Jump to content

epoclick.com redirect problem


Recommended Posts

I really need some help. I am very glad to have found this forum and the chance to possibly GET some help. Any browser I use, on any of the 5 computers on our network occasionally throws up an extra popup window that redirects to the epoclick.com site. Occasionally other sites come up as well.

This is the first time in 15 years on the internet that I have ever come across a problem I couldn't quickly solve with the use of a decent anti-virus program or anti-spyware program. What IS this thing? Can you guys help me? I would be VERY grateful!!

Attached is a zip file called Attach.zip that contains ark.txt (gmer log), attach.txt, and the latest Malwarebytes log.

Thanks!!

Here is the DDS.txt contents:

DDS (Ver_10-10-10.03) - NTFSx86

Run by Charles at 16:40:17.71 on Wed 10/20/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.787 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\xampp\apache\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\CACHEM~1\CachemanXP.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\GlidePoint\glidesvc.exe

C:\Program Files\Internet Lock\ILSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\xampp\xampp_service_mercury.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\xampp\MercuryMail\mercury.exe

C:\xampp\mysql\bin\mysqld.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\xampp\apache\bin\httpd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Subversion\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\vVX6000.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Everything\Everything.exe

C:\Program Files\KeyScrambler\keyscrambler.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe

C:\Program Files\Siber Systems\GoodSync\GoodSync.exe

C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Evernote\Evernote3\EvernoteTray.exe

C:\Program Files\FastStone Capture\FSCapture.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\Macro Scheduler\msched.exe

C:\Program Files\MediaMonkey\MediaMonkey.exe

C:\Program Files\Quick ShutDown\qsd.exe

C:\Program Files\stickies\stickies.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Evernote\Evernote3\Evernote.exe

C:\Program Files\Axence\NetTools\3.1\NetTools.exe

C:\Program Files\Flock\flock.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\PROGRA~1\FOXITS~1\FOXITP~1\FOXITP~1.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\zabkat\xplorer2_lite\xplorer2.exe

C:\Documents and Settings\Charles\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office\EXCEL.EXE

C:\Program Files\Vim\vim73\gvim.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Charles\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: GetGo URLCatch: {0315aa2c-10c7-4504-a1c4-f552aba8a095} - c:\program files\getgo software\getgo download manager\URLCatch.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: IESessions.Manager: {6ecf15f0-468d-4e25-8997-1c710e80f5cd} - c:\program files\iesessions\IESessions.dll

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: GetGo Toolbar: {075bbe29-fec0-404a-a459-ff58713616fa} - c:\program files\getgo software\getgo download manager\GGToolBand.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Zend Studio: {95188727-288f-4581-a48d-eab3bd027314} - c:\progra~1\zend\zendst~1.0\toolbars\ZENDIE~1.DLL

TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart

uRun: [GoodSync] "c:\program files\siber systems\goodsync\GoodSync.exe" /min

uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe

uRun: [Link Commander] c:\program files\link commander\LinkCommander.exe

uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"

uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"

mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [Everything] "c:\program files\everything\Everything.exe" -startup

mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"

mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\8.0"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\charle~1\startm~1\programs\startup\evernote.lnk - c:\program files\evernote\evernote3\EvernoteTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\advanc~1.lnk - c:\program files\elcomsoft\archpr\ARCHPR.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\evernote.lnk - c:\program files\evernote\evernote3\EvernoteTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\macros~1.lnk - c:\program files\macro scheduler\msched.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mediam~1.lnk - c:\program files\mediamonkey\MediaMonkey.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicks~1.lnk - c:\program files\quick shutdown\qsd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe

uPolicies-explorer: NoSMBalloonTip = 0 (0x0)

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

IE: &Down&load &Link& Us&ing Ge&tGo - c:\program files\getgo software\getgo download manager\GGCatch.htm

IE: &Down&load All &Links& Us&ing Ge&tGo - c:\program files\getgo software\getgo download manager\GGCatchAll.htm

