Rarex

Revival from 4 or 5th page

TDSSkiller.exe didn't find any infections this time. I remember the first time I ran it yesterday, it did find an infection which it removed. I rebooted (yesterday), did another scan & no infections found. However, the problem continued to exist. I had to then resource to Hitman Pro 3.5 which found a bunch of crap & removed it. The problem *right now* (this trojan seems to be sensitive to time & anti-malware) is very random & rare yellow page redirects. Today's TDSSkiller log: 2011/08/03 16:37:51.0455 4200 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/08/03 16:37:51.0998 4200 ================================================================================ 2011/08/03 16:37:51.0998 4200 SystemInfo: 2011/08/03 16:37:51.0998 4200 2011/08/03 16:37:51.0998 4200 OS Version: 6.0.6002 ServicePack: 2.0 2011/08/03 16:37:51.0998 4200 Product type: Workstation 2011/08/03 16:37:51.0999 4200 ComputerName: WEARETHEBEST-PC 2011/08/03 16:37:51.0999 4200 UserName: wearethebest1 2011/08/03 16:37:51.0999 4200 Windows directory: C:\Windows 2011/08/03 16:37:51.0999 4200 System windows directory: C:\Windows 2011/08/03 16:37:51.0999 4200 Processor architecture: Intel x86 2011/08/03 16:37:51.0999 4200 Number of processors: 2 2011/08/03 16:37:51.0999 4200 Page size: 0x1000 2011/08/03 16:37:52.0000 4200 Boot type: Normal boot 2011/08/03 16:37:52.0000 4200 ================================================================================ 2011/08/03 16:37:52.0699 4200 Initialize success 2011/08/03 16:37:54.0199 4636 ================================================================================ 2011/08/03 16:37:54.0199 4636 Scan started 2011/08/03 16:37:54.0199 4636 Mode: Manual; 2011/08/03 16:37:54.0199 4636 ================================================================================ 2011/08/03 16:37:54.0785 4636 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/08/03 16:37:54.0923 4636 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/08/03 16:37:55.0114 4636 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/08/03 16:37:55.0289 4636 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/08/03 16:37:55.0401 4636 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/08/03 16:37:55.0627 4636 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/08/03 16:37:55.0726 4636 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/08/03 16:37:55.0789 4636 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/08/03 16:37:55.0873 4636 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/08/03 16:37:55.0967 4636 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/08/03 16:37:56.0093 4636 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/08/03 16:37:56.0198 4636 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/08/03 16:37:56.0276 4636 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/03 16:37:56.0600 4636 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/08/03 16:37:56.0766 4636 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/08/03 16:37:56.0880 4636 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/03 16:37:57.0030 4636 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/08/03 16:37:57.0141 4636 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/08/03 16:37:57.0267 4636 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/08/03 16:37:57.0408 4636 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/03 16:37:57.0546 4636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/08/03 16:37:57.0604 4636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/08/03 16:37:57.0693 4636 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/08/03 16:37:57.0747 4636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/08/03 16:37:57.0829 4636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/08/03 16:37:57.0889 4636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/08/03 16:37:57.0950 4636 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/08/03 16:37:58.0061 4636 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/03 16:37:58.0150 4636 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/03 16:37:58.0296 4636 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/08/03 16:37:58.0440 4636 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/08/03 16:37:58.0595 4636 cmdGuard (8a4c864777b717ae45580c1e0de2c103) C:\Windows\system32\DRIVERS\cmdguard.sys 2011/08/03 16:37:58.0643 4636 cmdHlp (6ba0554461114a6a8c12543f6f965ccc) C:\Windows\system32\DRIVERS\cmdhlp.sys 2011/08/03 16:37:58.0698 4636 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/08/03 16:37:58.0784 4636 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 2011/08/03 16:37:58.0835 4636 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/08/03 16:37:58.0923 4636 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/08/03 16:37:59.0067 4636 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/08/03 16:37:59.0189 4636 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/08/03 16:37:59.0288 4636 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/08/03 16:37:59.0417 4636 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/03 16:37:59.0501 4636 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/08/03 16:37:59.0595 4636 eamonm (73ce42907cf42bfb91bcd27fe7c7a7af) C:\Windows\system32\DRIVERS\eamonm.sys 2011/08/03 16:37:59.0681 4636 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/08/03 16:37:59.0739 4636 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys 2011/08/03 16:37:59.0914 4636 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/08/03 16:38:00.0048 4636 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys 2011/08/03 16:38:00.0157 4636 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/08/03 