nick2124

Spyware - help!

18 posts in this topic

Ok, I'm experiencing annoying google page redirects, occasional sluggish performance and even the occasional BSOD!

I admit I was an idiot for downloading some .exe torrents which has caused all this.

Here a quick scan log, please advise.

ps. I'm using the paid version of malware.

--------------------

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5862

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

24-Feb-11 1:08:13 PM

mbam-log-2011-02-24 (13-08-13).txt

Scan type: Quick scan

Objects scanned: 146164

Time elapsed: 10 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Share this post


Link to post
Share on other sites

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-02-24 14:21:18

Windows 6.1.7600

Running: d339mh97.exe; Driver: C:\Users\asdasd\AppData\Local\Temp\kwryqpow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8387F5C9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838A4052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? System32\Drivers\sprs.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 929D3CA0 5 Bytes JMP 882091D8

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93236000, 0x3617E0, 0xE8000020]

.text aqldfm3o.SYS 91FB5000 12 Bytes [44, A8, 80, 83, EE, A6, 80, ...]

.text aqldfm3o.SYS 91FB500D 9 Bytes [87, 80, 83, 48, AB, 80, 83, ...] {XCHG [EAX-0x7f54b77d], EAX; ADD DWORD [EAX], 0x0}

.text aqldfm3o.SYS 91FB5017 95 Bytes [00, DE, 17, 50, 84, E6, 15, ...]

.text aqldfm3o.SYS 91FB5077 63 Bytes [83, DA, 30, 95, 83, FB, 84, ...]

.text aqldfm3o.SYS 91FB50B7 10 Bytes [83, 80, 63, 8A, 83, 40, AB, ...]

.text ...

.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9B74B300, 0x3B6D8, 0xE8000020]

.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9B797300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1268] USER32.dll!TrackPopupMenu 75D64B3B 5 Bytes JMP 66972342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!LockResource 759F345C 5 Bytes JMP 2806C9C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!CreateEventA 759F3A2B 5 Bytes JMP 2806C2E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceW 759F922F 5 Bytes JMP 2806C680 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!SizeofResource 759F924D 5 Bytes JMP 2806C950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceExW 759FA7EF 5 Bytes JMP 2806C700 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!LoadResource 759FD3B0 5 Bytes JMP 2806C8A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceExA 759FD4AD 7 Bytes JMP 2806C810 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] kernel32.dll!FindResourceA 759FD575 5 Bytes JMP 2806C780 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ADVAPI32.dll!CryptDecrypt 77332140 5 Bytes JMP 2806BE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ADVAPI32.dll!CryptDeriveKey 77332150 5 Bytes JMP 2806BDF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!SetWindowPlacement 75D38169 5 Bytes JMP 2806FDC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!CreateDialogParamW 75D39BFF 5 Bytes JMP 2806FF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!SetWindowRgn 75D3B29A 4 Bytes JMP 2806FE60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!SetWindowRgn + 5 75D3B29F 2 Bytes [CC, CC] {INT 3 ; INT 3 }

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!CreateWindowExW 75D40E51 5 Bytes JMP 2806DDE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!LoadIconW 75D41431 5 Bytes JMP 28070720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!LoadImageW 75D42323 5 Bytes JMP 280705A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!GetWindowLongW 75D483A9 7 Bytes JMP 28070850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!PeekMessageW 75D491B5 5 Bytes JMP 2806E850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!TrackPopupMenuEx 75D65F72 1 Byte [E9]

