Jump to content

DannyMac

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by DannyMac

  1. DannyMac
    Same symptoms as my Desktop. ComboFix Log ComboFix 11-07-20.02 - Danny 20/07/2011 17:41:06.1.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.8190.5661 [GMT 1:00] Running from: c:\users\Danny\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFRDC43.tmp C:\hosts c:\users\Danny\AppData\Roaming\.# c:\users\Danny\AppData\Roaming\inst.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_RelevantKnowledge . . ((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 ))))))))))))))))))))))))))))))) . . 2011-07-20 16:47 . 2011-07-20 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-20 16:02 . 2011-07-20 16:02 -------- d-----w- c:\users\Danny\AppData\Local\Adobe 2011-07-16 14:51 . 2011-07-17 20:56 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-07-14 18:02 . 2011-07-14 18:02 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes 2011-07-14 18:01 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-14 18:01 . 2011-07-14 18:01 -------- d-----w- c:\programdata\Malwarebytes 2011-07-14 18:01 . 2011-07-14 18:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-14 18:01 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-14 02:00 . 2011-07-14 02:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2011-07-13 20:12 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 20:12 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 20:12 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-05 22:21 . 2011-07-05 23:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-07-05 22:21 . 2011-07-05 22:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-06-29 18:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll 2011-06-29 18:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-17 20:56 . 2010-02-26 09:44 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-15 08:44 . 2009-08-01 06:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-06-26 15:47 . 2008-10-14 01:09 303115 ----a-w- c:\windows\DUMP41c0.tmp 2011-05-28 06:28 . 2011-06-14 19:30 1147904 ----a-w- c:\windows\system32\wininet.dll 2011-05-28 06:24 . 2011-06-14 19:30 56832 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-28 06:23 . 2011-06-14 19:30 1538560 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-28 06:23 . 2011-06-14 19:30 132096 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-28 06:23 . 2011-06-14 19:30 77312 ----a-w- c:\windows\system32\iesetup.dll 2011-05-28 06:08 . 2011-06-14 19:30 916480 ----a-w- c:\windows\SysWow64\wininet.dll 2011-05-28 06:04 . 2011-06-14 19:30 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-05-28 06:04 . 2011-06-14 19:30 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-05-28 06:04 . 2011-06-14 19:30 71680 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-05-28 06:04 . 2011-06-14 19:30 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-05-28 05:33 . 2011-06-14 19:30 479232 ----a-w- c:\windows\system32\html.iec 2011-05-28 05:10 . 2011-06-14 19:30 385024 ----a-w- c:\windows\SysWow64\html.iec 2011-05-28 04:53 . 2011-06-14 19:30 162816 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-28 04:52 . 2011-06-14 19:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-28 04:33 . 2011-06-14 19:30 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-05-28 04:31 . 2011-06-14 19:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-05-02 17:16 . 2011-06-14 19:30 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-05-02 17:13 . 2011-06-14 19:30 975360 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:41 . 2011-06-14 19:30 176128 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:40 . 2011-06-14 19:30 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:39 . 2011-06-14 19:30 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:39 . 2011-06-14 19:30 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-29 13:39 . 2011-06-14 19:30 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-03-30 07:42 . 2010-04-29 13:43 5160448 ----a-w- c:\program files (x86)\mb_warband.exe 2008-09-19 16:08 . 2010-04-29 13:19 4407296 ----a-w- c:\program files (x86)\mount&blade.exe 2007-09-07 02:03 . 2010-07-29 08:29 11010048 ----a-w- c:\program files\Race07.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-10-02 15:44 325000 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AsioThk32Reg"="CTASIO.DLL" [2008-10-07 51712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "AsioThk32Reg"=REGSVR32.EXE /S CTASIO.DLL . R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968] R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 136176] R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-12 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 136176] R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-02-01 32240] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360] S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2008-10-02 460168] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x] S2 FGUARD64;FGUARD64;c:\program files\Folder Guard\FGUARD64.SYS [2009-09-25 71760] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2009-09-11 211968] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-11-11 11576] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x] S3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\Drivers\hcw99bda.sys [x] S3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\Drivers\hcw99rc.