Solved Google redirect virus need help

[skinnybandit]

Hi im new to this site and just need some help, I just got the google redirect virus, because everytime i click on a link from google i get redirected to random sites, i was just wandering if anybody knows of a good fast way to get rid of it, i have Avast anti virus (free version), also i have Superantispyware, thanks for your help everybody, i probebly wont be able to try out your suggestions until i get off work at (9:00 pm) but i will when i get back lol. thanks again for all your help.

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[skinnybandit]

hey this is the malwarbytes report.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6943

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/24/2011 9:58:29 PM
mbam-log-2011-06-24 (21-58-29).txt

Scan type: Quick scan
Objects scanned: 158381
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\304217 (Trojan.Agent.Gen) -> Value: 304217 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\drvstore32.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
c:\Users\shane\0.6548089844712737.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
c:\Users\shane\0.683552255860275.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
c:\Users\shane\msiexec.exe (Trojan.Tracur.Wow) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000002f32232a1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000002f32232a1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000002f32232a1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\020000002f32232a1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000002f32232a1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000002f32232a1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000002f32232a1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\020000002f32232a1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

 

[Broni]

Please, do NOT quote my replies as it creates unnecessary clutter.

 

[skinnybandit]

im sorry i didnt know im new here my bad.

 

[Broni]

No problem

 

[skinnybandit]

im starting with the GMER file now one sec.

 

[skinnybandit]

i will wait to see what you tell me to do first before i run the gm program

 

[skinnybandit]

what would you like me to do after i did the malwarebytes scan i dont want to do anything before you tell me to.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[skinnybandit]

ok ill do the steps when i get home from work, ill post resaults when i get home as well.

 

[Broni]

No problem

 

[skinnybandit]

here is the GMER scan resault

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-25 21:44:10
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort1 TOSHIBA_MK2555GSX rev.FG001M
Running: 2s4jimwn.exe; Driver: C:\Users\shane\AppData\Local\Temp\kgtoypow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FB7E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskTOSHIBA_MK2555GSX_______________________FG001M__#5&1fb196db&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

 

[skinnybandit]