16:38:00.0323 4636 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/08/03 16:38:00.0670 4636 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/08/03 16:38:00.0745 4636 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/03 16:38:00.0898 4636 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/08/03 16:38:01.0051 4636 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/08/03 16:38:01.0099 4636 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/03 16:38:01.0268 4636 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/08/03 16:38:01.0458 4636 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/03 16:38:01.0710 4636 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/08/03 16:38:01.0806 4636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/08/03 16:38:01.0989 4636 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/03 16:38:02.0112 4636 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/08/03 16:38:02.0325 4636 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/08/03 16:38:02.0417 4636 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 2011/08/03 16:38:02.0627 4636 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/08/03 16:38:02.0822 4636 HSF_DP (78c88781fbd2fdd3bcba09f58897fe45) C:\Windows\system32\DRIVERS\HSX_DP.sys 2011/08/03 16:38:02.0936 4636 HSXHWBS2 (1e289f978d1e6f11db88d4fcb2f9d92f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 2011/08/03 16:38:03.0001 4636 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/08/03 16:38:03.0170 4636 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/08/03 16:38:03.0464 4636 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/03 16:38:03.0607 4636 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/08/03 16:38:03.0701 4636 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/08/03 16:38:03.0807 4636 inspect (7783fe23d056eaf8f0081ed1474640a3) C:\Windows\system32\DRIVERS\inspect.sys 2011/08/03 16:38:03.0992 4636 IntcAzAudAddService (0e70e4485f0ed782248e26353a08d312) C:\Windows\system32\drivers\RTKVHDA.sys 2011/08/03 16:38:04.0191 4636 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/08/03 16:38:04.0294 4636 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/03 16:38:04.0422 4636 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/08/03 16:38:04.0632 4636 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/08/03 16:38:04.0814 4636 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/08/03 16:38:04.0977 4636 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/08/03 16:38:05.0214 4636 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/08/03 16:38:05.0363 4636 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/03 16:38:05.0435 4636 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/08/03 16:38:05.0649 4636 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/08/03 16:38:05.0839 4636 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/03 16:38:05.0980 4636 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/08/03 16:38:06.0139 4636 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/03 16:38:06.0272 4636 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/03 16:38:06.0377 4636 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/08/03 16:38:06.0490 4636 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/08/03 16:38:06.0588 4636 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/08/03 16:38:07.0113 4636 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/08/03 16:38:07.0378 4636 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/08/03 16:38:07.0543 4636 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/08/03 16:38:07.0655 4636 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/08/03 16:38:07.0752 4636 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/08/03 16:38:07.0906 4636 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/08/03 16:38:07.0964 4636 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/03 16:38:08.0035 4636 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/03 16:38:08.0195 4636 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys 2011/08/03 16:38:08.0295 4636 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/08/03 16:38:08.0437 4636 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/08/03 16:38:08.0565 4636 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/03 16:38:08.0762 4636 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/08/03 16:38:08.0877 4636 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/08/03 16:38:08.0950 4636 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/03 16:38:09.0028 4636 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/03 16:38:09.0110 4636 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/03 16:38:09.0403 4636 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/08/03 16:38:09.0597 4636 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/08/03 16:38:09.0922 4636 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/08/03 16:38:10.0117 4636 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/08/03 16:38:10.0407 4636 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/03 16:38:10.0594 4636 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/03 16:38:10.0732 4636 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/08/03 16:38:10.0894 4636 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/08/03 16:38:10.0966 4636 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/03 16:38:11.0072 4636 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/08/03 16:38:11.0244 4636 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/08/03 16:38:11.0482 4636 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/03 16:38:11.0960 4636 