Inactive Google searches redirected

Status
Not open for further replies.

Puchatek

Posts: 19   +0
My google searches get redirected, pages to which I'm redirected depend on country I'm accessing the web in. Should anyone of you be able to figure out what's causing the problem and how to get rid of, I would be very grateful for help. Below is the list of logs as suggested in 8 steps virus/spyware removal post. Mawarebytes, as well as my Avast, found few infected files. but althought they claimed to clean the system from those, I am still getting redirected on most of my searches.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

09/03/2011 00:28:45
mbam-log-2011-03-09 (00-28-45).txt

Scan type: Quick scan
Objects scanned: 128624
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\_VOID (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\User Protection (Rogue.Protection) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

/*********************************/

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-09 00:32:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM251JI rev.2SS00_03
Running: ux052f5s.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\ugroapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x911388DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [8ACA99B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [8ACA99B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [8ACA99B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [8ACA99B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [8ACA99B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 [8ACA99B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\msahci \Device\Ide\PciIde0Channel0 855061F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 855061F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 855061F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 855061F8
Device \Driver\axwxalwn \Device\Scsi\axwxalwn1 8721E1F8
Device \Driver\a5s9rvbt \Device\Scsi\a5s9rvbt1 872251F8
Device \Driver\axwxalwn \Device\Scsi\axwxalwn1Port6Path0Target0Lun0 8721E1F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 855251F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

/*********************************/

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 0:33:41.26 on 09/03/2011
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_13
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray
uRun: [EPSON Stylus SX200 Series (Copy 2)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiefe.exe /fu "c:\windows\temp\E_S5CEE.tmp" /EF "HKCU"
uRun: [EPSON Stylus DX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibve.exe /fu "c:\windows\temp\E_S6B01.tmp" /EF "HKCU"
uRun: [EPSON Stylus SX200 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiefe.exe /fu "c:\windows\temp\E_SFC0A.tmp" /EF "HKCU"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\administrator\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\k0msse8d.default\
FF - prefs.js: browser.startup.homepage - google.com.sg
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\k0msse8d.default\extensions\{d249fd00-4df9-11d9-9fdc-0080481ada61}\components\mpint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Characterizer: kanjilish@jay.starkey - %profile%\extensions\kanjilish@jay.starkey
FF - Ext: MetaProducts Integration: {D249FD00-4DF9-11D9-9FDC-0080481ADA61} - %profile%\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-8 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-4 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-4 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-4 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-4 42184]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-27 365952]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R2 vmserverdWin32;VMware Registration Service;c:\program files\vmware\vmware server\vmserverdWin32.exe [2008-5-9 1650781]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\drivers\ZTEusbnmeaext.sys [2010-7-1 103936]
.
=============== Created Last 30 ================
.
2011-03-08 14:36:48 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-17 13:43:33 -------- d-----w- C:\Dropbox
2011-02-17 13:41:31 -------- d-----w- c:\users\admini~1\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 0:34:29.76 ===============

/*********************************/

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
.
Motherboard: Wistron | | 360C
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 173 GiB total, 64.448 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.398 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2600n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2600n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 5500
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 5500
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
"Minimal SYStem 1.0.11"
32 Bit HP CIO Components Installer
8051IDE
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Anki
Apple Software Update
Atheros Driver Installation Program
AutoCAD 2000
AutoCAD 2000 Migration Assistance
avast! Free Antivirus
Blood Bowl version 1.2.0.1
Bonjour
BufferChm
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
ContainerEx Decrypter
CyberLink DVD Suite
Dev-C++ 5 beta 9 release (4.9.9.2)
DJ_AIO_06_F4500_SW_MIN
DjVuLibre+DjView
DocProc
DocProcQFolder
Dropbox
EPSON Printer Software
EPSON Scan
EPSON Stylus SX200 Series Printer Uninstall
ESU for Microsoft Vista
F4500
Free Download Manager 3.0
Freelang Dictionary (wordlist)
Freelang Dictionary 3.74 beta
FTDI USB Serial Converter Drivers
Gadu-Gadu 6.1
GearDrvs
Google Chrome
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
HP Doc Viewer
HP DVD Play 3.7
HP User Guides 0118
HP Wireless Assistant
HPPhotoGadget
HPTCSSetup
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
Japanese Fonts Support For Adobe Reader 9
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 13
JavaFX(TM) 1.1 SDK
Kantaris Media Player 0.4.3
Malwarebytes' Anti-Malware
MATLAB Student R2007a
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Document Explorer 2008
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.2pre)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Network
Notepad++
OCR Software by I.R.I.S. 11.0
Open Source Computer Vision Library 1.1pre1
OpenOffice.org 3.1
Pando Media Booster
Power2Go
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype? 3.8
Smart Defrag 1.11
Spybot - Search & Destroy
SpywareBlaster 4.3
Swiff Player 1.5
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.0.1
VMware Server
WebReg
Winamp
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinVDIG 1.0
μTorrent
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware.