heres the dds report scan

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by shane at 21:55:09 on 2011-06-25
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1303 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2795644
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Sendspace Bar Toolbar: {5570f0a0-580c-4c69-808f-8b2aaa2aa93c} - c:\program files\sendspace_bar\prxtbSend.dll
mURLSearchHooks: Sendspace Bar Toolbar: {5570f0a0-580c-4c69-808f-8b2aaa2aa93c} - c:\program files\sendspace_bar\prxtbSend.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Sendspace Bar Toolbar: {5570f0a0-580c-4c69-808f-8b2aaa2aa93c} - c:\program files\sendspace_bar\prxtbSend.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Sendspace Bar Toolbar: {5570f0a0-580c-4c69-808f-8b2aaa2aa93c} - c:\program files\sendspace_bar\prxtbSend.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{18B3CF8A-699E-46BF-B27F-C21516615A16} : DhcpNameServer = 192.168.0.1
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
Hosts: 208.43.47.212 a1.review.zdnet.com
Hosts: 208.43.47.212 reviews.riverstreams.co.uk
Hosts: 208.43.47.212 d1.reviews.cnet.com
Hosts: 208.43.47.212 review.2009softwarereviews.com
Hosts: 208.43.47.212 reviews.download.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\shane\appdata\roaming\mozilla\firefox\profiles\bqlt7ree.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - Ext: SeekService: {86009AEF-9162-4EBC-B698-FF71D7B6B049} - c:\program files\mozilla firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: XULRunner: {90F0C07D-9B14-4607-9CA4-D0C76664074A} - c:\users\shane\appdata\local\{90F0C07D-9B14-4607-9CA4-D0C76664074A}
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-11 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-12 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-6 307928]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-27 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-27 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-6 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-6 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-6 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-3-26 34128]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-11 39984]
S3 TipCtrl;TipCtrl;"c:\users\shane\desktop\utipu\tipctrl.exe" --> c:\users\shane\desktop\utipu\TipCtrl.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-21 21:14:58 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-21 21:14:50 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-06-21 21:14:49 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 21:14:48 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-21 21:14:43 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-06-21 21:14:42 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-21 21:14:39 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-21 21:14:35 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-06-21 21:14:35 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-06-21 21:14:31 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-21 21:13:47 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-06-21 21:13:43 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-06-21 21:13:32 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-21 20:08:52 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-06-21 20:08:52 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-06-21 20:08:52 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-21 20:08:51 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-06-21 20:08:51 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-06-21 20:02:52 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-06-21 20:00:58 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-21 20:00:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-21 19:58:42 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-21 19:58:39 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-06-21 19:58:27 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-06-21 19:58:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-06-21 19:57:08 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-06-21 19:57:00 40448 ----a-w- c:\windows\system32\winrs.exe
2011-06-21 19:57:00 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-06-21 19:57:00 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-06-21 19:55:20 81920 ----a-w- c:\windows\system32\consent.exe
2011-06-21 01:17:39 723456 ----a-w- c:\windows\system32\sbe.dll
2011-06-21 01:17:39 605184 ----a-w- c:\windows\system32\CPFilters.dll
2011-06-21 01:17:39 190976 ----a-w- c:\windows\system32\mpg2splt.ax
2011-06-21 01:17:36 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-21 01:15:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-21 01:15:26 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-21 01:15:26 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-21 01:15:25 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-21 01:15:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-21 01:14:44 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-06-21 01:14:44 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-06-13 02:36:32 -------- d-----w- c:\program files\ConduitEngine
2011-06-13 02:36:29 -------- d-----w- c:\program files\Sendspace_Bar
2011-06-12 03:03:51 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-12 03:03:51 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-12 03:03:51 -------- d-----w- c:\users\shane\appdata\roaming\IObit
2011-06-12 03:03:48 -------- d-----w- C:\Smart Defrag 2
2011-06-12 02:06:24 -------- d-----w- c:\users\shane\appdata\local\Conduit
2011-06-12 02:05:59 -------- d-----w- c:\users\shane\appdata\roaming\SendSpace
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: TOSHIBA_MK2555GSX rev.FG001M -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87372555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873787b0]; MOV EAX, [0x8737882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82CC6FEF] -> \Device\Harddisk0\DR0[0x86274030]
3 CLASSPNP[0x83509745] -> ntkrnlpa!IofCallDriver[0x82CC6FEF] -> [0x86271398]
5 acpi[0x806176A0] -> ntkrnlpa!IofCallDriver[0x82CC6FEF] -> [0x8625B030]
\Driver\atapi[0x86E9C400] -> IRP_MJ_CREATE -> 0x87372555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-1 -> \??\IDE#DiskTOSHIBA_MK2555GSX_______________________FG001M__#5&1fb196db&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 21:57:04.02 ===============

 

[skinnybandit]

heres the dds attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/30/2009 3:13:43 PM
System Uptime: 6/25/2011 9:14:59 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket M2/S1G1 | 1050/2000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 145.722 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Hosts File Hijack ======================
.
Hosts: 208.43.47.212 a1.review.zdnet.com
Hosts: 208.43.47.212 reviews.riverstreams.co.uk
Hosts: 208.43.47.212 d1.reviews.cnet.com
Hosts: 208.43.47.212 review.2009softwarereviews.com
Hosts: 208.43.47.212 reviews.download.com
Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
Hosts: 208.43.47.212 reviews.pcmag.com
Hosts: 208.43.47.212 reviews.pcpro.co.uk
Hosts: 208.43.47.212 reviews.techradar.com
Hosts: 208.43.47.212 toptenreviews.com
Hosts: 208.43.47.212 www.reevoo.com
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AI RoboForm (All Users)
Aiseesoft Total Video Converter
Any DVD Converter Professional 3.7.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
avast! Free Antivirus
AviSynth 2.5
Bonjour
CamStudio Lossless Codec
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Combined Community Codec Pack BETA 2010-04-07
Compatibility Pack for the 2007 Office system
Conduit Engine
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 11
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netzero Internet Access Installer
Picasa 2
PlayReady PC runtime
PSPVC :: PSP Video Converter v3.91
QuickBooks Financial Center
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Sendspace Bar Toolbar
Skins
Skype Launcher
Smart Defrag 2
SnagIt 5
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
WildTangent Games
WinRAR archiver
.
==== End Of File ===========================

