17:32:05.0820 3456 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/02/24 17:32:05.0841 3456 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/02/24 17:32:05.0902 3456 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/02/24 17:32:05.0953 3456 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/02/24 17:32:05.0964 3456 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/02/24 17:32:05.0977 3456 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/02/24 17:32:06.0133 3456 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/02/24 17:32:06.0307 3456 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/02/24 17:32:06.0329 3456 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/02/24 17:32:06.0352 3456 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/02/24 17:32:06.0368 3456 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/02/24 17:32:06.0391 3456 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/02/24 17:32:06.0420 3456 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/02/24 17:32:06.0463 3456 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys 2011/02/24 17:32:06.0470 3456 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys 2011/02/24 17:32:06.0495 3456 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/02/24 17:32:06.0513 3456 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/02/24 17:32:06.0540 3456 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys 2011/02/24 17:32:06.0558 3456 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys 2011/02/24 17:32:06.0584 3456 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/24 17:32:06.0632 3456 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/02/24 17:32:06.0667 3456 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys 2011/02/24 17:32:06.0693 3456 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2011/02/24 17:32:06.0774 3456 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/02/24 17:32:06.0803 3456 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/02/24 17:32:06.0838 3456 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/02/24 17:32:06.0869 3456 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/02/24 17:32:06.0905 3456 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/02/24 17:32:06.0929 3456 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/02/24 17:32:06.0955 3456 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/24 17:32:06.0966 3456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/02/24 17:32:06.0980 3456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/02/24 17:32:06.0995 3456 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/02/24 17:32:07.0013 3456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/02/24 17:32:07.0024 3456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/02/24 17:32:07.0036 3456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/02/24 17:32:07.0053 3456 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/02/24 17:32:07.0232 3456 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/24 17:32:07.0255 3456 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/24 17:32:07.0270 3456 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/02/24 17:32:07.0318 3456 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/02/24 17:32:07.0337 3456 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/24 17:32:07.0350 3456 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/02/24 17:32:07.0376 3456 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/02/24 17:32:07.0400 3456 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/24 17:32:07.0418 3456 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/02/24 17:32:07.0531 3456 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys 2011/02/24 17:32:07.0542 3456 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/02/24 17:32:07.0586 3456 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/02/24 17:32:07.0648 3456 CYUSB (ec0cc1aa9abfe9a32daa66832cb06271) C:\Windows\system32\Drivers\CYUSB.sys 2011/02/24 17:32:07.0700 3456 danewFltr (92a16df81f6cfeebf93204217c38dae0) C:\Windows\system32\drivers\danew.sys 2011/02/24 17:32:07.0750 3456 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/02/24 17:32:07.0772 3456 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/02/24 17:32:07.0790 3456 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/02/24 17:32:07.0848 3456 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/02/24 17:32:07.0903 3456 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/24 17:32:07.0932 3456 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/02/24 17:32:08.0000 3456 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/02/24 17:32:08.0147 3456 EIO (42584ec72495f4da1704123a20ac1012) C:\Windows\system32\DRIVERS\EIO.sys 2011/02/24 17:32:08.0194 3456 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/02/24 17:32:08.0210 3456 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/02/24 17:32:08.0249 3456 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/02/24 17:32:08.0269 3456 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/02/24 17:32:08.0284 3456 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/24 17:32:08.0308 3456 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/02/24 17:32:08.0335 3456 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/02/24 17:32:08.0345 3456 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/24 17:32:08.0372 3456 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/02/24 17:32:08.0396 3456 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/02/24 17:32:08.0407 3456 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/24 17:32:08.0432 3456 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys 2011/02/24 17:32:08.0444 3456 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/02/24 17:32:08.0459 3456 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/02/24 17:32:08.0487 3456 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/02/24 17:32:08.0521 3456 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/24 17:32:08.0533 3456 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/02/24 17:32:08.0545 3456 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/02/24 17:32:08.0561 3456 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/02/24 17:32:08.0575 3456 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/24 17:32:08.0602 3456 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/02/24 17:32:08.0627 3456 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/02/24 17:32:08.0658 3456 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/02/24 17:32:08.0669 3456 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/24 17:32:08.0697 3456 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/02/24 17:32:08.0802 3456 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/02/24 17:32:08.0827 3456 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/02/24 17:32:08.0843 3456 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/24 17:32:08.0868 3456 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/24 17:32:08.0893 3456 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/02/24 17:32:08.0918 3456 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/02/24 17:32:08.0929 3456 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/02/24 17:32:08.0942 3456 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/02/24 17:32:08.0955 3456 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/24 17:32:08.0967 3456 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/24 17:32:08.0982 3456 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/02/24 17:32:09.0010 3456 