You have a rootkit malware infection, which is why you can remove the infection. Special scans are used for this:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Please include the log with the next reply.
  • A reboot is required after disinfection.
==================================================
When finished with the above, Download Combofix to your desktop from one of these locations:
Link 1
Link 2
http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Below's the log from TDSSKiller.
I'm still getting redirected, and the only visible results from running both programmes is that my wallpaper got removed and for some reason setting new one doesn't actually change the desktop.

BTW, are there any articles at TechSpot that teach you to make sense of those various logs? I would like to learn how you realized I have a rootkit malware infection from the logs, so that next time I don't have to sheepishly follow someone's else instructions.

Well, here's the log:

2011/03/12 11:19:13.0871 1740 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/12 11:19:13.0934 1740 ================================================================================
2011/03/12 11:19:13.0934 1740 SystemInfo:
2011/03/12 11:19:13.0934 1740
2011/03/12 11:19:13.0934 1740 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/12 11:19:13.0934 1740 Product type: Workstation
2011/03/12 11:19:13.0934 1740 ComputerName: PUCHATEK
2011/03/12 11:19:13.0949 1740 UserName: Administrator
2011/03/12 11:19:13.0949 1740 Windows directory: C:\Windows
2011/03/12 11:19:13.0949 1740 System windows directory: C:\Windows
2011/03/12 11:19:13.0949 1740 Processor architecture: Intel x86
2011/03/12 11:19:13.0949 1740 Number of processors: 2
2011/03/12 11:19:13.0949 1740 Page size: 0x1000
2011/03/12 11:19:13.0949 1740 Boot type: Normal boot
2011/03/12 11:19:13.0949 1740 ================================================================================
2011/03/12 11:19:20.0938 1740 Initialize success
2011/03/12 11:19:26.0414 5904 ================================================================================
2011/03/12 11:19:26.0414 5904 Scan started
2011/03/12 11:19:26.0414 5904 Mode: Manual;
2011/03/12 11:19:26.0414 5904 ================================================================================
2011/03/12 11:19:27.0506 5904 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/12 11:19:27.0584 5904 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/12 11:19:27.0631 5904 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/12 11:19:27.0662 5904 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/12 11:19:27.0693 5904 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/12 11:19:27.0802 5904 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/12 11:19:27.0865 5904 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/12 11:19:27.0880 5904 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/12 11:19:27.0958 5904 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2011/03/12 11:19:27.0989 5904 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/12 11:19:28.0021 5904 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2011/03/12 11:19:28.0052 5904 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/12 11:19:28.0099 5904 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/12 11:19:28.0192 5904 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/12 11:19:28.0270 5904 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/12 11:19:28.0317 5904 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/12 11:19:28.0364 5904 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/12 11:19:28.0395 5904 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/03/12 11:19:28.0473 5904 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/03/12 11:19:28.0520 5904 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/03/12 11:19:28.0551 5904 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/03/12 11:19:28.0613 5904 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/12 11:19:28.0676 5904 atapi (f980094c5e02cb9cce996171d273128b) C:\Windows\system32\drivers\atapi.sys
2011/03/12 11:19:28.0676 5904 Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: f980094c5e02cb9cce996171d273128b, Fake md5: 1f05b78ab91c9075565a9d8a4b880bc4
2011/03/12 11:19:28.0676 5904 atapi - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/12 11:19:28.0769 5904 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
2011/03/12 11:19:28.0847 5904 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
2011/03/12 11:19:28.0957 5904 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/12 11:19:29.0035 5904 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/12 11:19:29.0097 5904 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/12 11:19:29.0144 5904 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/12 11:19:29.0206 5904 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/12 11:19:29.0237 5904 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/12 11:19:29.0284 5904 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/12 11:19:29.0331 5904 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/12 11:19:29.0362 5904 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/12 11:19:29.0409 5904 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/12 11:19:29.0456 5904 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/12 11:19:29.0518 5904 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/12 11:19:29.0565 5904 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/12 11:19:29.0627 5904 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/12 11:19:29.0690 5904 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/12 11:19:29.0737 5904 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2011/03/12 11:19:29.0815 5904 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