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[skinnybandit]

heres the tdss scan report

2011/06/26 21:11:06.0447 23368 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 21:11:07.0570 23368 ================================================================================
2011/06/26 21:11:07.0570 23368 SystemInfo:
2011/06/26 21:11:07.0570 23368
2011/06/26 21:11:07.0570 23368 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/26 21:11:07.0570 23368 Product type: Workstation
2011/06/26 21:11:07.0570 23368 ComputerName: SHANE-PC
2011/06/26 21:11:07.0570 23368 UserName: shane
2011/06/26 21:11:07.0570 23368 Windows directory: C:\Windows
2011/06/26 21:11:07.0570 23368 System windows directory: C:\Windows
2011/06/26 21:11:07.0570 23368 Processor architecture: Intel x86
2011/06/26 21:11:07.0570 23368 Number of processors: 2
2011/06/26 21:11:07.0570 23368 Page size: 0x1000
2011/06/26 21:11:07.0570 23368 Boot type: Normal boot
2011/06/26 21:11:07.0570 23368 ================================================================================
2011/06/26 21:11:08.0677 23368 Initialize success
2011/06/26 21:11:12.0359 22140 ================================================================================
2011/06/26 21:11:12.0359 22140 Scan started
2011/06/26 21:11:12.0359 22140 Mode: Manual;
2011/06/26 21:11:12.0359 22140 ================================================================================
2011/06/26 21:11:13.0498 22140 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/26 21:11:13.0638 22140 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/26 21:11:13.0794 22140 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/26 21:11:13.0903 22140 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/26 21:11:13.0997 22140 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/26 21:11:14.0184 22140 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/06/26 21:11:14.0348 22140 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/26 21:11:14.0532 22140 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/26 21:11:14.0685 22140 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/26 21:11:14.0839 22140 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/26 21:11:15.0007 22140 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/26 21:11:15.0098 22140 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/26 21:11:15.0213 22140 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/26 21:11:15.0313 22140 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/26 21:11:15.0480 22140 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/26 21:11:15.0640 22140 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/26 21:11:15.0766 22140 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/26 21:11:15.0926 22140 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/26 21:11:16.0082 22140 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/26 21:11:16.0772 22140 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/26 21:11:16.0937 22140 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/26 21:11:17.0077 22140 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/26 21:11:17.0218 22140 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/26 21:11:17.0327 22140 atapi (0fd275041f8b2197ee964361b4192a18) C:\Windows\system32\drivers\atapi.sys
2011/06/26 21:11:18.0076 22140 atikmdag (53df058c7115b3e6259954d2a2dbf8e9) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/26 21:11:18.0372 22140 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/26 21:11:18.0575 22140 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/26 21:11:18.0746 22140 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/26 21:11:18.0918 22140 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/26 21:11:19.0043 22140 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/26 21:11:19.0168 22140 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/26 21:11:19.0324 22140 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/26 21:11:19.0448 22140 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/26 21:11:19.0573 22140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/26 21:11:19.0620 22140 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/26 21:11:19.0745 22140 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/26 21:11:19.0885 22140 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/26 21:11:20.0010 22140 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/26 21:11:20.0119 22140 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/26 21:11:20.0228 22140 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/26 21:11:20.0384 22140 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/26 21:11:20.0462 22140 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/26 21:11:20.0556 22140 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/26 21:11:20.0681 22140 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/26 21:11:20.0790 22140 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/26 21:11:20.0962 22140 dfmirage (699ef0fd9ae72b7f5ad756e382c73e0e) C:\Windows\system32\DRIVERS\dfmirage.sys
2011/06/26 21:11:21.0086 22140 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/06/26 21:11:21.0242 22140 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/26 21:11:21.0414 22140 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/26 21:11:21.0523 22140 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/26 21:11:21.0695 22140 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/26 21:11:22.0085 22140 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/26 21:11:22.0256 22140 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/26 21:11:22.0397 22140 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/26 21:11:22.0615 22140 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/26 21:11:22.0724 22140 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/26 21:11:22.0880 22140 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/26 21:11:23.0021 22140 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/26 21:11:23.0130 22140 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/26 21:11:23.0239 22140 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/26 21:11:23.0348 22140 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/26 21:11:23.0489 22140 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/26 21:11:23.0660 22140 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/06/26 21:11:23.0770 22140 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/26 21:11:23.0941 22140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/26 21:11:24.0160 22140 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/26 21:11:24.0284 22140 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/26 21:11:24.0425 22140 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/26 21:11:24.0596 22140 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/26 21:11:24.0706 22140 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/26 21:11:24.0815 22140 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/26 21:11:24.0940 22140 