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/24 17:32:09.0040 3456 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/02/24 17:32:09.0175 3456 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/02/24 17:32:09.0219 3456 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 2011/02/24 17:32:09.0255 3456 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/02/24 17:32:09.0284 3456 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/24 17:32:09.0315 3456 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/02/24 17:32:09.0334 3456 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/02/24 17:32:09.0346 3456 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/02/24 17:32:09.0362 3456 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/02/24 17:32:09.0377 3456 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/02/24 17:32:09.0400 3456 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys 2011/02/24 17:32:09.0429 3456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/02/24 17:32:09.0454 3456 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/02/24 17:32:09.0473 3456 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/02/24 17:32:09.0495 3456 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/24 17:32:09.0519 3456 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/24 17:32:09.0530 3456 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/24 17:32:09.0543 3456 mountmgr (0a1646a5e52d04c0b6392c33bc4bc9ca) C:\Windows\system32\drivers\mountmgr.sys 2011/02/24 17:32:09.0543 3456 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: 0a1646a5e52d04c0b6392c33bc4bc9ca, Fake md5: 921c18727c5920d6c0300736646931c2 2011/02/24 17:32:09.0548 3456 mountmgr - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/02/24 17:32:09.0572 3456 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/02/24 17:32:09.0584 3456 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/24 17:32:09.0600 3456 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/02/24 17:32:09.0626 3456 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/24 17:32:09.0650 3456 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/24 17:32:09.0677 3456 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/24 17:32:09.0700 3456 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/02/24 17:32:09.0712 3456 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/02/24 17:32:09.0732 3456 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/02/24 17:32:09.0747 3456 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/02/24 17:32:09.0757 3456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/02/24 17:32:09.0785 3456 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/24 17:32:09.0797 3456 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/24 17:32:09.0810 3456 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/02/24 17:32:09.0837 3456 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/02/24 17:32:09.0852 3456 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/24 17:32:09.0865 3456 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/02/24 17:32:09.0877 3456 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/02/24 17:32:09.0924 3456 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/02/24 17:32:09.0957 3456 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/02/24 17:32:10.0008 3456 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/24 17:32:10.0513 3456 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/02/24 17:32:10.0553 3456 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/02/24 17:32:10.0595 3456 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/24 17:32:10.0609 3456 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/24 17:32:10.0632 3456 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/24 17:32:10.0655 3456 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/02/24 17:32:10.0691 3456 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/24 17:32:10.0709 3456 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/24 17:32:10.0733 3456 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/02/24 17:32:10.0757 3456 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/02/24 17:32:10.0780 3456 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/24 17:32:10.0824 3456 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/02/24 17:32:10.0863 3456 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/02/24 17:32:10.0916 3456 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys 2011/02/24 17:32:10.0969 3456 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys 2011/02/24 17:32:10.0994 3456 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/02/24 17:32:11.0014 3456 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/02/24 17:32:11.0034 3456 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys 2011/02/24 17:32:11.0059 3456 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/02/24 17:32:11.0082 3456 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/24 17:32:11.0139 3456 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/02/24 17:32:11.0164 3456 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/02/24 17:32:11.0178 3456 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/02/24 17:32:11.0226 3456 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/02/24 17:32:11.0249 3456 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/02/24 17:32:11.0291 3456 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/02/24 17:32:11.0363 3456 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 2011/02/24 17:32:11.0415 3456 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/02/24 17:32:11.0457 3456 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/02/24 17:32:11.0536 3456 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/24 17:32:11.0601 3456 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/02/24 17:32:11.0698 3456 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/24 17:32:11.0799 3456 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/02/24 17:32:11.0855 3456 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/02/24 17:32:11.0914 3456 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/24 17:32:11.0929 3456 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/24 17:32:11.0999 3456 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/02/24 17:32:12.0036 3456 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/24 17:32:12.0055 3456 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/24 17:32:12.0078 3456 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/24 17:32:12.0212 3456 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/24 17:32:12.0320 3456 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/02/24 17:32:12.0419 3456 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/24 17:32:12.0546 3456 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/02/24 17:32:12.0645 3456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/24 17:32:12.0776 3456 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/02/24 17:32:12.0937 3456 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/02/24 17:32:13.0090 3456 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/02/24 17:32:13.0232 3456 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/24 17:32:13.0271 3456 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/02/24 17:32:13.0544 3456 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/02/24 17:32:13.0625 3456 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/02/24 17:32:14.0015 3456 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/02/24 17:32:14.0300 3456 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/02/24 17:32:14.0410 3456 