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x] . . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9107acd3-5778-11de-b9e1-00221546089c}] \shell\AutoRun\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-15 c:\windows\Tasks\1-Click Maintenance.job - c:\program files (x86)\TuneUp Utilities 2008\OneClick.exe [2008-01-08 12:31] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:09] . 2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:09] . 2011-07-20 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~2\SmartDraw 2010\Messages\SDNotify.exe [2010-09-02 16:21] . 2011-06-09 c:\windows\Tasks\User_Feed_Synchronization-{0152C480-C491-45B6-81B1-37EB27D687E2}.job - c:\windows\system32\msfeedssync.exe [2011-06-14 04:32] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF236.cfxxe" [X] "Skytel"="Skytel.exe" [2008-08-29 1833504] "FG_Monitor"="c:\program files\Folder Guard\FGKey64.exe" [2009-09-25 150344] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Web Capture - c:\program files (x86)\SmarThru Office\WebCapture.dll Trusted Zone: stoneguard.co.uk\hq Trusted Zone: stoneguard.co.uk\sbserver TCP: DhcpNameServer = 213.109.65.249 213.109.76.244 DPF: {37309153-EBDD-43BC-9993-0465005041F0} - hxxp://isgplc.mybiw.com/classes/5.5.0.2/BIWViewer_40.cab DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\kibh9twf.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msftesql$PRIMAVERA] "ImagePath"="\"c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:PRIMAVERA" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3614891326-3336556046-865985116-1000\Software\SecuROM\License information*] "datasecu"=hex:94,81,84,15,15,e3,39,90,93,01,ca,77,12,40,9e,ff,da,6a,aa,6a,84, 31,2c,ee,94,b4,e4,68,96,d4,c3,66,5a,45,16,a7,43,cb,3f,5f,cf,55,7e,9e,94,08,\ "rkeysecu"=hex:c3,a1,11,14,c7,6c,6f,ff,37,c2,b9,7e,e4,82,61,0c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\CDBurnerXP\NMSAccessU.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Completion time: 2011-07-20 18:02:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-20 17:02 . Pre-Run: 3,852,283,904 bytes free Post-Run: 3,336,560,640 bytes free . - - End Of File - - 34C0927AD19124237F782BF810BC0DF1
  2. DannyMac
    Yes i am using a router. There is generally a laptop / Desktop connected to my router.
  3. DannyMac
    Apologies for the delayed responce. Been very busy with work. Google still behaving strangely. Re-directing to ad site sometimes when i click a link and opening up tabs in different Firefox windows. TDSSKiller Log: 2011/07/20 16:16:06.0672 3684 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/20 16:16:07.0873 3684 ================================================================================ 2011/07/20 16:16:07.0873 3684 SystemInfo: 2011/07/20 16:16:07.0873 3684 2011/07/20 16:16:07.0873 3684 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/20 16:16:07.0873 3684 Product type: Workstation 2011/07/20 16:16:07.0873 3684 ComputerName: DANNY-PC 2011/07/20 16:16:07.0873 3684 UserName: Danny 2011/07/20 16:16:07.0873 3684 Windows directory: C:\Windows 2011/07/20 16:16:07.0873 3684 System windows directory: C:\Windows 2011/07/20 16:16:07.0873 3684 Running under WOW64 2011/07/20 16:16:07.0873 3684 Processor architecture: Intel x64 2011/07/20 16:16:07.0873 3684 Number of processors: 4 2011/07/20 16:16:07.0873 3684 Page size: 0x1000 2011/07/20 16:16:07.0873 3684 Boot type: Normal boot 2011/07/20 16:16:07.0873 3684 ================================================================================ 2011/07/20 16:16:08.0185 3684 Initialize success 2011/07/20 16:16:18.0871 3856 ================================================================================ 2011/07/20 16:16:18.0871 3856 Scan started 2011/07/20 16:16:18.0871 3856 Mode: Manual; 2011/07/20 16:16:18.0871 3856 ================================================================================ 2011/07/20 16:16:19.0199 3856 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 2011/07/20 16:16:19.0230 3856 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 2011/07/20 16:16:19.0293 3856 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 2011/07/20 16:16:19.0339 3856 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 2011/07/20 16:16:19.0371 3856 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 2011/07/20 16:16:19.0402 3856 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 2011/07/20 16:16:19.0433 3856 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys 2011/07/20 16:16:19.0480 3856 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 2011/07/20 16:16:19.0511 3856 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 2011/07/20 16:16:19.0527 3856 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 2011/07/20 16:16:19.0558 3856 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 2011/07/20 16:16:19.0589 3856 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 2011/07/20 16:16:19.0636 3856 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 2011/07/20 16:16:19.0683 3856 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 2011/07/20 16:16:19.0745 3856 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/20 16:16:19.0776 3856 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 2011/07/20 