2011/03/12 11:19:29.0846 5904 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/12 11:19:29.0877 5904 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/12 11:19:29.0924 5904 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/12 11:19:30.0033 5904 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/12 11:19:30.0158 5904 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/12 11:19:30.0236 5904 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/12 11:19:30.0283 5904 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/12 11:19:30.0329 5904 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/12 11:19:30.0392 5904 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/12 11:19:30.0454 5904 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/12 11:19:30.0532 5904 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/12 11:19:30.0626 5904 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/12 11:19:30.0704 5904 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/12 11:19:30.0782 5904 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/12 11:19:30.0875 5904 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/12 11:19:30.0938 5904 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/12 11:19:30.0985 5904 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/12 11:19:31.0031 5904 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/12 11:19:31.0078 5904 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/12 11:19:31.0125 5904 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/12 11:19:31.0203 5904 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/12 11:19:31.0312 5904 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/12 11:19:31.0406 5904 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
2011/03/12 11:19:31.0468 5904 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
2011/03/12 11:19:31.0515 5904 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/12 11:19:31.0640 5904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/12 11:19:31.0827 5904 hcmon (1d6e3fc794fc0d01c77211b809aa7b12) C:\Windows\system32\Drivers\hcmon.sys
2011/03/12 11:19:31.0889 5904 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/12 11:19:31.0967 5904 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/12 11:19:32.0030 5904 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/12 11:19:32.0077 5904 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/12 11:19:32.0123 5904 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/12 11:19:32.0170 5904 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/12 11:19:32.0217 5904 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/03/12 11:19:32.0326 5904 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/12 11:19:32.0389 5904 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/12 11:19:32.0435 5904 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/12 11:19:32.0576 5904 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/12 11:19:32.0623 5904 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/12 11:19:32.0669 5904 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/12 11:19:32.0966 5904 igfx (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/12 11:19:33.0262 5904 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/12 11:19:33.0340 5904 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/03/12 11:19:33.0387 5904 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2011/03/12 11:19:33.0434 5904 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/12 11:19:33.0543 5904 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/12 11:19:33.0652 5904 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/12 11:19:33.0683 5904 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/12 11:19:33.0730 5904 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/12 11:19:33.0793 5904 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/12 11:19:33.0824 5904 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/12 11:19:33.0871 5904 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/12 11:19:33.0902 5904 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/12 11:19:33.0949 5904 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/12 11:19:34.0027 5904 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/12 11:19:34.0105 5904 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/03/12 11:19:34.0136 5904 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/12 11:19:34.0198 5904 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/12 11:19:34.0229 5904 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/12 11:19:34.0292 5904 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/12 11:19:34.0307 5904 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/12 11:19:34.0417 5904 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/12 11:19:34.0463 5904 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/12 11:19:34.0526 5904 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/12 11:19:34.0619 5904 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/12 11:19:34.0666 5904 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/12 11:19:34.0697 5904 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/12 11:19:34.0744 5904 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/12 11:19:34.0791 5904 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/12 11:19:34.0822 5904 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/12 11:19:34.0869 5904 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/12 11:19:34.0900 5904 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/12 11:19:34.0947 5904 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/12 11:19:35.0025 5904 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/12 11:19:35.0056 5904 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/12 11:19:35.0103 5904 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/12 11:19:35.0181 5904 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/03/12 11:19:35.0212 5904 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/12 11:19:35.0259 