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/02/24 17:32:14.0475 3456 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/02/24 17:32:14.0495 3456 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/02/24 17:32:14.0518 3456 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/02/24 17:32:14.0583 3456 setup_9.0.0.722_14.02.2011_00-12drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\Windows\system32\DRIVERS\9099588.sys 2011/02/24 17:32:14.0624 3456 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/02/24 17:32:14.0642 3456 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/02/24 17:32:14.0663 3456 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/02/24 17:32:14.0674 3456 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/02/24 17:32:14.0783 3456 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/02/24 17:32:14.0842 3456 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/02/24 17:32:14.0890 3456 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/02/24 17:32:14.0922 3456 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/02/24 17:32:14.0951 3456 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/02/24 17:32:15.0084 3456 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/02/24 17:32:15.0084 3456 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/02/24 17:32:15.0099 3456 sptd - detected Locked file (1) 2011/02/24 17:32:15.0248 3456 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys 2011/02/24 17:32:15.0271 3456 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/24 17:32:15.0295 3456 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/24 17:32:15.0337 3456 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/02/24 17:32:15.0360 3456 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/02/24 17:32:15.0386 3456 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/02/24 17:32:15.0398 3456 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/02/24 17:32:15.0417 3456 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/24 17:32:15.0471 3456 Tcpip (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\drivers\tcpip.sys 2011/02/24 17:32:15.0566 3456 TCPIP6 (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/24 17:32:15.0691 3456 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/24 17:32:15.0722 3456 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/02/24 17:32:15.0749 3456 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/02/24 17:32:15.0767 3456 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/24 17:32:15.0792 3456 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/24 17:32:15.0821 3456 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/24 17:32:15.0836 3456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/24 17:32:15.0869 3456 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/02/24 17:32:15.0886 3456 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/24 17:32:15.0915 3456 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/02/24 17:32:15.0936 3456 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/24 17:32:15.0948 3456 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/02/24 17:32:15.0971 3456 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/24 17:32:15.0986 3456 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/02/24 17:32:16.0004 3456 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/24 17:32:16.0029 3456 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/24 17:32:16.0043 3456 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/02/24 17:32:16.0070 3456 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/24 17:32:16.0104 3456 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/24 17:32:16.0153 3456 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/24 17:32:16.0287 3456 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys 2011/02/24 17:32:16.0367 3456 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/02/24 17:32:16.0386 3456 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/24 17:32:16.0406 3456 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/02/24 17:32:16.0429 3456 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/02/24 17:32:16.0471 3456 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\Windows\system32\DRIVERS\vHidDev.sys 2011/02/24 17:32:16.0485 3456 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/02/24 17:32:16.0506 3456 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/02/24 17:32:16.0571 3456 VIAHdAudAddService (0f0c96a570ab2b0164e04ab22cc8676a) C:\Windows\system32\drivers\viahduaa.sys 2011/02/24 17:32:16.0607 3456 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/02/24 17:32:16.0633 3456 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/02/24 17:32:16.0647 3456 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/02/24 17:32:16.0660 3456 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/02/24 17:32:16.0681 3456 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/02/24 17:32:16.0725 3456 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/02/24 17:32:16.0800 3456 Vsdatant (e7aba26a028a78c1aa759bb794f6e9ee) C:\Windows\system32\DRIVERS\vsdatant.sys 2011/02/24 17:32:16.0852 3456 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/02/24 17:32:16.0872 3456 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/02/24 17:32:16.0900 3456 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/02/24 17:32:16.0937 3456 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/24 17:32:16.0945 3456 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/24 17:32:16.0970 3456 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/02/24 17:32:16.0999 3456 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/24 17:32:17.0038 3456 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/02/24 17:32:17.0050 3456 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/02/24 17:32:17.0105 3456 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/02/24 17:32:17.0186 3456 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/02/24 17:32:17.0240 3456 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/24 17:32:17.0275 3456 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/02/24 17:32:17.0320 3456 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/24 17:32:17.0357 3456 ================================================================================ 2011/02/24 17:32:17.0357 3456 Scan finished 2011/02/24 17:32:17.0357 3456 ================================================================================ 2011/02/24 17:32:17.0365 1372 Detected object count: 2 2011/02/24 17:32:35.0292 1372 mountmgr (0a1646a5e52d04c0b6392c33bc4bc9ca) C:\Windows\system32\drivers\mountmgr.sys 2011/02/24 17:32:35.0294 1372 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: 0a1646a5e52d04c0b6392c33bc4bc9ca, Fake md5: 921c18727c5920d6c0300736646931c2 2011/02/24 17:32:35.0446 1372 Backup copy found, using it.. 2011/02/24 17:32:35.0455 1372 C:\Windows\system32\drivers\mountmgr.sys - will be cured after reboot 2011/02/24 17:32:35.0455 1372 Rootkit.Win32.TDSS.tdl3(mountmgr) - User select action: Cure 2011/02/24 17:32:35.0511 1372 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/02/24 17:32:35.0563 1372 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot 2011/02/24 17:32:35.0572 1372 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted after reboot 2011/02/24 17:32:35.0631 1372 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/02/24 17:32:35.0631 1372 Locked file(sptd) - User select action: Delete
  5. ok, thanks for that clarification screen317. I also posted a question in my 'spyware - help' thread, I'd be grateful for any assistance you can provide.