16:16:19.0807 3856 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys 2011/07/20 16:16:19.0870 3856 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys 2011/07/20 16:16:19.0917 3856 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/20 16:16:19.0963 3856 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/20 16:16:19.0995 3856 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 2011/07/20 16:16:20.0041 3856 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/20 16:16:20.0073 3856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/20 16:16:20.0088 3856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 2011/07/20 16:16:20.0135 3856 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 2011/07/20 16:16:20.0182 3856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 2011/07/20 16:16:20.0213 3856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/20 16:16:20.0244 3856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 2011/07/20 16:16:20.0260 3856 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 2011/07/20 16:16:20.0291 3856 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/20 16:16:20.0322 3856 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/20 16:16:20.0353 3856 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 2011/07/20 16:16:20.0400 3856 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 2011/07/20 16:16:20.0478 3856 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 2011/07/20 16:16:20.0525 3856 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 2011/07/20 16:16:20.0587 3856 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys 2011/07/20 16:16:20.0619 3856 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 2011/07/20 16:16:20.0697 3856 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys 2011/07/20 16:16:20.0743 3856 CT20XUT (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\system32\drivers\CT20XUT.SYS 2011/07/20 16:16:20.0775 3856 CT20XUT.SYS (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\System32\drivers\CT20XUT.SYS 2011/07/20 16:16:20.0821 3856 ctac32k (3295516329ea2aecadde7a33872d3816) C:\Windows\system32\drivers\ctac32k.sys 2011/07/20 16:16:20.0853 3856 ctaud2k (a2dda894e68b746c83153428107ad8a7) C:\Windows\system32\drivers\ctaud2k.sys 2011/07/20 16:16:20.0915 3856 CTEXFIFX (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\system32\drivers\CTEXFIFX.SYS 2011/07/20 16:16:20.0993 3856 CTEXFIFX.SYS (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\System32\drivers\CTEXFIFX.SYS 2011/07/20 16:16:21.0024 3856 CTHWIUT (37f04666c5c325d1864d36b260a7248b) C:\Windows\system32\drivers\CTHWIUT.SYS 2011/07/20 16:16:21.0055 3856 CTHWIUT.SYS (37f04666c5c325d1864d36b260a7248b) C:\Windows\System32\drivers\CTHWIUT.SYS 2011/07/20 16:16:21.0087 3856 ctprxy2k (24d416647168617bb19dbd1a3624be4d) C:\Windows\system32\drivers\ctprxy2k.sys 2011/07/20 16:16:21.0133 3856 ctsfm2k (3e7177437bfa1ba61ca1a85bacf442a0) C:\Windows\system32\drivers\ctsfm2k.sys 2011/07/20 16:16:21.0180 3856 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 2011/07/20 16:16:21.0211 3856 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys 2011/07/20 16:16:21.0243 3856 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 2011/07/20 16:16:21.0289 3856 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 2011/07/20 16:16:21.0336 3856 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/20 16:16:21.0383 3856 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 2011/07/20 16:16:21.0414 3856 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 2011/07/20 16:16:21.0445 3856 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 2011/07/20 16:16:21.0508 3856 emupia (660dedf9ae7c414b74480b484c7ba300) C:\Windows\system32\drivers\emupia2k.sys 2011/07/20 16:16:21.0539 3856 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 2011/07/20 16:16:21.0586 3856 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 2011/07/20 16:16:21.0617 3856 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 2011/07/20 16:16:21.0648 3856 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/20 16:16:21.0695 3856 FGUARD64 (7f13c4fc030ba661805ff519dc8aeb88) C:\Program Files\Folder Guard\FGUARD64.SYS 2011/07/20 16:16:21.0711 3856 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 2011/07/20 16:16:21.0726 3856 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 2011/07/20 16:16:21.0742 3856 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/20 16:16:21.0789 3856 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 2011/07/20 16:16:21.0820 3856 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/07/20 16:16:21.0835 3856 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/20 16:16:21.0867 3856 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/20 16:16:21.0898 3856 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/20 16:16:21.0976 3856 ha20x2k (c8df6024abea766f2d735b35d109ee7e) C:\Windows\system32\drivers\ha20x2k.sys 2011/07/20 16:16:22.0023 3856 HCW99BDA (034b83c9a1887f2af644d60e1856868e) C:\Windows\system32\Drivers\hcw99bda.sys 2011/07/20 16:16:22.0054 3856 hcw99rc (07c7257b6f92e852d6bfe9eb99c11b88) C:\Windows\system32\Drivers\hcw99rc.sys 2011/07/20 16:16:22.0101 3856 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys 2011/07/20 16:16:22.0147 3856 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/20 