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/26 21:11:25.0064 22140 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/26 21:11:25.0205 22140 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/26 21:11:25.0330 22140 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/26 21:11:25.0501 22140 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/26 21:11:25.0720 22140 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/26 21:11:25.0876 22140 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/26 21:11:25.0985 22140 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/26 21:11:26.0156 22140 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/26 21:11:26.0390 22140 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/26 21:11:26.0531 22140 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/26 21:11:26.0702 22140 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/26 21:11:26.0827 22140 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/26 21:11:26.0952 22140 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/26 21:11:27.0170 22140 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/26 21:11:27.0280 22140 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/26 21:11:27.0404 22140 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/26 21:11:27.0498 22140 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/26 21:11:27.0638 22140 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/26 21:11:27.0794 22140 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/26 21:11:27.0919 22140 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/26 21:11:28.0013 22140 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/26 21:11:28.0106 22140 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/26 21:11:28.0216 22140 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/26 21:11:28.0340 22140 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/26 21:11:28.0450 22140 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/26 21:11:28.0543 22140 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/26 21:11:28.0668 22140 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/26 21:11:28.0777 22140 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/26 21:11:28.0871 22140 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/26 21:11:28.0964 22140 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/06/26 21:11:29.0074 22140 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/26 21:11:29.0198 22140 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/26 21:11:29.0308 22140 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/26 21:11:29.0417 22140 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/26 21:11:29.0510 22140 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/26 21:11:29.0557 22140 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/26 21:11:29.0729 22140 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/26 21:11:29.0854 22140 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/26 21:11:29.0994 22140 msahci (1544de2b6a41de218a679eb59f3c3f50) C:\Windows\system32\drivers\msahci.sys
2011/06/26 21:11:30.0088 22140 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/26 21:11:30.0259 22140 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/26 21:11:30.0400 22140 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
2011/06/26 21:11:30.0524 22140 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/26 21:11:30.0696 22140 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/26 21:11:30.0821 22140 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/26 21:11:30.0946 22140 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/26 21:11:31.0070 22140 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/26 21:11:31.0195 22140 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/26 21:11:31.0304 22140 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/26 21:11:31.0460 22140 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/26 21:11:31.0616 22140 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/06/26 21:11:31.0866 22140 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/26 21:11:31.0991 22140 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/26 21:11:32.0100 22140 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/26 21:11:32.0240 22140 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/26 21:11:32.0381 22140 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/26 21:11:32.0537 22140 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/26 21:11:32.0771 22140 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/26 21:11:32.0911 22140 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/26 21:11:33.0005 22140 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/26 21:11:33.0145 22140 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/26 21:11:33.0301 22140 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/26 21:11:33.0426 22140 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/26 21:11:33.0582 22140 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/26 21:11:33.0722 22140 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/26 21:11:33.0863 22140 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/26 21:11:34.0206 22140 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/26 21:11:34.0409 22140 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/26 21:11:34.0534 22140 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/26 21:11:34.0627 22140 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/26 21:11:34.0690 22140 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
2011/06/26 21:11:34.0814 22140 pciide (01cd2860a161f3d89c8c63e65b3ad100) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/26 21:11:34.0939 22140 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/26 21:11:35.0095 22140 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/26 21:11:35.0314 22140 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/26 21:11:35.0423 22140 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/06/26 21:11:35.0579 22140 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/26 21:11:35.0688 22140 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/26 21:11:35.0860 22140 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/26 21:11:36.0000 22140 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/26 21:11:36.0125 22140 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/26 21:11:36.0234 22140 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/26 21:11:36.0374 22140 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/26 21:11:36.0546 22140 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/26 21:11:36.0671 22140 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/26 21:11:36.0811 22140 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/26 21:11:36.0920 22140 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/26 21:11:37.0045 22140 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/26 21:11:37.0170 22140 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/26 21:11:37.0295 22140 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/26 21:11:37.0513 22140 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/26 21:11:37.0638 22140 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/26 21:11:37.0810 22140 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\Windows\system32\DRIVERS\RTL8187Se.sys