5904 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/12 11:19:35.0321 5904 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/12 11:19:35.0368 5904 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/12 11:19:35.0415 5904 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/12 11:19:35.0477 5904 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/12 11:19:35.0571 5904 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/12 11:19:35.0618 5904 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/12 11:19:35.0665 5904 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/12 11:19:35.0696 5904 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/12 11:19:35.0774 5904 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/12 11:19:36.0055 5904 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/12 11:19:36.0101 5904 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/12 11:19:36.0148 5904 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/12 11:19:36.0226 5904 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/12 11:19:36.0257 5904 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/12 11:19:36.0304 5904 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/12 11:19:36.0382 5904 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/12 11:19:36.0772 5904 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/03/12 11:19:37.0178 5904 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/12 11:19:37.0303 5904 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/12 11:19:37.0365 5904 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/12 11:19:37.0833 5904 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/12 11:19:37.0973 5904 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/12 11:19:38.0051 5904 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/12 11:19:38.0083 5904 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/12 11:19:38.0114 5904 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/12 11:19:38.0161 5904 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/12 11:19:38.0410 5904 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/12 11:19:38.0473 5904 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/12 11:19:38.0551 5904 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/12 11:19:38.0597 5904 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/12 11:19:38.0738 5904 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/12 11:19:38.0800 5904 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2011/03/12 11:19:38.0847 5904 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/12 11:19:38.0941 5904 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/12 11:19:39.0362 5904 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/03/12 11:19:39.0986 5904 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/12 11:19:40.0048 5904 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/12 11:19:40.0173 5904 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/12 11:19:40.0267 5904 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/12 11:19:40.0329 5904 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/12 11:19:40.0360 5904 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/12 11:19:40.0391 5904 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/12 11:19:40.0438 5904 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/12 11:19:40.0501 5904 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/12 11:19:40.0563 5904 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/12 11:19:40.0641 5904 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/12 11:19:40.0672 5904 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/12 11:19:40.0766 5904 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/12 11:19:40.0797 5904 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/12 11:19:40.0875 5904 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/12 11:19:41.0000 5904 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/12 11:19:41.0062 5904 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/12 11:19:41.0140 5904 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
2011/03/12 11:19:41.0171 5904 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/12 11:19:41.0265 5904 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/12 11:19:41.0421 5904 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/12 11:19:41.0483 5904 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/12 11:19:41.0530 5904 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/12 11:19:41.0608 5904 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/12 11:19:41.0671 5904 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/12 11:19:41.0733 5904 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/12 11:19:41.0780 5904 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/12 11:19:41.0842 5904 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/12 11:19:41.0905 5904 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/12 11:19:41.0967 5904 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/12 11:19:42.0014 5904 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/12 11:19:42.0139 5904 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/12 11:19:42.0263 5904 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/12 11:19:42.0326 5904 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/03/12 11:19:42.0326 5904 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/03/12 11:19:42.0341 5904 sptd - detected Locked file (1)
2011/03/12 11:19:42.0388 5904 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2011/03/12 11:19:42.0435 5904 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/12 11:19:42.0482 5904 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/12 11:19:42.0622 5904 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/12 11:19:42.0700 5904 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/12 11:19:42.0747 5904 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/12 11:19:42.0794 5904 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/12 11:19:42.0825 5904 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/12 11:19:42.0934 5904 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/12 11:19:43.0387 5904 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