16:16:22.0179 3856 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 2011/07/20 16:16:22.0210 3856 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 2011/07/20 16:16:22.0257 3856 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/20 16:16:22.0303 3856 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 2011/07/20 16:16:22.0350 3856 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 2011/07/20 16:16:22.0366 3856 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 2011/07/20 16:16:22.0397 3856 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/20 16:16:22.0413 3856 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 2011/07/20 16:16:22.0444 3856 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 2011/07/20 16:16:22.0522 3856 IntcAzAudAddService (d1bc3c39de5e02708a99aefd6f9be855) C:\Windows\system32\drivers\RTKVHD64.sys 2011/07/20 16:16:22.0537 3856 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 2011/07/20 16:16:22.0569 3856 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/20 16:16:22.0600 3856 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/20 16:16:22.0647 3856 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/20 16:16:22.0678 3856 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/20 16:16:22.0709 3856 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 2011/07/20 16:16:22.0725 3856 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 2011/07/20 16:16:22.0771 3856 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/20 16:16:22.0787 3856 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 2011/07/20 16:16:22.0818 3856 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 2011/07/20 16:16:22.0834 3856 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/20 16:16:22.0865 3856 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/20 16:16:22.0912 3856 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/20 16:16:22.0943 3856 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 2011/07/20 16:16:22.0974 3856 L1E (75a40635ebca9e69d6ebbdaa35e5ee1e) C:\Windows\system32\DRIVERS\L1E60x64.sys 2011/07/20 16:16:23.0052 3856 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/07/20 16:16:23.0083 3856 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/20 16:16:23.0130 3856 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/20 16:16:23.0146 3856 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/20 16:16:23.0193 3856 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/20 16:16:23.0224 3856 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 2011/07/20 16:16:23.0255 3856 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys 2011/07/20 16:16:23.0286 3856 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 2011/07/20 16:16:23.0317 3856 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 2011/07/20 16:16:23.0349 3856 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 2011/07/20 16:16:23.0380 3856 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/20 16:16:23.0411 3856 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/20 16:16:23.0427 3856 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/20 16:16:23.0458 3856 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 2011/07/20 16:16:23.0489 3856 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 2011/07/20 16:16:23.0520 3856 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/20 16:16:23.0551 3856 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/20 16:16:23.0583 3856 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 2011/07/20 16:16:23.0598 3856 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/20 16:16:23.0629 3856 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/20 16:16:23.0661 3856 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/20 16:16:23.0692 3856 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 2011/07/20 16:16:23.0723 3856 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 2011/07/20 16:16:23.0754 3856 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 2011/07/20 16:16:23.0785 3856 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 2011/07/20 16:16:23.0801 3856 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/20 16:16:23.0832 3856 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/20 16:16:23.0848 3856 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 2011/07/20 16:16:23.0879 3856 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 2011/07/20 16:16:23.0910 3856 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/20 16:16:23.0941 3856 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 2011/07/20 16:16:23.0973 3856 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/07/20 16:16:24.0004 3856 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 2011/07/20 16:16:24.0019 3856 mv61xx (a587d7fe4efd3ee5fddfc492944acb15) C:\Windows\system32\DRIVERS\mv61xx.sys 2011/07/20 16:16:24.0066 3856 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/20 16:16:24.0097 3856 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 2011/07/20 16:16:24.0129 3856 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/20 16:16:24.0160 3856 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/20 16:16:24.0191 3856 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/20 16:16:24.0222 3856 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 2011/07/20 16:16:24.0238 