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!TrackPopupMenuEx 75D65F72 5 Bytes JMP 2806EED0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] USER32.dll!MessageBoxIndirectW 75D8E9C3 5 Bytes JMP 28070140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!closesocket 772A3BED 5 Bytes JMP 28074C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!recv 772A47DF 5 Bytes JMP 28074640 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!WSASend 772A68A7 5 Bytes JMP 28074A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!WSARecv 772AC29F 5 Bytes JMP 28074770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WS2_32.dll!send 772AC4C8 5 Bytes JMP 28074920 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] SHELL32.dll!Shell_NotifyIconW 7642FBA1 5 Bytes JMP 2806D550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ole32.dll!CoRegisterClassObject 757211F5 5 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ole32.dll!CoInitializeEx 75750804 5 Bytes JMP 2806CC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] ole32.dll!CoCreateInstance 757657FC 5 Bytes JMP 2806CFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!InternetCloseHandle 7707C87E 5 Bytes JMP 28073A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!InternetReadFile 7707E2A4 5 Bytes JMP 280738C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!HttpOpenRequestA 7708043A 5 Bytes JMP 28073760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] WININET.dll!HttpSendRequestA 770F011C 5 Bytes JMP 28073960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] kernel32.dll!SetUnhandledExceptionFilter 75A03162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] GDI32.dll!CreateFontIndirectW 75E0A3FD 5 Bytes JMP 3087F180 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] GDI32.dll!CreateFontW 75E0C4CF 5 Bytes JMP 3087F120 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!InvalidateRgn 75D38099 5 Bytes JMP 30854D60 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetScrollRange 75D3AE3C 5 Bytes JMP 3094E350 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetUpdateRect 75D3C265 5 Bytes JMP 30854A90 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!DestroyWindow 75D3D5EF 5 Bytes JMP 30854B20 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!CreateWindowExW 75D40E51 5 Bytes JMP 30853BD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ShowWindow 75D4147A 5 Bytes JMP 30853AA0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetWindowPos 75D43581 5 Bytes JMP 30853B00 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetScrollInfo 75D45151 7 Bytes JMP 3094E220 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetWindowLongW 75D46614 5 Bytes JMP 30853B70 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetScrollInfo 75D46632 7 Bytes JMP 3094E2D0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!BeginPaint 75D47B87 5 Bytes JMP 30854AD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!InvalidateRect 75D47BC9 5 Bytes JMP 30854D20 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ValidateRect 75D60D28 5 Bytes JMP 30853DD0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetScrollRange 75D61B6C 5 Bytes JMP 3094E290 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!SetScrollPos 75D61BD0 5 Bytes JMP 3094E310 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!GetScrollPos 75D6252B 5 Bytes JMP 3094E260 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!EnableScrollBar 75D6386D 7 Bytes JMP 3094E1E0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ValidateRgn 75D63D4C 5 Bytes JMP 30853DE0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] USER32.dll!ShowScrollBar 75D65785 5 Bytes JMP 3094E3A0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] ADVAPI32.dll!RegOpenKeyExA 7730BC0D 5 Bytes JMP 3090A9A0 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Tencent\QQIntl\Bin\QQ.exe[3888] ADVAPI32.dll!RegOpenKeyExW 7730BEC4 5 Bytes JMP 30901B10 C:\Program Files\Tencent\QQIntl\Bin\GF.dll (QQ2010/Tencent)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3968] ntdll.dll!LdrLoadDll 771BF585 5 Bytes JMP 002813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [84405042] \SystemRoot\System32\Drivers\sprs.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [844056D6] \SystemRoot\System32\Drivers\sprs.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [84405800] \SystemRoot\System32\Drivers\sprs.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8440513E] \SystemRoot\System32\Drivers\sprs.sys

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortNotification] 00147880

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortStallExecution] C25DC033

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortInitialize] 157B805E

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500

IAT \SystemRoot\System32\Drivers\aqldfm3o.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3056] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75105E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 865A31F8

Device \Driver\volmgr \Device\VolMgrControl 8659D1F8

Device \Driver\usbohci \Device\USBPDO-0 882051F8

Device \Driver\usbehci \Device\USBPDO-1 881E31F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{6645178F-CC8F-4C1F-B520-0E5B7933485D} 87F9C1F8

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\sptd \Device\1975426848 sprs.sys

Device \Driver\volmgr \Device\HarddiskVolume1 8659D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8659D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 87FAA1F8

Device \Driver\volmgr \Device\HarddiskVolume3 8659D1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 87FAA1F8

Device \Driver\atapi \Device\Ide\IdePort0 8659F1F8

Device \Driver\atapi \Device\Ide\IdePort1 8659F1F8

Device \Driver\PCI_PNP2848 \Device\00000067 sprs.sys

Device \Driver\cdrom \Device\CdRom2 87FAA1F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 87F9C1F8

Device \Driver\nvstor32 -> DriverStartIo \Device\00000078 8735FAEA

Device \Driver\nvstor32 \Device\00000078 865A11F8

Device \Driver\nvstor32 -> DriverStartIo \Device\RaidPort0 8735FAEA

Device \Driver\nvstor32 \Device\RaidPort0 865A11F8

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\nvstor32 -> DriverStartIo \Device\RaidPort1 8735FAEA

Device \Driver\nvstor32 \Device\RaidPort1 865A11F8

Device \Driver\usbohci \Device\USBFDO-0 882051F8

Device \Driver\usbehci \Device\USBFDO-1 881E31F8

Device \Driver\aqldfm3o \Device\Scsi\aqldfm3o1Port4Path0Target1Lun0 882B01F8

Device \Driver\aqldfm3o \Device\Scsi\aqldfm3o1Port4Path0Target0Lun0 882B01F8

Device \Driver\aqldfm3o \Device\Scsi\aqldfm3o1 882B01F8

Device \Device\00000076 -> \??\SCSI#Disk&Ven_WDC_WD10&Prod_EARS-00Y5B1#4&2cf640f2&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9D 0xF6 0x22 ...

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0x80 0xD1 0x70 ...

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x80 0xD2 0x0A ...

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8F 0xC7 0x67 0xA9 ...

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9D 0xF6 0x22 ...

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0x80 0xD1 0x70 ...

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0A 0xAA 0xD1 0x79 ...

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8F 0xC7 0x67 0xA9 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFE 0x9D 0xF6 0x22 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1F 0x80 0xD1 0x70 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC8 0x80 0xD2 0x0A ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x8F 0xC7 0x67 0xA9 ...