2011/06/26 21:11:37.0966 22140 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2011/06/26 21:11:38.0122 22140 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/26 21:11:38.0262 22140 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/26 21:11:38.0402 22140 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/26 21:11:38.0574 22140 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/26 21:11:38.0683 22140 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/26 21:11:38.0824 22140 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/26 21:11:38.0933 22140 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/26 21:11:39.0073 22140 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/26 21:11:39.0182 22140 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/26 21:11:39.0307 22140 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/26 21:11:39.0432 22140 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/26 21:11:39.0588 22140 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/26 21:11:39.0728 22140 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/26 21:11:39.0869 22140 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/26 21:11:40.0009 22140 SmartDefragDriver (cc48f88fe17bb8e5eb6fa1a8a9477006) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2011/06/26 21:11:40.0118 22140 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/26 21:11:40.0274 22140 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/26 21:11:40.0399 22140 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/26 21:11:40.0524 22140 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/26 21:11:40.0664 22140 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/26 21:11:40.0836 22140 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/26 21:11:40.0883 22140 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/26 21:11:41.0023 22140 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/26 21:11:41.0132 22140 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/26 21:11:41.0257 22140 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/26 21:11:41.0444 22140 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/26 21:11:41.0600 22140 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/26 21:11:41.0725 22140 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/26 21:11:41.0850 22140 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/26 21:11:41.0990 22140 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/26 21:11:42.0115 22140 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/26 21:11:42.0240 22140 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/26 21:11:42.0349 22140 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/26 21:11:42.0677 22140 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/06/26 21:11:42.0833 22140 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/26 21:11:42.0989 22140 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/26 21:11:43.0129 22140 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/26 21:11:43.0238 22140 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/26 21:11:43.0332 22140 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/26 21:11:43.0441 22140 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/26 21:11:43.0597 22140 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/26 21:11:43.0722 22140 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/26 21:11:43.0847 22140 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/26 21:11:43.0972 22140 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/26 21:11:44.0081 22140 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/26 21:11:44.0206 22140 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/26 21:11:44.0315 22140 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/26 21:11:44.0424 22140 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/26 21:11:44.0564 22140 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/26 21:11:44.0658 22140 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/26 21:11:44.0767 22140 usbohci (326a67c52bdacf4fa419b334b007b5c3) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/26 21:11:44.0908 22140 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/26 21:11:45.0017 22140 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/26 21:11:45.0126 22140 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/26 21:11:45.0251 22140 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/26 21:11:45.0376 22140 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/26 21:11:45.0500 22140 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/26 21:11:45.0610 22140 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/26 21:11:45.0734 22140 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/26 21:11:45.0844 22140 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/26 21:11:45.0984 22140 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
2011/06/26 21:11:46.0093 22140 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/26 21:11:46.0202 22140 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/26 21:11:46.0327 22140 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/26 21:11:46.0530 22140 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/26 21:11:46.0639 22140 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 21:11:46.0670 22140 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 21:11:46.0811 22140 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/26 21:11:46.0936 22140 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/26 21:11:47.0170 22140 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/26 21:11:47.0310 22140 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/26 21:11:47.0466 22140 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/26 21:11:47.0606 22140 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/26 21:11:47.0794 22140 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/26 21:11:47.0965 22140 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/26 21:11:48.0028 22140 MBR (0x1B8) (2eba834febf4b719d36003336ff4dced) \Device\Harddisk0\DR0
2011/06/26 21:11:48.0043 22140 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/26 21:11:48.0059 22140 ================================================================================
2011/06/26 21:11:48.0059 22140 Scan finished
2011/06/26 21:11:48.0059 22140 ================================================================================
2011/06/26 21:11:48.0074 22944 Detected object count: 1
2011/06/26 21:11:48.0074 22944 Actual detected object count: 1
2011/06/26 21:12:01.0038 22944 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/26 21:12:01.0038 22944 \Device\Harddisk0\DR0 - ok
2011/06/26 21:12:01.0038 22944 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/26 21:12:10.0757 23448 Deinitialize success