3856 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/20 16:16:24.0269 3856 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/20 16:16:24.0300 3856 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 2011/07/20 16:16:24.0347 3856 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys 2011/07/20 16:16:24.0378 3856 nmwcdnsucx64 (ce90d1dd60db810a45e13fccea47e890) C:\Windows\system32\drivers\nmwcdnsucx64.sys 2011/07/20 16:16:24.0409 3856 nmwcdnsux64 (f5a8219ea8a6b67280308fae169b65c0) C:\Windows\system32\drivers\nmwcdnsux64.sys 2011/07/20 16:16:24.0456 3856 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys 2011/07/20 16:16:24.0487 3856 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 2011/07/20 16:16:24.0503 3856 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/20 16:16:24.0565 3856 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 2011/07/20 16:16:24.0612 3856 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys 2011/07/20 16:16:24.0628 3856 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 2011/07/20 16:16:24.0893 3856 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/07/20 16:16:24.0971 3856 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 2011/07/20 16:16:25.0002 3856 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 2011/07/20 16:16:25.0033 3856 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 2011/07/20 16:16:25.0111 3856 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/20 16:16:25.0189 3856 ossrv (71e4ef433b137256c4810c6f8337680b) C:\Windows\system32\drivers\ctoss2k.sys 2011/07/20 16:16:25.0221 3856 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 2011/07/20 16:16:25.0252 3856 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 2011/07/20 16:16:25.0299 3856 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 2011/07/20 16:16:25.0330 3856 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 2011/07/20 16:16:25.0361 3856 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 2011/07/20 16:16:25.0377 3856 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 2011/07/20 16:16:25.0423 3856 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys 2011/07/20 16:16:25.0470 3856 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 2011/07/20 16:16:25.0548 3856 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys 2011/07/20 16:16:25.0595 3856 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/20 16:16:25.0611 3856 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 2011/07/20 16:16:25.0657 3856 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/20 16:16:25.0720 3856 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 2011/07/20 16:16:25.0751 3856 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 2011/07/20 16:16:25.0767 3856 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/20 16:16:25.0798 3856 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/20 16:16:25.0813 3856 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/20 16:16:25.0860 3856 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/20 16:16:25.0891 3856 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/20 16:16:25.0923 3856 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/20 16:16:25.0938 3856 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/20 16:16:25.0969 3856 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/07/20 16:16:25.0985 3856 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/20 16:16:26.0016 3856 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys 2011/07/20 16:16:26.0047 3856 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 2011/07/20 16:16:26.0110 3856 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/20 16:16:26.0188 3856 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS 2011/07/20 16:16:26.0203 3856 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS 2011/07/20 16:16:26.0235 3856 SASKUTIL (4731a1b8a79b19cad8e2cfdc7b7d82d4) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys 2011/07/20 16:16:26.0266 3856 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 2011/07/20 16:16:26.0313 3856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/07/20 16:16:26.0344 3856 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/20 16:16:26.0375 3856 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys 2011/07/20 16:16:26.0391 3856 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 2011/07/20 16:16:26.0437 3856 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 2011/07/20 16:16:26.0469 3856 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/20 16:16:26.0484 3856 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/20 16:16:26.0500 3856 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 2011/07/20 16:16:26.0547 3856 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 2011/07/20 16:16:26.0562 3856 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 2011/07/20 16:16:26.0609 3856 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 2011/07/20 16:16:26.0656 3856 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 2011/07/20 16:16:26.0703 3856 sptd (aa90a319bb067e0d149b4c95608c4b05) C:\Windows\system32\Drivers\sptd.sys 2011/07/20 16:16:26.0703 3856 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: aa90a319bb067e0d149b4c95608c4b05 2011/07/20 16:16:26.0703 3856 sptd - detected LockedFile.Multi.Generic (1) 2011/07/20 