---- Files - GMER 1.0.15 ----

File C:\Users\asdasd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7G8GQLYX\videoByTag[2].aspx 0 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\52703.52284.qm%40web35311.mail.mud.yahoo.com.wdseml 1312 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\BAY101-W202D3D83C93A3BF6038F3AA6A90%40phx.gbl.wdseml 507 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\BAY101-W25C14B4E183A51BF8CFAF4A6A90%40phx.gbl.wdseml 510 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\BAY101-W73E658A6EA8DEA229967BA6AD0%40phx.gbl.wdseml 522 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\zPOb37VYi000aedd8%40bay0-omc3-s3.bay0.hotmail.com.wdseml 518 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\079d3e78824d3849e4a6bc2364533598%40www.eslcafe.com.wdseml 1055 bytes

File C:\Users\asdasd\AppData\Roaming\Thunderbird\Profiles\0evxefoj.default\Mail\pop3.live.com\Inbox.mozmsgs\200710031242.e306c5421712%40forum.notebookreview.com.wdseml 1323 bytes

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Sorry, don't know what happened to the rest of my post.

Logs: malware + DDS 1

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5863

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

24-Feb-11 2:28:11 PM

mbam-log-2011-02-24 (14-28-11).txt

Scan type: Quick scan

Objects scanned: 146291

Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------

DDS (Ver_10-12-12.02) - NTFSx86

Run by asdasd at 14:37:20.92 on 24-Feb-11

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.919 [GMT 10:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\IObit\Game Booster\GameBox.exe

C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\notepad.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Tencent\QQIntl\Bin\QQ.exe

C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files\MPC HomeCinema\mpc-hc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\asdasd\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.maxiwe.com

mDefault_Page_URL = hxxp://www.maxiwe.com

mStart Page = hxxp://www.maxiwe.com

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Assign &hot key - c:\program files\hot keyboard pro\IEScript.htm

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\asdasd\appdata\roaming\mozilla\firefox\profiles\o1g8m7f0.default\

FF - component: c:\users\asdasd\appdata\roaming\mozilla\firefox\profiles\o1g8m7f0.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

============= SERVICES / DRIVERS ===============

R0 16457102;16457102 Boot Guard Driver;c:\windows\system32\drivers\16457102.sys [2011-2-14 37392]

R0 90995882;90995882 Boot Guard Driver;c:\windows\system32\drivers\90995882.sys [2011-2-14 37392]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-14 64512]

R1 16457101;16457101;c:\windows\system32\drivers\16457101.sys [2011-2-14 128016]

R1 90995881;90995881;c:\windows\system32\drivers\90995881.sys [2011-2-14 128016]

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-7-6 11448]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]

R1 setup_9.0.0.722_14.02.2011_00-12drv;setup_9.0.0.722_14.02.2011_00-12drv;c:\windows\system32\drivers\9099588.sys [2011-2-14 315408]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-14 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-14 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-14 61960]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-31 21992]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-14 1153368]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-12-23 9856]

R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-12-23 5760]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-1 1143920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1405384]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2010-12-23 39936]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-14 20952]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]

S4 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2010-8-16 90112]

S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-14 363344]

=============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2011-02-24 02:19:37 -------- d-----w- c:\users\asdasd\appdata\local\Thunderbird

2011-02-24 02:00:28 -------- d-----w- c:\users\asdasd\appdata\local\Windows Live

2011-02-23 20:20:50 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

2011-02-21 07:17:28 -------- d-----w- c:\program files\SQUARE ENIX - Eidos Interactive

2011-02-21 00:05:57 73728 ----a-w- c:\windows\system32\DeathAdder.cpl

2011-02-19 23:41:13 -------- d-----w- C:\d drive

2011-02-15 23:56:50 -------- d-----w- c:\users\asdasd\appdata\local\Google

2011-02-15 00:04:14 -------- d-----w- C:\MGtools

2011-02-14 23:42:14 -------- d-s---w- C:\ComboFix

2011-02-14 23:27:37 98816 ----a-w- c:\windows\sed.exe

2011-02-14 23:27:37 89088 ----a-w- c:\windows\MBR.exe

2011-02-14 23:27:37 256512 ----a-w- c:\windows\PEV.exe

2011-02-14 23:27:37 161792 ----a-w- c:\windows\SWREG.exe

2011-02-14 23:25:05 4268422 ----a-r- C:\ComboFix.exe

2011-02-14 08:32:27 -------- d-----w- c:\program files\Time Stopper

2011-02-14 08:04:12 106496 ----a-r- c:\users\asdasd\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe

2011-02-14 08:04:11 106496 ----a-r- c:\users\asdasd\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe

2011-02-14 08:03:50 -------- d-----w- c:\program files\Tencent

2011-02-14 07:51:21 -------- d-----w- c:\program files\Duty Calls

2011-02-14 07:49:50 -------- d-----w- c:\program files\COMODO

2011-02-14 06:58:24 -------- d-----w- c:\program files\efs

2011-02-14 05:11:02 -------- d-----w- c:\progra~2\Comodo

2011-02-14 04:53:02 -------- d-----w- c:\users\asdasd\appdata\local\Eraser 6

2011-02-14 03:55:48 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-02-14 03:55:48 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2011-02-14 03:44:19 487479 ----a-w- c:\windows\system32\SkinMagic.dll