 

[Broni]

Try Combofix again.

 

[skinnybandit]

o i never tried combo fix yet where do i download that

 

[Broni]

Ooops. Wrong topic. Sorry about it

How is redirection, btw?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[skinnybandit]

wow man it looks like the redirection problem is fixed :approve: thanks, o would you still like me to download combofix, one more thing can i delete all of the programs i downloaded or should i keep them?

 

[Broni]

Good news and....yes....

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

 

[skinnybandit]

alright cool ill run the combofix tomorrow thanks again for all your help ill post the resaults as well.

 

[Broni]

You're very welcome

 

[skinnybandit]

heres the combofix log

ComboFix 11-06-27.01 - shane 06/27/2011 22:27:33.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1789 [GMT -4:00]
Running from: c:\users\shane\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Drop Down Deals
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\shane\AppData\Local\{3044C1ED-EC6A-4827-8663-174047833550}
c:\users\shane\AppData\Local\{3044C1ED-EC6A-4827-8663-174047833550}\chrome\content\overlay.xul
c:\users\shane\AppData\Local\{3044C1ED-EC6A-4827-8663-174047833550}\install.rdf
c:\users\shane\AppData\Local\{90F0C07D-9B14-4607-9CA4-D0C76664074A}
c:\users\shane\AppData\Local\{90F0C07D-9B14-4607-9CA4-D0C76664074A}\chrome.manifest
c:\users\shane\AppData\Local\{90F0C07D-9B14-4607-9CA4-D0C76664074A}\chrome\content\_cfg.js
c:\users\shane\AppData\Local\{90F0C07D-9B14-4607-9CA4-D0C76664074A}\chrome\content\overlay.xul
c:\users\shane\AppData\Local\{90F0C07D-9B14-4607-9CA4-D0C76664074A}\install.rdf
c:\users\shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic
c:\users\shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
c:\users\shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk
c:\users\shane\AppData\Roaming\Mozilla\Firefox\Profiles\bqlt7ree.default\extensions\{f7b58d08-7a74-48af-ba4d-d4d1b30517cc}
c:\users\shane\AppData\Roaming\Mozilla\Firefox\Profiles\bqlt7ree.default\extensions\{f7b58d08-7a74-48af-ba4d-d4d1b30517cc}\chrome.manifest
c:\users\shane\AppData\Roaming\Mozilla\Firefox\Profiles\bqlt7ree.default\extensions\{f7b58d08-7a74-48af-ba4d-d4d1b30517cc}\chrome\xulcache.jar
c:\users\shane\AppData\Roaming\Mozilla\Firefox\Profiles\bqlt7ree.default\extensions\{f7b58d08-7a74-48af-ba4d-d4d1b30517cc}\defaults\preferences\xulcache.js
c:\users\shane\AppData\Roaming\Mozilla\Firefox\Profiles\bqlt7ree.default\extensions\{f7b58d08-7a74-48af-ba4d-d4d1b30517cc}\install.rdf
c:\windows\system32\Filters
c:\windows\system32\Filters\AviSplitter.ax
c:\windows\system32\Filters\ffdshow\custom matrices\andreas_78er.matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\andreas_doppelte_99er.matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\andreas_einfache_99er.matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Bulletproof's High Quality Matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\CG-Animation Matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\hvs-best-picture.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\hvs-better-picture.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\hvs-good-picture.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Low Bitrate Matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\MPEG.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\pvcd.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Soulhunters V3.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Soulhunters V5.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Standard.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Ultimate Matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Ultra Low Bitrate Matrix.xcm
c:\windows\system32\Filters\ffdshow\custom matrices\Very Low Bitrate Matrix.xcm
c:\windows\system32\Filters\ffdshow\dict\Czech.dic
c:\windows\system32\Filters\ffdshow\dict\dicts.txt
c:\windows\system32\Filters\ffdshow\dict\Greek.dic
c:\windows\system32\Filters\ffdshow\dict\Polski.dic
c:\windows\system32\Filters\ffdshow\ff_kernelDeint.dll
c:\windows\system32\Filters\ffdshow\ff_liba52.dll
c:\windows\system32\Filters\ffdshow\ff_libdts.dll
c:\windows\system32\Filters\ffdshow\ff_libfaad2.dll