  6. I just ran super antispyware free edition and found: Trojan.dropper/Sys-NV Adware.Tracking.cookie (4 of them were found!) This might explain why I'm getting annoying page redirects, I just feel a bit disappointed that malwarebytes didn't find anything at all (especially as I paid for the full version).
  7. ok, all are uninstalled, do you need me to repost the same logs?
  8. I told in my opening post that I had been using torrents, are u now telling me your not going to help because of torrents? I'll uninstall utorrent/bitcomet now.
  9. dds log 2 attached (wouldn't allow me to post directly.) dds2.txt
  10. Sorry, don't know what happened to the rest of my post. Logs: malware + DDS 1 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5863 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24-Feb-11 2:28:11 PM mbam-log-2011-02-24 (14-28-11).txt Scan type: Quick scan Objects scanned: 146291 Time elapsed: 5 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------- DDS (Ver_10-12-12.02) - NTFSx86 Run by asdasd at 14:37:20.92 on 24-Feb-11 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.919 [GMT 10:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\IObit\Game Booster\GameBox.exe C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\DllHost.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\notepad.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Tencent\QQIntl\Bin\QQ.exe C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe C:\Program Files\uTorrent\uTorrent.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files\MPC HomeCinema\mpc-hc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\asdasd\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.maxiwe.com mDefault_Page_URL = hxxp://www.maxiwe.com mStart Page = hxxp://www.maxiwe.com mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm IE: Assign &hot key - c:\program files\hot keyboard pro\IEScript.htm IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000 IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\asdasd\appdata\roaming\mozilla\firefox\profiles\o1g8m7f0.default\ FF - component: c:\users\asdasd\appdata\roaming\mozilla\firefox\profiles\o1g8m7f0.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} ============= SERVICES / DRIVERS =============== R0 16457102;16457102 Boot Guard Driver;c:\windows\system32\drivers\16457102.sys [2011-2-14 37392] R0 90995882;90995882 Boot Guard Driver;c:\windows\system32\drivers\90995882.sys [2011-2-14 37392] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-14 64512] R1 16457101;16457101;c:\windows\system32\drivers\16457101.sys [2011-2-14 128016] R1 90995881;90995881;c:\windows\system32\drivers\90995881.sys [2011-2-14 128016] R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-6 11448] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656] R1 setup_9.0.0.722_14.02.2011_00-12drv;setup_9.0.0.722_14.02.2011_00-12drv;c:\windows\system32\drivers\9099588.sys [2011-2-14 315408] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-14 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-14 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-14 61960] R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-31 21992] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-14 1153368] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-12-23 9856] R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-12-23 5760] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-1 1143920] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-12-23 39936] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-14 20952] S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128] S4 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-16 90112] S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?] S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-14 363344] =============== File Associations =============== txtfile=c:\windows\notepad.exe %1 =============== Created Last 30 ================ 2011-02-24 02:19:37 -------- d-----w- c:\users\asdasd\appdata\local\Thunderbird 2011-02-24 02:00:28 -------- d-----w- c:\users\asdasd\appdata\local\Windows Live 2011-02-23 20:20:50 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP 2011-02-21 07:17:28 -------- d-----w- c:\program files\SQUARE ENIX - Eidos Interactive 2011-02-21 00:05:57 73728 ----a-w- c:\windows\system32\DeathAdder.cpl 2011-02-19 23:41:13 -------- d-----w- C:\d drive 2011-02-15 23:56:50 -------- d-----w- c:\users\asdasd\appdata\local\Google 2011-02-15 00:04:14 -------- d-----w- C:\MGtools 2011-02-14 23:42:14 -------- d-s---w- C:\ComboFix 