2011-02-14 03:44:18 -------- d-----w- c:\program files\Smallvideosoft

2011-02-14 03:11:55 -------- d-----w- c:\windows\dump

2011-02-14 02:28:20 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files

2011-02-14 02:21:01 -------- d-----w- c:\users\asdasd\appdata\roaming\Avira

2011-02-14 02:13:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-14 02:13:04 -------- d-----w- c:\program files\Avira

2011-02-14 02:13:04 -------- d-----w- c:\progra~2\Avira

2011-02-14 00:11:25 -------- d-----w- c:\program files\CCleaner

2011-02-13 23:42:43 37392 ----a-w- c:\windows\system32\drivers\90995882.sys

2011-02-13 23:42:43 315408 ----a-w- c:\windows\system32\drivers\9099588.sys

2011-02-13 23:42:43 128016 ----a-w- c:\windows\system32\drivers\90995881.sys

2011-02-13 23:42:12 -------- d-----w- c:\program files\Eraser

2011-02-13 23:38:01 37392 ----a-w- c:\windows\system32\drivers\16457102.sys

2011-02-13 23:38:01 311312 ----a-w- c:\windows\system32\drivers\1645710.sys

2011-02-13 23:38:01 128016 ----a-w- c:\windows\system32\drivers\16457101.sys

2011-02-13 23:32:29 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-02-13 23:30:23 37392 ----a-w- c:\windows\system32\drivers\72592152.sys

2011-02-13 23:30:23 311312 ----a-w- c:\windows\system32\drivers\7259215.sys

2011-02-13 23:30:23 128016 ----a-w- c:\windows\system32\drivers\72592151.sys

2011-02-13 22:40:38 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-02-13 22:40:26 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-02-13 22:36:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-13 22:36:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-13 22:36:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-13 22:32:16 -------- d-----w- c:\users\asdasd\appdata\local\Sunbelt Software

2011-02-13 22:31:47 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-02-13 22:31:42 -------- d-----w- c:\program files\Lavasoft

2011-02-13 22:12:51 465496 ----a-w- c:\windows\system32\drivers\vsdatant.sys

2011-02-13 22:12:51 -------- d-----w- c:\windows\system32\ZoneLabs

2011-02-13 22:12:50 -------- d-----w- c:\program files\Zone Labs

2011-02-13 16:28:11 -------- d-----w- c:\users\asdasd\appdata\roaming\SUPERAntiSpyware.com

2011-02-13 16:28:11 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com

2011-02-13 16:27:47 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-02-13 16:15:29 -------- d-----w- c:\progra~2\Alwil Software

2011-02-13 15:04:50 -------- d-----w- c:\windows\SysWOW64

2011-02-13 14:33:19 -------- d-----w- c:\windows\Replay Video Capture

2011-02-13 14:33:18 -------- d-----w- c:\program files\Replay Video Capture

2011-02-13 14:33:17 -------- d-----w- c:\users\asdasd\appdata\local\Jaksta_Technologies_Pty_L

2011-02-13 14:30:25 -------- d-----w- c:\users\asdasd\appdata\roaming\Replay Media Catcher 4

2011-02-13 14:28:06 -------- d-----w- c:\windows\Applian Director

2011-02-13 14:17:45 -------- d-----w- C:\flvrecorder

2011-02-10 22:03:20 -------- d-----w- c:\users\asdasd\appdata\local\CrashRpt

2011-02-09 23:31:04 -------- d-----w- c:\windows\Internet Logs

2011-02-09 01:18:49 -------- d-----w- c:\windows\system32\appmgmt

2011-02-09 01:10:04 -------- d-----w- c:\users\asdasd\appdata\roaming\CheckPoint

2011-02-09 01:03:46 -------- d-----w- c:\program files\CheckPoint

2011-02-09 01:00:36 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2011-02-09 01:00:36 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-02-09 00:58:52 -------- d-----w- c:\progra~2\CheckPoint

2011-02-08 10:53:17 -------- d-----w- c:\users\asdasd\appdata\roaming\TS3Client

2011-02-03 08:33:05 -------- d-----w- c:\program files\Microsoft XNA

2011-01-31 01:50:13 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys

2011-01-31 01:50:12 -------- d-----w- c:\program files\CPUID

2011-01-31 01:39:45 705536 ----a-w- c:\windows\system32\cohelper.dll

2011-01-31 01:39:45 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2011-01-31 01:39:24 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2011-01-31 01:39:04 -------- d-----w- C:\NVIDIA

2011-01-28 00:36:03 -------- d-----w- C:\bios1

2011-01-28 00:06:35 -------- dc----w- c:\windows\system32\memcards

2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\sstates

2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\snaps

2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\logs

2011-01-28 00:06:35 -------- d-----w- c:\windows\system32\inis

2011-01-27 23:59:19 -------- d-----w- C:\bios

2011-01-26 00:43:33 -------- d-----w- c:\program files\common files\ATI Technologies