c:\windows\system32\Filters\ffdshow\ff_libmad.dll
c:\windows\system32\Filters\ffdshow\ff_realaac.dll
c:\windows\system32\Filters\ffdshow\ff_samplerate.dll
c:\windows\system32\Filters\ffdshow\ff_theora.dll
c:\windows\system32\Filters\ffdshow\ff_tremor.dll
c:\windows\system32\Filters\ffdshow\ff_unrar.dll
c:\windows\system32\Filters\ffdshow\ff_wmv9.dll
c:\windows\system32\Filters\ffdshow\ff_x264.dll
c:\windows\system32\Filters\ffdshow\ffdshow.ax
c:\windows\system32\Filters\ffdshow\ffdshow.ax.manifest
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1028.tc
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1029.cz
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1031.de
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1033.en
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1034.es
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1036.fr
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1038.hu
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1040.it
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1041.ja
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1041.jp
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1045.pl
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1046.br
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1049.ru
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1051.sk
c:\windows\system32\Filters\ffdshow\languages\ffdshow.1053.se
c:\windows\system32\Filters\ffdshow\languages\ffdshow.2052.sc
c:\windows\system32\Filters\ffdshow\libavcodec.dll
c:\windows\system32\Filters\ffdshow\libmpeg2_ff.dll
c:\windows\system32\Filters\ffdshow\libmplayer.dll
c:\windows\system32\Filters\ffdshow\reg\ffdshow.reg
c:\windows\system32\Filters\ffdshow\reg\reg.exe
c:\windows\system32\Filters\ffdshow\reg\rempc.reg
c:\windows\system32\Filters\ffdshow\TomsMoComp_ff.dll
c:\windows\system32\Filters\FLVSplitter.ax
c:\windows\system32\Filters\MatroskaSplitter.ax
c:\windows\system32\Filters\MP4Splitter.ax
c:\windows\system32\Filters\Quicktime.ax
c:\windows\system32\Filters\RealMediaSplitter.ax
c:\windows\system32\Filters\VSFilter.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 02:36 . 2011-06-28 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 23:17 . 2011-06-23 23:17 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-06-21 21:14 . 2011-04-14 14:24 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-21 21:14 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-06-21 21:14 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 21:14 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-21 21:14 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-06-21 21:14 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-21 21:14 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-21 21:14 . 2011-03-02 14:49 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-06-21 21:14 . 2009-05-04 10:11 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-06-21 21:14 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-21 21:13 . 2011-03-03 12:53 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-06-21 21:13 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-06-21 21:13 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-21 20:08 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-21 20:08 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-06-21 20:08 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-06-21 20:08 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-06-21 20:08 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-06-21 20:02 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-06-21 20:00 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-21 20:00 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-21 19:58 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-21 19:58 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-06-21 19:58 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-06-21 19:58 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-06-21 19:57 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-06-21 19:57 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-06-21 19:57 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-06-21 19:57 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-06-21 19:55 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2011-06-21 01:17 . 2011-01-05 01:07 723456 ----a-w- c:\windows\system32\sbe.dll