2011-02-14 23:27:37 98816 ----a-w- c:\windows\sed.exe 2011-02-14 23:27:37 89088 ----a-w- c:\windows\MBR.exe 2011-02-14 23:27:37 256512 ----a-w- c:\windows\PEV.exe 2011-02-14 23:27:37 161792 ----a-w- c:\windows\SWREG.exe 2011-02-14 23:25:05 4268422 ----a-r- C:\ComboFix.exe 2011-02-14 08:32:27 -------- d-----w- c:\program files\Time Stopper 2011-02-14 08:04:12 106496 ----a-r- c:\users\asdasd\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe 2011-02-14 08:04:11 106496 ----a-r- c:\users\asdasd\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe 2011-02-14 08:03:50 -------- d-----w- c:\program files\Tencent 2011-02-14 07:51:21 -------- d-----w- c:\program files\Duty Calls 2011-02-14 07:49:50 -------- d-----w- c:\program files\COMODO 2011-02-14 06:58:24 -------- d-----w- c:\program files\efs 2011-02-14 05:11:02 -------- d-----w- c:\progra~2\Comodo 2011-02-14 04:53:02 -------- d-----w- c:\users\asdasd\appdata\local\Eraser 6 2011-02-14 03:55:48 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-14 03:55:48 -------- d-----w- c:\progra~2\Spybot - Search & Destroy 2011-02-14 03:44:19 487479 ----a-w- c:\windows\system32\SkinMagic.dll 2011-02-14 03:44:18 -------- d-----w- c:\program files\Smallvideosoft 2011-02-14 03:11:55 -------- d-----w- c:\windows\dump 2011-02-14 02:28:20 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files 2011-02-14 02:21:01 -------- d-----w- c:\users\asdasd\appdata\roaming\Avira 2011-02-14 02:13:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-14 02:13:04 -------- d-----w- c:\program files\Avira 2011-02-14 02:13:04 -------- d-----w- c:\progra~2\Avira 2011-02-14 00:11:25 -------- d-----w- c:\program files\CCleaner 2011-02-13 23:42:43 37392 ----a-w- c:\windows\system32\drivers\90995882.sys 2011-02-13 23:42:43 315408 ----a-w- c:\windows\system32\drivers\9099588.sys 2011-02-13 23:42:43 128016 ----a-w- c:\windows\system32\drivers\90995881.sys 2011-02-13 23:42:12 -------- d-----w- c:\program files\Eraser 2011-02-13 23:38:01 37392 ----a-w- c:\windows\system32\drivers\16457102.sys 2011-02-13 23:38:01 311312 ----a-w- c:\windows\system32\drivers\1645710.sys 2011-02-13 23:38:01 128016 ----a-w- c:\windows\system32\drivers\16457101.sys 2011-02-13 23:32:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-02-13 23:30:23 37392 ----a-w- c:\windows\system32\drivers\72592152.sys 2011-02-13 23:30:23 311312 ----a-w- c:\windows\system32\drivers\7259215.sys 2011-02-13 23:30:23 128016 ----a-w- c:\windows\system32\drivers\72592151.sys 2011-02-13 22:40:38 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-02-13 22:40:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-02-13 22:36:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-13 22:36:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-13 22:36:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-13 22:32:16 -------- d-----w- c:\users\asdasd\appdata\local\Sunbelt Software 2011-02-13 22:31:47 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-02-13 22:31:42 -------- d-----w- c:\program files\Lavasoft 2011-02-13 22:12:51 465496 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2011-02-13 22:12:51 -------- d-----w- c:\windows\system32\ZoneLabs 2011-02-13 22:12:50 -------- d-----w- c:\program files\Zone Labs 2011-02-13 16:28:11 -------- d-----w- c:\users\asdasd\appdata\roaming\SUPERAntiSpyware.com 2011-02-13 16:28:11 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com 2011-02-13 16:27:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-02-13 16:15:29 -------- d-----w- c:\progra~2\Alwil Software 2011-02-13 15:04:50 -------- d-----w- c:\windows\SysWOW64 2011-02-13 14:33:19 -------- d-----w- c:\windows\Replay Video Capture 2011-02-13 14:33:18 -------- d-----w- c:\program files\Replay Video Capture 2011-02-13 14:33:17 -------- d-----w- c:\users\asdasd\appdata\local\Jaksta_Technologies_Pty_L 2011-02-13 14:30:25 -------- d-----w- c:\users\asdasd\appdata\roaming\Replay Media Catcher 4 2011-02-13 14:28:06 -------- d-----w- c:\windows\Applian Director 2011-02-13 14:17:45 -------- d-----w- C:\flvrecorder 2011-02-10 22:03:20 -------- d-----w- c:\users\asdasd\appdata\local\CrashRpt 2011-02-09 23:31:04 -------- d-----w- c:\windows\Internet Logs 2011-02-09 01:18:49 -------- d-----w- c:\windows\system32\appmgmt 2011-02-09 01:10:04 -------- d-----w- c:\users\asdasd\appdata\roaming\CheckPoint 2011-02-09 01:03:46 -------- d-----w- c:\program files\CheckPoint 2011-02-09 01:00:36 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2011-02-09 01:00:36 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-02-09 00:58:52 -------- d-----w- c:\progra~2\CheckPoint 