2011-01-26 00:25:35 -------- d-----w- c:\program files\TeamSpeak 3 Client

2011-01-25 23:43:57 -------- d-----w- c:\program files\Pcsx2

==================== Find3M ====================

2011-02-14 08:03:41 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll

2011-01-12 21:31:38 709456 ----a-w- c:\windows\isRS-000.tmp

2011-01-01 03:32:00 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-01-01 03:32:00 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2010-12-24 07:45:52 86016 ----a-w- c:\windows\system32\frapsvid.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8735FEC5]<<

_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88324872; SUB DWORD [EBP-0x4], 0x8832412e; PUSH EDI; CALL 0xffffffffffffdf33; }

1 ntkrnlpa!IofCallDriver[0x83878448] -> \Device\Harddisk0\DR0[0x87701670]

3 CLASSPNP[0x8C4E359E] -> ntkrnlpa!IofCallDriver[0x83878448] -> [0x87303AE0]

5 ACPI[0x8452E3B2] -> ntkrnlpa!IofCallDriver[0x83878448] -> \00000076[0x872CF030]

[0x87F70030] -> IRP_MJ_CREATE -> 0x8735FEC5

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:38:35.72 ===============

Share this post


Link to post
Share on other sites

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This includes uTorrent and anything else you have installed.

Share this post


Link to post
Share on other sites

I told in my opening post that I had been using torrents, are u now telling me your not going to help because of torrents?

I'll uninstall utorrent/bitcomet now.

Share this post


Link to post
Share on other sites

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Share this post


Link to post
Share on other sites

2011/02/24 17:31:53.0938 5640 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/24 17:31:54.0874 5640 ================================================================================

2011/02/24 17:31:54.0874 5640 SystemInfo:

2011/02/24 17:31:54.0874 5640

2011/02/24 17:31:54.0874 5640 OS Version: 6.1.7600 ServicePack: 0.0

2011/02/24 17:31:54.0874 5640 Product type: Workstation

2011/02/24 17:31:54.0875 5640 ComputerName: ASDASD-PC

2011/02/24 17:31:54.0875 5640 UserName: asdasd

2011/02/24 17:31:54.0875 5640 Windows directory: C:\Windows

2011/02/24 17:31:54.0875 5640 System windows directory: C:\Windows

2011/02/24 17:31:54.0875 5640 Processor architecture: Intel x86

2011/02/24 17:31:54.0875 5640 Number of processors: 4

2011/02/24 17:31:54.0875 5640 Page size: 0x1000

2011/02/24 17:31:54.0875 5640 Boot type: Normal boot

2011/02/24 17:31:54.0875 5640 ================================================================================

2011/02/24 17:31:58.0047 5640 Initialize success

2011/02/24 17:32:03.0563 3456 ================================================================================

2011/02/24 17:32:03.0563 3456 Scan started

2011/02/24 17:32:03.0563 3456 Mode: Manual;

2011/02/24 17:32:03.0563 3456 ================================================================================

2011/02/24 17:32:04.0820 3456 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/02/24 17:32:04.0956 3456 16457101 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\16457101.sys

2011/02/24 17:32:05.0180 3456 16457102 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\16457102.sys

2011/02/24 17:32:05.0548 3456 90995881 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\90995881.sys

2011/02/24 17:32:05.0589 3456 90995882 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\90995882.sys

2011/02/24 17:32:05.0632 3456 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/02/24 17:32:05.0659 3456 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/02/24 17:32:05.0684 3456 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/02/24 17:32:05.0711 3456 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/02/24 17:32:05.0723 3456 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/02/24 17:32:05.0769 3456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

2011/02/24 17:32:05.0820 3456 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/02/24 17:32:05.0841 3456 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/02/24 17:32:05.0902 3456 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/02/24 17:32:05.0953 3456 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/02/24 17:32:05.0964 3456 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/02/24 17:32:05.0977 3456 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/02/24 17:32:06.0133 3456 amdkmdag (8fd111119be6924b1b8c3976fac1b535) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/02/24 17:32:06.0307 3456 amdkmdap (c9b705ff53b15dd71f6a4d4f45396edd) C:\Windows\system32\DRIVERS\atikmpag.sys

2011/02/24 17:32:06.0329 3456 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/02/24 17:32:06.0352 3456 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

2011/02/24 17:32:06.0368 3456 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/02/24 17:32:06.0391 3456 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

2011/02/24 17:32:06.0420 3456 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/02/24 17:32:06.0463 3456 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys

2011/02/24 17:32:06.0470 3456 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys

2011/02/24 17:32:06.0495 3456 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/02/24 17:32:06.0513 3456 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/02/24 17:32:06.0540 3456 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys

2011/02/24 17:32:06.0558 3456 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys

2011/02/24 17:32:06.0584 3456 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/02/24 17:32:06.0632 3456 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/02/24 17:32:06.0667 3456 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys

2011/02/24 17:32:06.0693 3456 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

2011/02/24 17:32:06.0774 3456 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/02/24 17:32:06.0803 3456 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/02/24 17:32:06.0838 3456 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/02/24 17:32:06.0869 3456 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/02/24 17:32:06.0905 3456 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/02/24 17:32:06.0929 3456 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/02/24 17:32:06.0955 3456 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

2011/02/24 17:32:06.0966 3456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/02/24 17:32:06.0980 3456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/02/24 17:32:06.0995 3456 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/02/24 17:32:07.0013 3456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/02/24 17:32:07.0024 3456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/02/24 17:32:07.0036 3456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/02/24 17:32:07.0053 3456 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/02/24 17:32:07.0232 3456 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/02/24 17:32:07.0255 3456 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/02/24 17:32:07.0270 3456 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/02/24 17:32:07.0318 3456 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/02/24 17:32:07.0337 3456 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/02/24 17:32:07.0350 3456 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/02/24 17:32:07.0376 3456 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/02/24 17:32:07.0400 3456 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/02/24 17:32:07.0418 3456 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/02/24 17:32:07.0531 3456 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys

2011/02/24 17:32:07.0542 3456 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/02/24 17:32:07.0586 3456 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/02/24 17:32:07.0648 3456 CYUSB (ec0cc1aa9abfe9a32daa66832cb06271) C:\Windows\system32\Drivers\CYUSB.sys

2011/02/24 17:32:07.0700 3456 danewFltr (92a16df81f6cfeebf93204217c38dae0) C:\Windows\system32\drivers\danew.sys

2011/02/24 17:32:07.0750 3456 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

2011/02/24 17:32:07.0772 3456 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/02/24 17:32:07.0790 3456 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/02/24 17:32:07.0848 3456 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/02/24 17:32:07.0903 3456 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

2011/02/24 17:32:07.0932 3456 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/02/24 17:32:08.0000 3456 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/02/24 17:32:08.0147 3456 EIO (42584ec72495f4da1704123a20ac1012) C:\Windows\system32\DRIVERS\EIO.sys

2011/02/24 17:32:08.0194 3456 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/02/24 17:32:08.0210 3456 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/02/24 17:32:08.0249 3456 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/02/24 17:32:08.0269 3456 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/02/24 17:32:08.0284 3456 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/02/24 17:32:08.0308 3456 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/02/24 17:32:08.0335 3456 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/02/24 17:32:08.0345 3456 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/02/24 17:32:08.0372 3456 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/02/24 17:32:08.0396 3456 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/02/24 17:32:08.0407 3456 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/02/24 17:32:08.0432 3456 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys

2011/02/24 17:32:08.0444 3456 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/02/24 17:32:08.0459 3456 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/02/24 17:32:08.0487 3456 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/02/24 17:32:08.0521 3456 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/02/24 17:32:08.0533 3456 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/02/24 17:32:08.0545 3456 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/02/24 17:32:08.0561 3456 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/02/24 17:32:08.0575 3456 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/02/24 17:32:08.0602 3456 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/02/24 17:32:08.0627 3456 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/02/24 17:32:08.0658 3456 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/02/24 17:32:08.0669 3456 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/02/24 17:32:08.0697 3456 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/02/24 17:32:08.0802 3456 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/02/24 17:32:08.0827 3456 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/02/24 17:32:08.0843 3456 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/02/24 17:32:08.0868 3456 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/02/24 17:32:08.0893 3456 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/02/24 17:32:08.0918 3456 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/02/24 17:32:08.0929 3456 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/02/24 17:32:08.0942 3456 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/02/24 17:32:08.0955 3456 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/02/24 17:32:08.0967 3456 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/02/24 17:32:08.0982 3456 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/02/24 17:32:09.0010 3456 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/02/24 17:32:09.0040 3456 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/02/24 17:32:09.0175 3456 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2011/02/24 17:32:09.0219 3456 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

2011/02/24 17:32:09.0255 3456 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

2011/02/24 17:32:09.0284 3456 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/02/24 17:32:09.0315 3456 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/02/24 17:32:09.0334 3456 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/02/24 17:32:09.0346 3456 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/02/24 17:32:09.0362 3456 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/02/24 17:32:09.0377 3456 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/02/24 17:32:09.0400 3456 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys

2011/02/24 17:32:09.0429 3456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/02/24 17:32:09.0454 3456 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/02/24 17:32:09.0473 3456 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/02/24 17:32:09.0495 3456 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/02/24 17:32:09.0519 3456 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/02/24 17:32:09.0530 3456 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/02/24 17:32:09.0543 3456 mountmgr (0a1646a5e52d04c0b6392c33bc4bc9ca) C:\Windows\system32\drivers\mountmgr.sys

2011/02/24 17:32:09.0543 3456 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: 0a1646a5e52d04c0b6392c33bc4bc9ca, Fake md5: 921c18727c5920d6c0300736646931c2