16:16:26.0734 3856 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 2011/07/20 16:16:26.0765 3856 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/20 16:16:26.0781 3856 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/20 16:16:26.0812 3856 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys 2011/07/20 16:16:26.0843 3856 ss_bbus (b13695429e5c0832403f6dfc14e0293f) C:\Windows\system32\DRIVERS\ss_bbus.sys 2011/07/20 16:16:26.0890 3856 ss_bmdfl (02aec2e12740ffd5602d52fb074e06d1) C:\Windows\system32\DRIVERS\ss_bmdfl.sys 2011/07/20 16:16:26.0937 3856 ss_bmdm (d8a587160188efbeb0cf9e630e7926a6) C:\Windows\system32\DRIVERS\ss_bmdm.sys 2011/07/20 16:16:26.0968 3856 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys 2011/07/20 16:16:27.0015 3856 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/20 16:16:27.0046 3856 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 2011/07/20 16:16:27.0077 3856 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 2011/07/20 16:16:27.0093 3856 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 2011/07/20 16:16:27.0171 3856 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys 2011/07/20 16:16:27.0217 3856 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/20 16:16:27.0264 3856 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/20 16:16:27.0280 3856 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 2011/07/20 16:16:27.0311 3856 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 2011/07/20 16:16:27.0342 3856 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/20 16:16:27.0373 3856 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/20 16:16:27.0420 3856 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/20 16:16:27.0451 3856 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/20 16:16:27.0451 3856 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/20 16:16:27.0498 3856 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 2011/07/20 16:16:27.0545 3856 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/20 16:16:27.0576 3856 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/20 16:16:27.0607 3856 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 2011/07/20 16:16:27.0639 3856 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 2011/07/20 16:16:27.0670 3856 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 2011/07/20 16:16:27.0685 3856 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/20 16:16:27.0748 3856 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/20 16:16:27.0779 3856 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 2011/07/20 16:16:27.0810 3856 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/20 16:16:27.0826 3856 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/20 16:16:27.0857 3856 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 2011/07/20 16:16:27.0904 3856 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/20 16:16:27.0935 3856 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/20 16:16:27.0951 3856 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/20 16:16:27.0982 3856 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/20 16:16:28.0013 3856 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/07/20 16:16:28.0044 3856 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/20 16:16:28.0060 3856 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 2011/07/20 16:16:28.0107 3856 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 2011/07/20 16:16:28.0138 3856 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 2011/07/20 16:16:28.0169 3856 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 2011/07/20 16:16:28.0216 3856 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 2011/07/20 16:16:28.0231 3856 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 2011/07/20 16:16:28.0263 3856 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 2011/07/20 16:16:28.0309 3856 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/20 16:16:28.0325 3856 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/20 16:16:28.0372 3856 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 2011/07/20 16:16:28.0403 3856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/20 16:16:28.0497 3856 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys 2011/07/20 16:16:28.0528 3856 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys 2011/07/20 16:16:28.0575 3856 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys 2011/07/20 16:16:28.0590 3856 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys 2011/07/20 16:16:28.0621 3856 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/07/20 16:16:28.0668 3856 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/20 16:16:28.0731 3856 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/07/20 16:16:28.0762 3856 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/20 16:16:28.0855 3856 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl 2011/07/20 16:16:28.0887 3856 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/07/20 16:16:28.0902 3856 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 2011/07/20 16:16:28.0933 3856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 2011/07/20 16:16:28.0933 3856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3 2011/07/20 16:16:29.0058 3856 Boot (0x1200) (3e9fc7dd1894ea175570d52d94d7bc55) \Device\Harddisk0\DR0\Partition0 