2011/03/12 11:19:43.0449 5904 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/12 11:19:43.0480 5904 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/12 11:19:43.0527 5904 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/12 11:19:43.0589 5904 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/12 11:19:43.0667 5904 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/12 11:19:43.0730 5904 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/12 11:19:43.0870 5904 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/12 11:19:43.0948 5904 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/12 11:19:43.0979 5904 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/12 11:19:44.0026 5904 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/12 11:19:44.0104 5904 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/12 11:19:44.0182 5904 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/12 11:19:44.0245 5904 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/12 11:19:44.0276 5904 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/12 11:19:44.0323 5904 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/12 11:19:44.0369 5904 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/12 11:19:44.0463 5904 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/12 11:19:44.0510 5904 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/12 11:19:44.0588 5904 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/12 11:19:44.0806 5904 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/12 11:19:44.0931 5904 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/12 11:19:45.0009 5904 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/12 11:19:45.0087 5904 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/12 11:19:45.0134 5904 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/12 11:19:45.0165 5904 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/12 11:19:45.0227 5904 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/12 11:19:45.0321 5904 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/12 11:19:45.0383 5904 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/12 11:19:45.0430 5904 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/12 11:19:45.0508 5904 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/12 11:19:45.0571 5904 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2011/03/12 11:19:45.0617 5904 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/03/12 11:19:45.0680 5904 VMnetBridge (73ad50a27e2f2b6442df3034e18ac296) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/03/12 11:19:45.0742 5904 VMnetuserif (ac33327fb6cef90c389c3d9078877214) C:\Windows\system32\drivers\vmnetuserif.sys
2011/03/12 11:19:45.0805 5904 vmx86 (aa57871334fae62834025133a4d3c372) C:\Windows\system32\Drivers\vmx86.sys
2011/03/12 11:19:45.0961 5904 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/12 11:19:46.0132 5904 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/12 11:19:46.0210 5904 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/12 11:19:46.0273 5904 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/12 11:19:46.0475 5904 vstor2 (449bf234cae814ba938252364bb4c39d) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
2011/03/12 11:19:46.0569 5904 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/12 11:19:46.0631 5904 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/12 11:19:46.0663 5904 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/12 11:19:46.0709 5904 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/12 11:19:46.0756 5904 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/12 11:19:46.0928 5904 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/12 11:19:47.0021 5904 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/12 11:19:47.0146 5904 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/12 11:19:47.0224 5904 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/12 11:19:47.0474 5904 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/12 11:19:47.0521 5904 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/12 11:19:47.0614 5904 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/03/12 11:19:47.0786 5904 ZTEusbnmeaext (1d4eb2e5fc4276cd5e9b862d349f68bd) C:\Windows\system32\DRIVERS\ZTEusbnmeaext.sys
2011/03/12 11:19:47.0848 5904 ================================================================================
2011/03/12 11:19:47.0848 5904 Scan finished
2011/03/12 11:19:47.0848 5904 ================================================================================
2011/03/12 11:19:47.0864 1908 Detected object count: 2
2011/03/12 11:20:27.0862 1908 atapi (f980094c5e02cb9cce996171d273128b) C:\Windows\system32\drivers\atapi.sys
2011/03/12 11:20:27.0862 1908 Suspicious file (Forged): C:\Windows\system32\drivers\atapi.sys. Real md5: f980094c5e02cb9cce996171d273128b, Fake md5: 1f05b78ab91c9075565a9d8a4b880bc4
2011/03/12 11:20:27.0862 1908 C:\Windows\system32\drivers\atapi.sys - copied to quarantine
2011/03/12 11:20:28.0034 1908 \HardDisk0\TDLFS\z00clicker.dll - copied to quarantine
2011/03/12 11:20:28.0034 1908 \HardDisk0\TDLFS\config.ini - copied to quarantine
2011/03/12 11:20:28.0034 1908 Rootkit.Win32.TDSS.tdl3(atapi) - User select action: Quarantine
2011/03/12 11:20:28.0096 1908 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/03/12 11:20:28.0096 1908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/03/12 11:20:28.0096 1908 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
2011/03/12 11:20:28.0096 1908 Locked file(sptd) - User select action: Quarantine
2011/03/12 11:21:10.0528 6052 Deinitialize success
 