2011/02/24 17:32:09.0548 3456 mountmgr - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/02/24 17:32:09.0572 3456 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/02/24 17:32:09.0584 3456 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/02/24 17:32:09.0600 3456 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/02/24 17:32:09.0626 3456 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/02/24 17:32:09.0650 3456 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/02/24 17:32:09.0677 3456 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/02/24 17:32:09.0700 3456 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/02/24 17:32:09.0712 3456 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/02/24 17:32:09.0732 3456 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/02/24 17:32:09.0747 3456 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/02/24 17:32:09.0757 3456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/02/24 17:32:09.0785 3456 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/02/24 17:32:09.0797 3456 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/02/24 17:32:09.0810 3456 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/02/24 17:32:09.0837 3456 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/02/24 17:32:09.0852 3456 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/02/24 17:32:09.0865 3456 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/02/24 17:32:09.0877 3456 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/02/24 17:32:09.0924 3456 MTsensor (cbe71c122434805cb73ffb6619f60598) C:\Windows\system32\DRIVERS\ASACPI.sys

2011/02/24 17:32:09.0957 3456 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/02/24 17:32:10.0008 3456 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/02/24 17:32:10.0513 3456 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/02/24 17:32:10.0553 3456 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/02/24 17:32:10.0595 3456 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/02/24 17:32:10.0609 3456 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/02/24 17:32:10.0632 3456 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/02/24 17:32:10.0655 3456 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/02/24 17:32:10.0691 3456 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/02/24 17:32:10.0709 3456 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/02/24 17:32:10.0733 3456 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/02/24 17:32:10.0757 3456 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/02/24 17:32:10.0780 3456 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/02/24 17:32:10.0824 3456 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

2011/02/24 17:32:10.0863 3456 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/02/24 17:32:10.0916 3456 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys

2011/02/24 17:32:10.0969 3456 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys

2011/02/24 17:32:10.0994 3456 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/02/24 17:32:11.0014 3456 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

2011/02/24 17:32:11.0034 3456 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\Windows\system32\DRIVERS\nvstor32.sys

2011/02/24 17:32:11.0059 3456 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/02/24 17:32:11.0082 3456 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/02/24 17:32:11.0139 3456 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/02/24 17:32:11.0164 3456 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/02/24 17:32:11.0178 3456 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/02/24 17:32:11.0226 3456 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/02/24 17:32:11.0249 3456 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/02/24 17:32:11.0291 3456 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/02/24 17:32:11.0363 3456 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

2011/02/24 17:32:11.0415 3456 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/02/24 17:32:11.0457 3456 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/02/24 17:32:11.0536 3456 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/02/24 17:32:11.0601 3456 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/02/24 17:32:11.0698 3456 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/02/24 17:32:11.0799 3456 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/02/24 17:32:11.0855 3456 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/02/24 17:32:11.0914 3456 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/02/24 17:32:11.0929 3456 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/02/24 17:32:11.0999 3456 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/02/24 17:32:12.0036 3456 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/02/24 17:32:12.0055 3456 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/02/24 17:32:12.0078 3456 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/02/24 17:32:12.0212 3456 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/02/24 17:32:12.0320 3456 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/02/24 17:32:12.0419 3456 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/02/24 17:32:12.0546 3456 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/02/24 17:32:12.0645 3456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/02/24 17:32:12.0776 3456 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/02/24 17:32:12.0937 3456 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/02/24 17:32:13.0090 3456 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/02/24 17:32:13.0232 3456 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/02/24 17:32:13.0271 3456 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/02/24 17:32:13.0544 3456 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/02/24 17:32:13.0625 3456 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/02/24 17:32:14.0015 3456 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/02/24 17:32:14.0300 3456 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/02/24 17:32:14.0410 3456 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/02/24 17:32:14.0475 3456 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/02/24 17:32:14.0495 3456 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/02/24 17:32:14.0518 3456 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/02/24 17:32:14.0583 3456 setup_9.0.0.722_14.02.2011_00-12drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\Windows\system32\DRIVERS\9099588.sys

2011/02/24 17:32:14.0624 3456 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/02/24 17:32:14.0642 3456 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/02/24 17:32:14.0663 3456 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/02/24 17:32:14.0674 3456 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/02/24 17:32:14.0783 3456 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/02/24 17:32:14.0842 3456 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/02/24 17:32:14.0890 3456 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/02/24 17:32:14.0922 3456 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/02/24 17:32:14.0951 3456 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/02/24 17:32:15.0084 3456 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/02/24 17:32:15.0084 3456 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/02/24 17:32:15.0099 3456 sptd - detected Locked file (1)

2011/02/24 17:32:15.0248 3456 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys

2011/02/24 17:32:15.0271 3456 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys

2011/02/24 17:32:15.0295 3456 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys

2011/02/24 17:32:15.0337 3456 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/02/24 17:32:15.0360 3456 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/02/24 17:32:15.0386 3456 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/02/24 17:32:15.0398 3456 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/02/24 17:32:15.0417 3456 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/02/24 17:32:15.0471 3456 Tcpip (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\drivers\tcpip.sys