2011/07/20 16:16:29.0058 3856 Boot (0x1200) (f0bd314f3ab5b3a40137860191c8f9aa) \Device\Harddisk1\DR1\Partition0 2011/07/20 16:16:29.0074 3856 Boot (0x1200) (ae3ab8e7f3dd292ee34fd0fc5672dd60) \Device\Harddisk2\DR2\Partition0 2011/07/20 16:16:29.0074 3856 Boot (0x1200) (61c5f70c81f34907ee81360c06abbc75) \Device\Harddisk3\DR3\Partition0 2011/07/20 16:16:29.0074 3856 ================================================================================ 2011/07/20 16:16:29.0074 3856 Scan finished 2011/07/20 16:16:29.0074 3856 ================================================================================ 2011/07/20 16:16:29.0089 4748 Detected object count: 1 2011/07/20 16:16:29.0089 4748 Actual detected object count: 1 2011/07/20 16:17:02.0255 4748 LockedFile.Multi.Generic(sptd) - User select action: Skip
  4. DannyMac
    Google has been behaving strangely of late and i am getting randon redirects which is incredibly annoyinh. MBAW will not update. MBAW Log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6705 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19088 15/07/2011 14:46:16 mbam-log-2011-07-15 (14-46-16).txt Scan type: Quick scan Objects scanned: 171629 Time elapsed: 2 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS OUPUT DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_20 Run by Danny at 9:06:38 on 2011-07-15 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.8190.6244 [GMT 1:00] . AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Folder Guard\FGKey64.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Eraser\Eraser.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Ares\Ares.exe C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\ehome\ehmsas.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehRec.exe C:\Windows\ehome\ehRecvr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Samsung\PanelMgr\caller64.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll TB: rosqxvmn: {6439B80C-3784-4DEB-BB22-7802A6F5E014} - LocalServer32 - <no file> uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe /autoRun uRun: [Windows Live Sync] "C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe" /background uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun: [4623 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe" mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dll IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {37309153-EBDD-43BC-9993-0465005041F0} - hxxp://isgplc.mybiw.com/classes/5.5.0.2/BIWViewer_40.cab DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab TCP: NameServer = 213.109.65.249 213.109.76.244 TCP: Interfaces\{B1E052AF-09AF-4FE3-96E4-BB13944BBB3E} : DHCPNameServer = 213.109.65.249 213.109.76.244 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe x64-Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL x64-Run: [skytel] Skytel.exe x64-Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey64.exe /Start x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableLUA = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com Hosts: 81.140.3.1 sbserver.stoneguard.co.uk . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\kibh9twf.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\kibh9twf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension . ---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS =============== . R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2008-6-10 173096] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files (x86)\Cyberlink\PowerDVD8\000.fcl [2008-2-1 32240] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-2-26 108289] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-2-26 185089] R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2008-10-15 460168] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-2-26 74880] R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-10-22 21480] R2 FGUARD64;FGUARD64;C:\Program Files\Folder Guard\FGUARD64.sys [2010-2-19 71760] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-14 366640] R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112] R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2010-3-11 211968] R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2008-11-11 11576] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2008-10-8 202776] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2008-10-8 1417240] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2008-10-8 94744] R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;C:\Windows\System32\drivers\hcw99bda.sys [2010-3-18 147968] R3 hcw99rc;Hauppauge Nova-DT IR Driver;C:\Windows\System32\drivers\hcw99rc.sys [2010-3-18 12800] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-14 25912] R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2009-11-11 34160] S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2009-4-28 9968] S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-4-28 72944] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 136176] S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] S2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-12 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2008-10-8 202776] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2008-10-8 1417240] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2008-10-8 