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/08/03 16:38:12.0216 4636 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/03 16:38:12.0275 4636 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/03 16:38:12.0423 4636 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/03 16:38:12.0516 4636 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/08/03 16:38:12.0566 4636 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/03 16:38:12.0649 4636 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/03 16:38:12.0797 4636 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/08/03 16:38:12.0850 4636 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/08/03 16:38:12.0938 4636 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/03 16:38:13.0104 4636 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/08/03 16:38:13.0237 4636 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/08/03 16:38:13.0328 4636 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/08/03 16:38:13.0483 4636 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/08/03 16:38:13.0856 4636 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/08/03 16:38:14.0223 4636 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/08/03 16:38:14.0290 4636 nvrd32 (085e88101d0d4b321abf9c7e2b6ee99d) C:\Windows\system32\drivers\nvrd32.sys 2011/08/03 16:38:14.0346 4636 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys 2011/08/03 16:38:14.0423 4636 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/08/03 16:38:14.0482 4636 nvstor32 (1199b2052f7861c1d39c2318e70904c9) C:\Windows\system32\DRIVERS\nvstor32.sys 2011/08/03 16:38:14.0569 4636 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/08/03 16:38:14.0846 4636 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/03 16:38:14.0997 4636 PAEAFLT.sys (301e92ce7fb606f94f124a76d8145622) C:\Windows\system32\DRIVERS\PAEAFLT.sys 2011/08/03 16:38:15.0078 4636 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/08/03 16:38:15.0199 4636 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/08/03 16:38:15.0282 4636 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/08/03 16:38:15.0407 4636 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (9489c4cf14126a06b061163d2b261c69) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms 2011/08/03 16:38:15.0501 4636 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/08/03 16:38:15.0556 4636 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/08/03 16:38:15.0643 4636 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/08/03 16:38:15.0739 4636 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/08/03 16:38:15.0942 4636 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/03 16:38:15.0990 4636 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/08/03 16:38:16.0160 4636 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys 2011/08/03 16:38:16.0227 4636 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/03 16:38:16.0358 4636 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/08/03 16:38:16.0566 4636 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/08/03 16:38:16.0658 4636 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/03 16:38:16.0797 4636 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/03 16:38:16.0963 4636 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/03 16:38:17.0056 4636 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/03 16:38:17.0176 4636 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/03 16:38:17.0251 4636 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/03 16:38:17.0288 4636 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/03 16:38:17.0396 4636 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/08/03 16:38:17.0454 4636 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/03 16:38:17.0567 4636 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/08/03 16:38:17.0703 4636 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/03 16:38:17.0784 4636 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/08/03 16:38:17.0926 4636 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/08/03 16:38:18.0008 4636 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/08/03 16:38:18.0121 4636 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/08/03 16:38:18.0203 4636 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/08/03 16:38:18.0310 4636 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/08/03 16:38:18.0396 4636 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/03 16:38:18.0496 4636 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/03 16:38:18.0548 4636 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/08/03 16:38:18.0715 4636 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/08/03 16:38:18.0816 4636 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/08/03 16:38:18.0968 4636 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/08/03 16:38:19.0165 4636 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/08/03 16:38:19.0354 4636 SPC230NC (2265d43d44cf9695c050e3b58f05295b) C:\Windows\system32\DRIVERS\SPC230NC.SYS 2011/08/03 16:38:19.0426 4636 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/08/03 16:38:19.0558 4636 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/08/03 16:38:19.0642 4636 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/03 16:38:19.0754 4636 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/03 16:38:19.0867 4636 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/03 16:38:19.0947 4636 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/08/03 16:38:20.0018 4636 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/08/03 16:38:20.0083 4636 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/08/03 16:38:20.0201 4636 