2011/02/24 17:32:15.0566 3456 TCPIP6 (63170b9ee1d0ef0032f0408605671d1a) C:\Windows\system32\DRIVERS\tcpip.sys

2011/02/24 17:32:15.0691 3456 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/02/24 17:32:15.0722 3456 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/02/24 17:32:15.0749 3456 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/02/24 17:32:15.0767 3456 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/02/24 17:32:15.0792 3456 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/02/24 17:32:15.0821 3456 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/02/24 17:32:15.0836 3456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/02/24 17:32:15.0869 3456 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/02/24 17:32:15.0886 3456 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/02/24 17:32:15.0915 3456 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/02/24 17:32:15.0936 3456 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/02/24 17:32:15.0948 3456 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/02/24 17:32:15.0971 3456 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/02/24 17:32:15.0986 3456 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/02/24 17:32:16.0004 3456 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

2011/02/24 17:32:16.0029 3456 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

2011/02/24 17:32:16.0043 3456 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/02/24 17:32:16.0070 3456 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/02/24 17:32:16.0104 3456 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/02/24 17:32:16.0153 3456 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/02/24 17:32:16.0287 3456 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

2011/02/24 17:32:16.0367 3456 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/02/24 17:32:16.0386 3456 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/02/24 17:32:16.0406 3456 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/02/24 17:32:16.0429 3456 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/02/24 17:32:16.0471 3456 vHidDev (949aa00a83b0c4d7a3010035d8af93d9) C:\Windows\system32\DRIVERS\vHidDev.sys

2011/02/24 17:32:16.0485 3456 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/02/24 17:32:16.0506 3456 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/02/24 17:32:16.0571 3456 VIAHdAudAddService (0f0c96a570ab2b0164e04ab22cc8676a) C:\Windows\system32\drivers\viahduaa.sys

2011/02/24 17:32:16.0607 3456 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/02/24 17:32:16.0633 3456 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/02/24 17:32:16.0647 3456 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/02/24 17:32:16.0660 3456 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/02/24 17:32:16.0681 3456 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/02/24 17:32:16.0725 3456 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/02/24 17:32:16.0800 3456 Vsdatant (e7aba26a028a78c1aa759bb794f6e9ee) C:\Windows\system32\DRIVERS\vsdatant.sys

2011/02/24 17:32:16.0852 3456 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/02/24 17:32:16.0872 3456 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/02/24 17:32:16.0900 3456 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/02/24 17:32:16.0937 3456 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/24 17:32:16.0945 3456 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/24 17:32:16.0970 3456 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/02/24 17:32:16.0999 3456 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/02/24 17:32:17.0038 3456 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/02/24 17:32:17.0050 3456 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/02/24 17:32:17.0105 3456 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/02/24 17:32:17.0186 3456 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/02/24 17:32:17.0240 3456 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/02/24 17:32:17.0275 3456 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/02/24 17:32:17.0320 3456 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/02/24 17:32:17.0357 3456 ================================================================================

2011/02/24 17:32:17.0357 3456 Scan finished

2011/02/24 17:32:17.0357 3456 ================================================================================

2011/02/24 17:32:17.0365 1372 Detected object count: 2

2011/02/24 17:32:35.0292 1372 mountmgr (0a1646a5e52d04c0b6392c33bc4bc9ca) C:\Windows\system32\drivers\mountmgr.sys

2011/02/24 17:32:35.0294 1372 Suspicious file (Forged): C:\Windows\system32\drivers\mountmgr.sys. Real md5: 0a1646a5e52d04c0b6392c33bc4bc9ca, Fake md5: 921c18727c5920d6c0300736646931c2

2011/02/24 17:32:35.0446 1372 Backup copy found, using it..

2011/02/24 17:32:35.0455 1372 C:\Windows\system32\drivers\mountmgr.sys - will be cured after reboot

2011/02/24 17:32:35.0455 1372 Rootkit.Win32.TDSS.tdl3(mountmgr) - User select action: Cure

2011/02/24 17:32:35.0511 1372 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot

2011/02/24 17:32:35.0563 1372 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted after reboot

2011/02/24 17:32:35.0572 1372 HKLM\SYSTEM\ControlSet004\services\sptd - will be deleted after reboot

2011/02/24 17:32:35.0631 1372 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot

2011/02/24 17:32:35.0631 1372 Locked file(sptd) - User select action: Delete

Share this post


Link to post
Share on other sites

by the way I ran ESET antivirus and TDDKILLER and my computer seems much better, haven't had a single page redirect in about 48 hours, but I can't be 100% confident I'm safe just yet.

Share this post


Link to post
Share on other sites

Hi,

What were the contents of the BSoD?

Use the computer normally for a bit and see if the redirections come back. Also, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

I don't know the contests of the BSOD and I couldn't find the dump file, the folder where it should be 'memorydumps' is empty.

I'll keep you posted incase any BSODs/redirects return. If you don't hear from me in 2 weeks then all is well.

ty.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.