2011-02-08 10:53:17 -------- d-----w- c:\users\asdasd\appdata\roaming\TS3Client 2011-02-03 08:33:05 -------- d-----w- c:\program files\Microsoft XNA 2011-01-31 01:50:13 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys 2011-01-31 01:50:12 -------- d-----w- c:\program files\CPUID 2011-01-31 01:39:45 705536 ----a-w- c:\windows\system32\cohelper.dll 2011-01-31 01:39:45 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin 2011-01-31 01:39:24 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2011-01-31 01:39:04 -------- d-----w- C:\NVIDIA 2011-01-28 00:36:03 -------- d-----w- C:\bios1 2011-01-28 00:06:35 -------- dc----w- c:\windows\system32\memcards 2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\sstates 2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\snaps 2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\logs 2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\inis 2011-01-27 23:59:19 -------- d-----w- C:\bios 2011-01-26 00:43:33 -------- d-----w- c:\program files\common files\ATI Technologies 2011-01-26 00:25:35 -------- d-----w- c:\program files\TeamSpeak 3 Client 2011-01-25 23:43:57 -------- d-----w- c:\program files\Pcsx2 ==================== Find3M ==================== 2011-02-14 08:03:41 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll 2011-01-12 21:31:38 709456 ----a-w- c:\windows\isRS-000.tmp 2011-01-01 03:32:00 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-01 03:32:00 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-24 07:45:52 86016 ----a-w- c:\windows\system32\frapsvid.dll =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8735FEC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88324872; SUB DWORD [EBP-0x4], 0x8832412e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x83878448] -> \Device\Harddisk0\DR0[0x87701670] 3 CLASSPNP[0x8C4E359E] -> ntkrnlpa!IofCallDriver[0x83878448] -> [0x87303AE0] 5 ACPI[0x8452E3B2] -> ntkrnlpa!IofCallDriver[0x83878448] -> \00000076[0x872CF030] [0x87F70030] -> IRP_MJ_CREATE -> 0x8735FEC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 14:38:35.72 ===============
  11. GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-24 14:21:18 Windows 6.1.7600 Running: d339mh97.exe; Driver: C:\Users\asdasd\AppData\Local\Temp\kwryqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8387F5C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838A4052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\sprs.sys The system cannot find the path specified. ! .text USBPORT.SYS!DllUnload 929D3CA0 5 Bytes JMP 882091D8 .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93236000, 0x3617E0, 0xE8000020] .text aqldfm3o.SYS 91FB5000 12 Bytes [44, A8, 80, 83, EE, A6, 80, ...] .text aqldfm3o.SYS 91FB500D 9 Bytes [87, 80, 83, 48, AB, 80, 83, ...] {XCHG [EAX-0x7f54b77d], EAX; ADD DWORD [EAX], 0x0} .text aqldfm3o.SYS 91FB5017 95 Bytes [00, DE, 17, 50, 84, E6, 15, ...] .text aqldfm3o.SYS 91FB5077 63 Bytes [83, DA, 30, 95, 83, FB, 84, ...] .text aqldfm3o.SYS 91FB50B7 10 Bytes [83, 80, 63, 8A, 83, 40, AB, ...] .text ... .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9B74B300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9B797300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1268] USER32.dll!TrackPopupMenu 75D64B3B 5 Bytes JMP 66972342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!LockResource 759F345C 5 Bytes JMP 2806C9C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!CreateEventA 759F3A2B 5 Bytes JMP 2806C2E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceW 759F922F 5 Bytes JMP 2806C680 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!SizeofResource 759F924D 5 Bytes JMP 2806C950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceExW 759FA7EF 5 Bytes JMP 2806C700 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!LoadResource 759FD3B0 5 Bytes JMP 2806C8A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceExA 759FD4AD 7 Bytes JMP 2806C810 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceA 759FD575 5 Bytes JMP 2806C780 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ADVAPI32.dll!CryptDecrypt 77332140 5 Bytes JMP 2806BE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ADVAPI32.dll!CryptDeriveKey 77332150 5 Bytes JMP 2806BDF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!SetWindowPlacement 75D38169 5 Bytes JMP 2806FDC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!CreateDialogParamW 75D39BFF 5 Bytes JMP 2806FF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!SetWindowRgn 75D3B29A 4 Bytes JMP 2806FE60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!SetWindowRgn + 5 75D3B29F 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!CreateWindowExW 75D40E51 5 Bytes JMP 2806DDE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!LoadIconW 75D41431 5 Bytes JMP 28070720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!LoadImageW 75D42323 5 Bytes JMP 280705A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!GetWindowLongW 75D483A9 7 Bytes JMP 28070850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!PeekMessageW 75D491B5 5 Bytes JMP 2806E850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!TrackPopupMenuEx 75D65F72 1 Byte [E9] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!TrackPopupMenuEx 75D65F72 5 Bytes JMP 2806EED0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!MessageBoxIndirectW 75D8E9C3 5 Bytes JMP 28070140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!closesocket 772A3BED 5 Bytes JMP 28074C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!recv 772A47DF 5 Bytes JMP 28074640 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!WSASend 772A68A7 5 Bytes JMP 28074A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!WSARecv 772AC29F 5 Bytes JMP 28074770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!send 772AC4C8 5 Bytes JMP 28074920 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] SHELL32.dll!Shell_NotifyIconW 7642FBA1 5 Bytes JMP 2806D550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ole32.dll!CoRegisterClassObject 757211F5 5 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ole32.dll!CoInitializeEx 75750804 5 Bytes JMP 2806CC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ole32.dll!CoCreateInstance 757657FC 5 Bytes JMP 2806CFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!InternetCloseHandle 7707C87E 5 Bytes JMP 28073A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!InternetReadFile 7707E2A4 5 Bytes JMP 280738C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!HttpOpenRequestA 7708043A 5 Bytes JMP 28073760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!HttpSendRequestA 770F011C 5 Bytes JMP 28073960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] kernel32.dll!SetUnhandledExceptionFilter 75A03162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] GDI32.dll!CreateFontIndirectW 75E0A3FD 5 Bytes JMP 3087F180 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] GDI32.dll!CreateFontW 75E0C4CF 5 Bytes JMP 3087F120 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!InvalidateRgn 75D38099 5 Bytes JMP 30854D60 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetScrollRange 75D3AE3C 5 Bytes JMP 3094E350 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetUpdateRect 75D3C265 5 Bytes JMP 30854A90 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!DestroyWindow 75D3D5EF 5 Bytes JMP 30854B20 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!CreateWindowExW 75D40E51 5 Bytes JMP 30853BD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ShowWindow 75D4147A 5 Bytes JMP 30853AA0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetWindowPos 75D43581 5 Bytes JMP 30853B00 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetScrollInfo 75D45151 7 Bytes JMP 3094E220 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetWindowLongW 75D46614 5 Bytes JMP 30853B70 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetScrollInfo 75D46632 7 Bytes JMP 3094E2D0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!BeginPaint 75D47B87 5 Bytes JMP 30854AD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!InvalidateRect 75D47BC9 5 Bytes JMP 30854D20 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ValidateRect 75D60D28 5 Bytes JMP 30853DD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetScrollRange 75D61B6C 5 Bytes JMP 3094E290 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetScrollPos 75D61BD0 5 Bytes JMP 3094E310 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetScrollPos 75D6252B 5 Bytes JMP 3094E260 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!EnableScrollBar 75D6386D 7 Bytes JMP 3094E1E0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ValidateRgn 75D63D4C 5 Bytes JMP 30853DE0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ShowScrollBar 75D65785 5 Bytes JMP 3094E3A0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] ADVAPI32.dll!RegOpenKeyExA 7730BC0D 5 Bytes JMP 3090A9A0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] ADVAPI32.dll!RegOpenKeyExW 7730BEC4 5 Bytes JMP 30901B10 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent) .text C:\Program Files\Mozilla Firefox\firefox.exe[3968] ntdll.dll!LdrLoadDll 771BF585 5 Bytes JMP 002813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [84405042] \SystemRoot\System32\Drivers\sprs.