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys 2011/08/03 16:38:20.0317 4636 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/08/03 16:38:20.0401 4636 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/03 16:38:20.0469 4636 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/03 16:38:20.0562 4636 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/08/03 16:38:20.0638 4636 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/08/03 16:38:20.0809 4636 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/03 16:38:20.0918 4636 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/03 16:38:21.0060 4636 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/03 16:38:21.0235 4636 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/08/03 16:38:21.0290 4636 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/03 16:38:21.0365 4636 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/08/03 16:38:21.0483 4636 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/03 16:38:21.0605 4636 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/03 16:38:21.0715 4636 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/08/03 16:38:21.0803 4636 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/08/03 16:38:21.0931 4636 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/08/03 16:38:21.0985 4636 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/03 16:38:22.0133 4636 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2011/08/03 16:38:22.0277 4636 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/03 16:38:22.0365 4636 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/08/03 16:38:22.0472 4636 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/03 16:38:22.0573 4636 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/03 16:38:22.0629 4636 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/08/03 16:38:22.0716 4636 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2011/08/03 16:38:22.0830 4636 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/03 16:38:22.0885 4636 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/03 16:38:22.0966 4636 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/03 16:38:23.0072 4636 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/08/03 16:38:23.0187 4636 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/08/03 16:38:23.0331 4636 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/08/03 16:38:23.0451 4636 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/08/03 16:38:23.0552 4636 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/08/03 16:38:23.0650 4636 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/08/03 16:38:23.0725 4636 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/08/03 16:38:23.0887 4636 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/08/03 16:38:23.0985 4636 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/08/03 16:38:24.0084 4636 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/03 16:38:24.0265 4636 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/03 16:38:24.0459 4636 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/08/03 16:38:24.0558 4636 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/03 16:38:24.0813 4636 winachsf (0869c31e0ff995bf00628af8c1658e26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/08/03 16:38:25.0037 4636 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/03 16:38:25.0218 4636 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/03 16:38:25.0338 4636 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/03 16:38:25.0432 4636 XAudio (bfcc507eca58f11c5fed96e192b878cb) C:\Windows\system32\DRIVERS\xaudio.sys 2011/08/03 16:38:25.0674 4636 {55662437-DA8C-40c0-AADA-2C816A897A49} (bdfde977f5e88a539187aef24ded7c40) c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl 2011/08/03 16:38:25.0799 4636 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0 2011/08/03 16:38:26.0102 4636 Boot (0x1200) (b2c418311cdcdabd33913a99567687ee) \Device\Harddisk0\DR0\Partition0 2011/08/03 16:38:26.0169 4636 Boot (0x1200) (d73655bf6f53d906c59ab00e91e8f754) \Device\Harddisk0\DR0\Partition1 2011/08/03 16:38:26.0237 4636 ================================================================================ 2011/08/03 16:38:26.0238 4636 Scan finished 2011/08/03 16:38:26.0238 4636 ================================================================================ 2011/08/03 16:38:26.0297 4232 Detected object count: 0 2011/08/03 16:38:26.0297 4232 Actual detected object count: 0 Today's DDS log: Gave me a blue screen!! The error was something like this PAGE_FAULT_IN_NONPAGE_AREA Should I run another DDS scan?

I'm getting my shotgun.

Bump. problem still persists. I'm beginning to have PTSD from this crap. Can't stop thinking about it. I do not want it to defeat me. I will NOT reformat my computer. If it happened once, it can happen again. I want to know how to be able to kill it! I have tried the following programs to no avail: - Malwarebytes Anti-Malware - Hitman Pro 3.5 (picked up lots of crap everything else missed) - Spybot Search & Destroy - Several scans of ESET Nod32 - TDSSKiller.exe - Clearing my DNS cache - Clearing my Java cache - Clearing my Firefox/Chrome/IE history & internet cache - Restored my router to factory settings - Quick scan & full scan by MICROSOFT SAFETY SCANNER turned up zero infections Something that keeps persisting is this Win32/Kryptix.QLX trojan. Even after all these scans, it randomly comes "up". ESET notices it and quarantines it... As of *right now*, I have been surfing & using my computer with no trouble at all... but I'm not certain this trojan is out of my computer. I may have killed all of its outsources, but I want it completely gone instead of silenced.