Please run Combofix as directed.

Follow that with:Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

As for your question about learning to read logs, the only article you might find-on various internet sites-may be a general interpretation of HijackThis. But learning to determine the presence of a rootkit is better left to those who have been trained to do it. Do not worry about being "sheepish" in asking for help. We would rather you do that than load a bunch of inappropriate programs to try and find and fix yourself.

The only directions you should follow are those given by your helper-in this case, me-to address your specific problems and entries.

If you want to look into this further, there are several virtual schools on the internet for malware teaining.
 
Ok, here's the Eset's log:

C:\TDSSKiller_Quarantine\12.03.2011_11.19.13\rtkt0000\svc0000\tsk0000.dta
Win32/Olmarik.TM trojan
C:\TDSSKiller_Quarantine\12.03.2011_11.19.13\rtkt0000\tdlfs0000\tsk0000.dta
Win32/TrojanClicker.Agent.NJA trojan

One thing, though - last evening I turned on Combofix and left the laptop unattended. When I came back some half an hour later, the PC was at reboot password stage. I got prompted that windows didn't close normally, and was asked whether I would like to load in safe mode. Once I loaded windows proper (in normal mode) I got a prompt about blue screen of death on last run. So something went wrong with Combofix this time (didn't happen the first time I used it), but as it was late in the night and I had to go to sleep, rather than retrying Combofix I set up the Eset scan for the night. Please let me know if this is a big issue and you need me to rerun the whole procedure.
 
Since there was an improper shut down, run the Error Check with both the Fix and Scan boxes checked:
My Computer> Right click on Local Drive (C)> Properties> Tools tab> Error Check> Check both boxes on screen that comes up> OK> Close message and Reboot.

Let the checking complete. system will reboot on it's own. Try Combofix again.

For the Eset entries:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Files  
    C:\TDSSKiller_Quarantine\12.03.2011_11.19.13\rtkt0000\svc0000\tsk0000.dta
    C:\TDSSKiller_Quarantine\12.03.2011_11.19.13\rtkt0000\tdlfs0000\tsk0000.dta
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
 
Still getting redirected, though. Well, below is the log:

All processes killed
========== FILES ==========
C:\TDSSKiller_Quarantine\12.03.2011_11.19.13\rtkt0000\svc0000\tsk0000.dta moved successfully.
C:\TDSSKiller_Quarantine\12.03.2011_11.19.13\rtkt0000\tdlfs0000\tsk0000.dta moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 671852 bytes
->Temporary Internet Files folder emptied: 7400699 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43588722 bytes
->Google Chrome cache emptied: 6583518 bytes
->Flash cache emptied: 689 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: pcworld
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 738729 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 222249102 bytes

Total Files Cleaned = 268.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03162011_201225

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-serverd.log moved successfully.
File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Did you run the Error Check?
Did you try the Combofix scan again?


I would like to note the OTM moved Total Files Cleaned = 268.00 mb. This is a very large amount of files and indicates you may not be doing any regular maintenance on the system.

You have 4 versions of Java installed, none the current version which is v6u24. Check this site Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
(Note: You should not also add Java extensions to Firefox. this update covers FF also)
 
Ok, so I realized that I didn't successfully run the Combofix before launching OTMovit, although I thought different. When turning on Combofix first a loading bar comes up, and after about two minutes it disappears. Although it seemed strange to me that would be all the output from the Combofix I would see, computer seemed inactive for the next few minutes, so I was convinced Combofix indeed finished running, so I restarted my PC and went ahead with OTMovit. Turns out I should had waited yet another couple of minutes, after which the Combofix proper would finally load. However, once Combofix begins the scan, Windows crushes. I tried three times, with the same results on each run. Any ideas how to go about it?
 
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Run RKill:
First Delete Combofix file:
  • Click START> then RUN
  • Type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Then Reinstall a new Combofix but rename combofix.exe to puchatek.exe BEFORE saving it to your desktop. Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once one Rkill has run, immediately double click on puchatek.exe to run it..