2011-06-21 01:17 . 2011-01-05 01:07 605184 ----a-w- c:\windows\system32\CPFilters.dll
2011-06-21 01:17 . 2011-01-05 01:06 190976 ----a-w- c:\windows\system32\mpg2splt.ax
2011-06-21 01:17 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-21 01:15 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-21 01:15 . 2011-04-29 12:49 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-21 01:15 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-21 01:15 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-21 01:15 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-21 01:14 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-06-21 01:14 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-06-13 02:36 . 2011-06-13 02:36 -------- d-----w- c:\program files\ConduitEngine
2011-06-13 02:36 . 2011-06-13 02:36 -------- d-----w- c:\program files\Sendspace_Bar
2011-06-12 03:03 . 2011-06-12 03:03 -------- d-----w- c:\users\shane\AppData\Roaming\IObit
2011-06-12 03:03 . 2011-02-23 20:52 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-12 03:03 . 2011-02-23 20:52 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-12 03:03 . 2011-06-12 03:04 -------- d-----w- C:\Smart Defrag 2
2011-06-12 02:06 . 2011-06-13 02:36 -------- d-----w- c:\users\shane\AppData\Local\Conduit
2011-06-12 02:05 . 2011-06-12 02:06 -------- d-----w- c:\users\shane\AppData\Roaming\SendSpace
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-02-12 01:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-02-12 01:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2009-10-03 00:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2011-01-07 03:41 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-01-07 03:41 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-05-12 21:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-01-07 03:42 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-01-07 03:42 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2011-01-07 03:42 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-01-07 03:42 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2011-01-07 03:42 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-31 15:53 . 2009-11-30 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}"= "c:\program files\Sendspace_Bar\prxtbSend.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}]
2011-01-17 20:54 175912 ----a-w- c:\program files\Sendspace_Bar\prxtbSend.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 21:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}"= "c:\program files\Sendspace_Bar\prxtbSend.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{5570F0A0-580C-4C69-808F-8B2AAA2AA93C}"= "c:\program files\Sendspace_Bar\prxtbSend.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{5570f0a0-580c-4c69-808f-8b2aaa2aa93c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-02-18 160592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-22 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-14 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"MRT"="c:\windows\system32\MRT.exe" [2011-06-03 47716296]
.
c:\users\shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-31 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 TipCtrl;TipCtrl;c:\users\shane\Desktop\uTIPu\TipCtrl.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-22 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 34128]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:43]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2795644
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\shane\AppData\Roaming\Mozilla\Firefox\Profiles\bqlt7ree.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
FF - Ext: SeekService: {86009AEF-9162-4EBC-B698-FF71D7B6B049} - c:\program files\Mozilla Firefox\extensions\{86009AEF-9162-4EBC-B698-FF71D7B6B049}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-27 22:36
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-06-27 22:38:28
ComboFix-quarantined-files.txt 2011-06-28 02:38
.
Pre-Run: 160,581,595,136 bytes free
Post-Run: 160,523,554,816 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 446D82E4EB3A4D5889BABE7CD7B0D784