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [844056D6] \SystemRoot\System32\Drivers\sprs.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [84405800] \SystemRoot\System32\Drivers\sprs.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8440513E] \SystemRoot\System32\Drivers\sprs.sys IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 865A31F8 Device \Driver\volmgr \Device\VolMgrControl 8659D1F8 Device \Driver\usbohci \Device\USBPDO-0 882051F8 Device \Driver\usbehci \Device\USBPDO-1 881E31F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{6645178F-CC8F-4C1F-B520-0E5B7933485D} 87F9C1F8 AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) Device \Driver\sptd \Device\1975426848 sprs.sys Device \Driver\volmgr \Device\HarddiskVolume1 8659D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 8659D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 87FAA1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8659D1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom1 87FAA1F8 Device \Driver\atapi \Device\Ide\IdePort0 8659F1F8 Device \Driver\atapi \Device\Ide\IdePort1 8659F1F8 Device \Driver\PCI_PNP2848 \Device\00000067 sprs.sys Device \Driver\cdrom \Device\CdRom2 87FAA1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 87F9C1F8 Device \Driver\nvstor32 -> DriverStartIo \Device\00000078 8735FAEA Device \Driver\nvstor32 \Device\00000078 865A11F8 Device \Driver\nvstor32 -> DriverStartIo \Device\RaidPort0 8735FAEA Device \Driver\nvstor32 \Device\RaidPort0 865A11F8 Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\nvstor32 -> DriverStartIo \Device\RaidPort1 8735FAEA Device \Driver\nvstor32 \Device\RaidPort1 865A11F8 Device \Driver\usbohci \Device\USBFDO-0 882051F8 Device \Driver\usbehci \Device\USBFDO-1 881E31F8 Device \Driver\aqldfm3o \Device\Scsi\aqldfm3o1Port4Path0Target1Lun0 882B01F8 Device \Driver\aqldfm3o \Device\Scsi\aqldfm3o1Port4Path0Target0Lun0 882B01F8 Device \Driver\aqldfm3o \Device\Scsi\aqldfm3o1 882B01F8 Device \Device\00000076 -> \??\SCSI#Disk&Ven_WDC_WD10&Prod_EARS-00Y5B1#4&2cf640f2&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9D 0xF6 0x22 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0x80 0xD1 0x70 ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x80 0xD2 0x0A ... Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8F 0xC7 0x67 0xA9 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9D 0xF6 0x22 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0x80 0xD1 0x70 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0A 0xAA 0xD1 0x79 ... Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8F 0xC7 0x67 0xA9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9D 0xF6 0x22 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0x80 0xD1 0x70 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x80 0xD2 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8F 0xC7 0x67 0xA9 ... ---- Files - GMER 1.0.15 ---- File C:\Users\asdasd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G8GQLYX\videoByTag[2].aspx 0 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\52703.52284.qm%40web35311.mail.mud.yahoo.com.wdseml 1312 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\BAY101-W202D3D83C93A3BF6038F3AA6A90%40phx.gbl.wdseml 507 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\BAY101-W25C14B4E183A51BF8CFAF4A6A90%40phx.gbl.wdseml 510 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\BAY101-W73E658A6EA8DEA229967BA6AD0%40phx.gbl.wdseml 522 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\zPOb37VYi000aedd8%40bay0-omc3-s3.bay0.hotmail.com.wdseml 518 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\079d3e78824d3849e4a6bc2364533598%40www.eslcafe.com.wdseml 1055 bytes File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\200710031242.e306c5421712%40forum.notebookreview.com.wdseml 1323 bytes ---- EOF - GMER 1.0.15 ----
  12. on a side note, I have avira as my anti virus.
  13. Ok, I'm experiencing annoying google page redirects, occasional sluggish performance and even the occasional BSOD! I admit I was an idiot for downloading some .exe torrents which has caused all this. Here a quick scan log, please advise. ps. I'm using the paid version of malware. -------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5862 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 24-Feb-11 1:08:13 PM mbam-log-2011-02-24 (13-08-13).txt Scan type: Quick scan Objects scanned: 146164 Time elapsed: 10 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.