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, Rkill and Combofix.
 
No luck. I was able to run Rkill in normal mode (btw - it took a good couple of minutes for it to load, and most of this time PC appeared to be inactive, then maybe a minute to run once Rkill window came up), and here's the log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 20/03/2011 at 16:29:03.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\FREEDO~1\fdm.exe


Rkill completed on 20/03/2011 at 16:29:11.

I wasn't able to run Combofix afterwards, though.

I then tried running both programmes in safemode, and here's the Rkill's log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 20/03/2011 at 17:00:50.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\WerFault.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe


Rkill completed on 20/03/2011 at 17:00:55.

But upon attempting to run Combofix PC crashed. I did one more attempt, running Rkill in safemode first (same log, onkly that conime.exe was killed only once, not twice), but Combofix didn't want to open - after the initial loading bar disappeared I let the PC untouched for over half an hour hoping that maybe it's slowly loading in the background, but to no avail, nothing happened.

BTW - I have Ubuntu 9.04 installed on this PC as well, maybe there's an easier method to sort out the redirections problem from different system?
 
Every time I go back and review the logs, I see this and copy it to ask about- but don't. So please explain:

pages to which I'm redirected depend on country I'm accessing the web in

Can you clarify this for me? How do you know what country a site is in? How is the redirect related? Domain names are okay, but no links. There are particular sites in particular countries that hijack browsers on search, but so far, I'm not seeing that in your logs.

As for working with Ubuntu, I have no experience with that OS and doubt the Windows scans would work on it. But it does make me wonder if the dual boot is causing the problem,
 
No, what I mean is that depending on the country I'm accessing the web in I'm getting redirected to different pages. When in UK I got redirected mainly to one online shopping site (can't remember the name) and some online drug stores, now that I live in Singapore I'm being redirected mainly to Stulus and Yahoo Singapore. Funny enough, when I stayed in Poland for a while I didn't get redirected at all - instead when clicking a new link browser would appear to be inactive for some 3sec or so, before proceeding to the right webpage. Looked a bit as if whatever's redirecting me couldn't find a webpage it would like to forward me to, so gave up and let the right webpage go through.

Maybe it's worth adding that if after getting redirected I click 'go back one page' button in the browser, and then click on the link I intended to go to again, most of the times I would be taken to the right webpage rather than redirected.

As for dual boot being the problem - nope, I had two systems for well over a year before I started to get redirected.
 
Thank you for the explanation. I'm not sure of the significance, but st least I understand what you mean.

I'm adding another program to follow rKill: Follow these steps in order:

If Combofix refuses to run, try one of the following:
1). Try to run the scan from Safe Mode.

2). Delete Combofix file, download fresh one, but rename combofix.exe to puchatek.exe BEFORE saving it to your desktop.Do NOT run it yet.

3). Please download and run the below tool named Rkill (courtesy of Bleeping Computer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.
Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Without a reboot, immediately double click on puchatek.exe to run it.. (this i the renamed Combofix.exe file))

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, Rkill and Combofix.
Once one Rkill has run, immediately double click on puchatek.exe to run it..

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, Rkill and Combofix.
 
No luck this time either. exHelper run without problems, both in normal mode and in safe mode, but renamed Combofix wouldn't load up properly nonetheless. After failing in normal mode, I tried the whole process in safe mode twice, in both cases rkill and exHelper run successfully (rkil took good couple of minutes to load up, as before), but on the first attempt renamed Combofix didn't load up afterwards, and on the second attempt the system crashed. Below I pasted rkill and exHelper logs for both normal and safe run modes, as well as the windows crash report, perhaps it will be of some help.

Normal mode:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26/03/2011 at 9:13:17.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe


Rkill completed on 26/03/2011 at 9:13:27.

(Note - Dropbox isn't a problem, I installed it long after the redirections issue appeared.)

/**************/

exeHelper by Raktor
Build 20100414
Run at 09:14:04 on 03/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

/*********************************************************************/

Safe mode:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26/03/2011 at 9:51:20.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\system32\conime.exe
C:\Windows\system32\conime.exe


Rkill completed on 26/03/2011 at 9:51:25.