Hi ! Thank you for opening. I have been having this problem for around 2, 3 days now. The problems (for now) are: (1) slow loading for videos, (2) random page redirects to weird websites (find-fast-answers.com, ect), (3) my Vista theme randomly changes from black Aero to win 98. I'm afraid that as time passes, more will become messed up. It all started (I think) after a porn website visit or it could had been one of the many dvd burning program-related downloads I did one day. It's so annoying because this has never happened before even though I'm a frequent user. I have a good amount of computer cleaning software. Anyways, here are the logs. Once again thank you for taking the time to help me out. The first time I ran MBAM, it detected 6 (?) infections and removed them. I also ran ESET Nod32 afterwards. It also detected several infections which it removed. Several reboots later, the problem still persists. MBAM no longer is detecting any infections. ESET Nod32 has "blocked" / "quarantined" (in quotes because the problem still persists even after it's "blocked"/"quarantined") something called Win32/Kryptix.QLX trojan. It keeps spreading judging by the locations it has been "blocked" at. Also Win32/Routmo.N trojan which it also quarantined. The following is the most recent MBAM log. MALWAREBYTES ANTI-MALWARE LOG: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7347 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 8/1/2011 1:08:00 PM mbam-log-2011-08-01 (13-08-00).txt Scan type: Quick scan Objects scanned: 169192 Time elapsed: 6 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS/GMER LOG . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22 Run by wearethebest1 at 13:14:21 on 2011-08-01 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1649 [GMT -5:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\SLsvc.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\Philips\SPC230NC\Monitor.exe C:\Windows\ehome\ehtray.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Philips\Philips SPC230NC Webcam\TrayMin230.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\CCleaner\CCleaner.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\KBD\kbd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\wuauclt.exe C:\Users\wearethebest1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\wearethebest1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\wearethebest1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\wearethebest1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Users\wearethebest1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\wearethebest1\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\wearethebest1\Downloads\Defogger.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [SPC230NC_Monitor] c:\windows\philips\spc230nc\Monitor.exe mRun: [SPC_Monitor] c:\windows\philips\spc230nc\Monitor.exe StartupFolder: c:\users\wearet~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc230nc webcam\TrayMin230.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Compress Image Using Image Compressor 2008 - c:\program files\masrizal\imc2008\imcieex_compress.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{DEFE736B-C868-43F1-8A26-556BABDE9FA1} : DhcpNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\windows\system32\guard32.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\wearethebest1\appdata\roaming\mozilla\firefox\profiles\epm0d4dm.rarez1\ FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\wearethebest1\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll . ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 236600] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 34744] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett- packard\media\dvd\000.fcl [2008-9-26 59376] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1 -20 21504] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-31 366640] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-28 2214504] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-8 1153368] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-1 2253688] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-31 22712] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2011-3-7 2413704] S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2010-12-21 8576] S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640] S3 PRSTJ;PRSTJ;c:\users\wearet~1\appdata\local\temp\prstj.exe --> c:\users\wearet~1\appdata\local\temp\PRSTJ.exe [?] S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2010-12-21 461056] S3 VPYY;VPYY;c:\users\wearet~1\appdata\local\temp\vpyy.exe --> c:\users\wearet~1\appdata\local\temp\VPYY.exe [?] S3 WC;WC;c:\users\wearet~1\appdata\local\temp\wc.exe --> c:\users\wearet~1\appdata\local\temp\WC.