94744] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" --> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [?] S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-11 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 136176] S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2010-2-26 25088] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2010-2-26 12288] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-2-26 173056] S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-2-26 19456] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968] S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-4-28 7408] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-8-26 116224] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-8-26 18944] S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-8-26 157696] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-07-14 02:00:44 50867144 ----a-w- C:\Windows\System32\mrt.exe 2011-06-26 15:47:09 303115 ----a-w- C:\Windows\DUMP41c0.tmp 2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys 2011-06-01 01:57:50 0 ----a-w- C:\DFRDC43.tmp 2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll 2011-05-28 06:27:50 1488384 ----a-w- C:\Windows\System32\urlmon.dll 2011-05-28 06:26:33 243712 ----a-w- C:\Windows\System32\occache.dll 2011-05-28 06:25:04 1062912 ----a-w- C:\Windows\System32\mstime.dll 2011-05-28 06:24:36 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2011-05-28 06:24:36 9272320 ----a-w- C:\Windows\System32\mshtml.dll 2011-05-28 06:24:33 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll 2011-05-28 06:24:33 710656 ----a-w- C:\Windows\System32\msfeeds.dll 2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2011-05-28 06:23:54 31744 ----a-w- C:\Windows\System32\jsproxy.dll 2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-05-28 06:23:30 219136 ----a-w- C:\Windows\System32\ieui.dll 2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll 2011-05-28 06:23:29 72192 ----a-w- C:\Windows\System32\iernonce.dll 2011-05-28 06:23:29 2339840 ----a-w- C:\Windows\System32\iertutil.dll 2011-05-28 06:23:28 252416 ----a-w- C:\Windows\System32\iepeers.dll 2011-05-28 06:23:28 12477440 ----a-w- C:\Windows\System32\ieframe.dll 2011-05-28 06:23:22 459776 ----a-w- C:\Windows\System32\iedkcs32.dll 2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-05-28 06:08:44 1211904 ----a-w- C:\Windows\SysWow64\urlmon.dll 2011-05-28 06:07:19 206848 ----a-w- C:\Windows\SysWow64\occache.dll 2011-05-28 06:05:27 611840 ----a-w- C:\Windows\SysWow64\mstime.dll 2011-05-28 06:03:58 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll 2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec 2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec 2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2011-05-28 04:53:19 70656 ----a-w- C:\Windows\System32\ie4uinit.exe 2011-05-28 04:52:45 12288 ----a-w- C:\Windows\System32\msfeedssync.exe 2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2011-05-28 04:32:51 173568 ----a-w- C:\Windows\SysWow64\ie4uinit.exe 2011-05-28 04:32:15 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe 2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll 2011-04-29 16:15:56 344576 ----a-w- C:\Windows\System32\schannel.dll 2011-04-29 15:59:36 276992 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys 2011-04-20 16:03:39 451072 ----a-w- C:\Windows\System32\winsrv.dll 2011-04-20 15:58:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll 2011-04-16 10:15:44 303115 ----a-w- C:\Windows\DUMPcb59.tmp 2010-03-30 07:42:38 5160448 ----a-w- C:\Program Files (x86)\mb_warband.exe 2008-09-19 16:08:54 4407296 ----a-w- C:\Program Files (x86)\mount&blade.exe 2007-09-07 02:03:54 11010048 ----a-w- C:\Program Files\Race07.exe . ============= FINISH: 9:08:57.21 =============== GMER OUTPUT GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-15 14:37:53 Windows 6.0.6002 Service Pack 2 Running: u8kejex4.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0x0B 0x55 0xF3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x93 0x64 0x72 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x50 0xA1 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0x0B 0x55 0xF3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x93 0x64 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x50 0xA1 0xAA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0x0B 0x55 0xF3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x93 0x64 0x72 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x05 0x6E 0x41 ... ---- Files - GMER 1.0.15 ---- File C:\Users\Danny\AppData\Roaming\systemfl.$dk 990 bytes File C:\Windows\SysWOW64\sys_drv_2.dat 5020 bytes File C:\Windows\SysWOW64\WinFLdrv.sys 21888 bytes executable <-- ROOTKIT !!! ---- Services - GMER 1.0.15 ---- Service C:\Windows\SysWOW64\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- Any help appreciated!!
  5. DannyMac
    I think i have some sort of malware on my computer. Google is behaving strangely. I installed MBAW a few days ago and it would not update. Found a few items and cleaned them. Rebooted into safe mode and performed another quick scan with no errors found, however the problem did not go away. I have just run the MBAW cleaner restarted and re-installed and i still get IsInternetConnected error. Any help appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.