/************/

exeHelper by Raktor
Build 20100414
Run at 09:14:04 on 03/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 09:52:56 on 03/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

/******************************************/

(Note - On second safe mode run logs were exactly the same, only that exeHelper had three sets of entries, not two.)

And here's the windows crash log:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 82217ADD
BCP3: 8D6B55B8
BCP4: 8D6B52B4
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini032611-01.dmp
C:\Users\Administrator\AppData\Local\Temp\WER-74942-0.sysdata.xml
C:\Users\Administrator\AppData\Local\Temp\WER57EE.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
 
Did you run the Error Check I asked for several replies back?

(Note - Dropbox isn't a problem, I installed it long after the redirections issue appeared.

You may have uninstalled it- but if Rkill stopped the executable, it means it's still running! Try using the Windows Installer Cleanup Utility to remove files left over from uninstalls.

I'd like you to do a search on the system for ComboFix.txt It's possible there may be a log.
 
Yes, I run the Error Check before attempting the rkill + Combofix combination, and also a few reboots before rkill + exeHelper + Combofix combination. I retried today running the Error Check once again and then following with these three right after, but with similar result - rkill and exeHelper executed, but Combofix wouldn't.

Just to make double sure you have a clear picture of how Combofix is behaving: when I double click the program first a small loading progress bar titled Combofix appears, and slowly loads. A little while after it hits the full loading state it disappears, and there seem to be no program running, but computer is still choked up, with the cursor occasionally changing in and out into the loading circle icon. This continues for a good twenty minutes or so, but at some point ceases and computer starts responding to commands again. A quick check in the task manager confirms that there are indeed no applications running, and the CPU usage is very low, so I assume it means Combofix load dropped.

As I mentioned, occasionally Combofix actually loaded, but Windows crashed as Combofix was attempting the scan.

Also, search scan didn't find any ComboFix.txt on the disc.
 
I'd like you to do me a favor please. My d... internet went down-again. I am trying to catch up. But I don't do the minidumps. I'd like you to copy what you posted:
And here's the windows crash log:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 1000007e
BCP1: C0000005
BCP2: 82217ADD
BCP3: 8D6B55B8
BCP4: 8D6B52B4
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini032611-01.dmp
C:\Users\Administrator\AppData\Local\Temp\WER-74942-0.sysdata.xml
C:\Users\Administrator\AppData\Local\Temp\WER57EE.tmp.version.txt

in our Windows BSOD Forum. Tell them it's crash report from attempt to run Combofix. They will direct you if they need another minidump- that I need to know what drivers are causing this problem, that I'm working with you in V&M.

Then come back and let me know, okay?
 
Reopening thread at member's request:

Please uninstall the Malwarebytes you ran originally. The download the current version and run new scan:
malwarebytesgc8.png

Malwarebytes' Anti-Malware
  • Please download Malwarebytes' Anti-Malware from from HERE
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    [o] Update Malwarebytes' Anti-Malware
    [o] and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach this log with your reply
    [o] If you accidentally close it, the log file is saved here and will be named like this:
    [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
==================================
When you finish, see if Combofix will run.
========================
Funny thing- I got a PM from another member yesterday telling me he had the same problem as yo u and asking me to reopen this thread! He went ahead and started his own and I explained we only reopen a thread when the original poster asks us to.
 
Hi

Malewarebytes detected and removed a single infection, however it didn't help the redirection issue, nor did it change anything about Combofix - it still wouldn't run. I tried running Malewarebytes once again after restarting my PC to see if the infection would appear again, but no, it seems to be removed permanently. Will probably try once again in a few days. Anyway, here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6372

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

16/04/2011 14:06:39
mbam-log-2011-04-16 (14-06-39).txt

Scan type: Quick scan
Objects scanned: 166772
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Value: 7bde84a2-f58f-46ec-9eac-f1f90fead080 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Status
Not open for further replies.
Back