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-07-31 21:24:18 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-31 21:24:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-31 21:24:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-31 01:58:28 0 ----a-w- c:\users\wearethebest1\appdata\local\Epawevihepay.bin 2011-07-31 01:58:27 -------- d-----w- c:\users\wearethebest1\appdata\local\{84A0B11B-52AE-4C1D-B381-898C7093ADD5} 2011-07-29 15:51:09 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f68afc8a-8f13-48a7 -821d-ee979efaf520}\mpengine.dll 2011-07-24 02:06:30 -------- d-----w- c:\users\wearethebest1\appdata\roaming\DVD Flick 2011-07-24 02:05:46 40960 ----a-w- c:\windows\system32\ssubtmr6.dll 2011-07-24 02:05:45 662288 ----a-w- c:\windows\system32\mscomct2.ocx 2011-07-24 02:05:45 609824 ----a-w- c:\windows\system32\comctl32.ocx 2011-07-24 02:05:45 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx 2011-07-24 02:05:45 28672 ----a-w- c:\windows\system32\mousewheel.ocx 2011-07-24 02:05:45 212240 ----a-w- c:\windows\system32\richtx32.ocx 2011-07-24 02:05:45 164144 ----a-w- c:\windows\system32\comct232.ocx 2011-07-24 02:05:44 -------- d-----w- c:\program files\DVD Flick 2011-07-24 01:51:02 819200 ----a-w- c:\windows\system32\xvidcore.dll 2011-07-24 01:51:02 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2011-07-24 01:43:23 -------- d-----w- c:\program files\RealZeal Soft 2011-07-24 00:58:53 -------- d-----w- c:\users\wearethebest1\appdata\local\Xilisoft 2011-07-24 00:12:41 -------- d-----w- c:\users\wearethebest1\appdata\roaming\Moyea 2011-07-24 00:12:41 -------- d-----w- c:\users\wearethebest1\appdata\roaming\Leawo Video2DVD 2011-07-24 00:12:37 -------- d-----w- c:\users\wearethebest1\appdata\roaming\Leawo 2011-07-24 00:11:24 -------- d-----w- c:\program files\Leawo 2011-07-24 00:10:20 -------- d-----w- c:\users\wearethebest1\appdata\roaming\Xilisoft 2011-07-24 00:07:53 -------- d-----w- c:\users\wearethebest1\appdata\roaming\GetRightToGo 2011-07-16 18:17:14 -------- d-----w- c:\users\wearethebest1\appdata\local\{3F427377-2C8F-44CA-A9F3-0A8DBD3A2565} 2011-07-16 17:04:10 -------- d-----w- c:\program files\Mozilla Firefox2 2011-07-14 02:32:13 -------- d-----w- c:\users\wearethebest1\appdata\local\{0E586BDF-B162-41BA-B231-C6C8D54C584B} 2011-07-12 22:00:49 -------- d-----w- c:\users\wearethebest1\appdata\local\{00C4E49D-6C74-456A-A85D-501BD4DD4074} 2011-07-12 21:42:08 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-12 21:41:59 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-12 21:41:59 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-11 18:39:22 -------- d-----w- c:\users\wearethebest1\appdata\local\{040B7767-936A-42BC-839A-080A5F34BEC7} . ==================== Find3M ==================== . 2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: SAMSUNG_ rev.1AC0 -> Harddisk0\DR0 -> . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8640D4D0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864137d0]; MOV EAX, [0x8641384c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x81E4D912] -> \Device\Harddisk0\DR0[0x85E62AC8] 3 CLASSPNP[0x8072F8B3] -> ntkrnlpa!IofCallDriver[0x81E4D912] -> [0x8523FA48] 5 acpi[0x8060C6BC] -> ntkrnlpa!IofCallDriver[0x81E4D912] -> [0x8525E7E8] \Driver\nvstor32[0x857250E0] -> IRP_MJ_CREATE -> 0x8640D4D0 kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; } detected disk devices: \Device\00000053 -> \??\SCSI#Disk&Ven_SAMSUNG&Prod_HD321HJ#4&1904635f&0&010100#{53f56307-b6bf-11d0-94f2- 00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 13:16:42.33 ===============