IE: &GetGo Toolbar Search - c:\program files\getgo software\getgo download manager\GGToolBand.dll/MENUSEARCH.HTM

IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: Add to Link Commander collection - c:\program files\link commander\add_link.htm

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Download images to iGrab - c:\program files\igrab\iGrab.exe/%23237

IE: Download videos to iGrab - c:\program files\igrab\iGrab.exe/%23246

IE: Download with Xilisoft YouTube Video Converter - c:\program files\video converters\youtube video converter\upod_link.HTM

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: Zend Studio - Debug current page - c:\program files\zend\zend studio - 7.2.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html

IE: Zend Studio - Debug next page - c:\program files\zend\zend studio - 7.2.0\toolbars\ZendIEToolbar.dll/DebugNext.html

IE: {01A13E40-2F55-4397-B39B-7851BCFB8008} - c:\program files\getgo software\getgo download manager\GetGoDM.exe

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\linkco~1\LCLaunch.dll

IE: {12ADBF1D-867C-418b-9E14-57B54B13C292} - {48E3917C-0227-4EB7-83A7-5C76D8B6724C} - c:\program files\naturally open\wwwinkazon\WWWinkazon.dll

IE: {32FF09D3-2F66-4814-AA2C-835D5D2BF0FD} - {6ECF15F0-468D-4E25-8997-1C710E80F5CD} - c:\program files\iesessions\IESessions.dll

IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll

IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\drm converter\YouTubeRipper.dll

IE: {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\linkco~1\LCAdd.dll

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314} - c:\progra~1\zend\zendst~1.0\toolbars\ZENDIE~1.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: //rhap-app-4-0.real.com/

Trusted Zone: //rhapapp.real.com/

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: listen.com

Trusted Zone: llnwd.net

Trusted Zone: real.com

Trusted Zone: real.com\rhapapp

Trusted Zone: tradestation.com\www

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.vectorvest.com/install/vvonlineus/setup.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186930850375

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: KeyScrambler - KeyScramblerLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 192.168.1.1 diznuts

Hosts: 192.168.1.2 repeater1

Hosts: 192.168.1.3 repeater2

Hosts: 192.168.1.100 hercules

Hosts: 192.168.1.102 minniemouse

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [2009-1-10 16384]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-12 206256]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-8-12 51488]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-8-12 39200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-2 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-2 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]

R2 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2007-8-23 246784]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]

R2 GlidePoint;GlidePoint Touchpad Client;c:\program files\glidepoint\glidesvc.exe [2007-6-11 180224]

R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [2008-7-7 17659]

R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2008-7-23 139264]

R2 Mercury;Mercury;c:\xampp\xampp_service_mercury.exe [2009-12-20 78480]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-5 348752]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-5 1097096]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-12 40384]

R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [2010-7-14 23096]

R3 glideps2;GlidePoint PS/2 Touchpad Filter;c:\windows\system32\drivers\glideps2.sys [2008-2-16 17792]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-2-12 57440]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-2-16 114952]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-5-31 434688]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 AutoLogon;Auto Logon Service;c:\program files\macro scheduler\autologonsvc.exe [2006-8-23 197840]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]

S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [2010-6-23 508544]

S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [2008-9-14 3768]

S3 hipeer81;Remobo Virtual Interface;c:\windows\system32\drivers\hipeer81.sys [2006-12-6 54528]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2009-2-1 20696]

S3 ma763006;M-Audio Transit USB;c:\windows\system32\drivers\MA763006.sys [2010-5-23 41216]

S3 MADFU006;MADFU006;c:\windows\system32\drivers\MADFU006.sys [2010-5-23 16512]

S3 mschedsvc;Macro Scheduler Service;c:\program files\macro scheduler\msschedsvc.exe [2006-8-23 183504]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-6-23 245760]

S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2010-6-23 245760]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-8-12 33056]

S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 Transit USBInstallerService;Transit USB Installer;c:\program files\m-audio transit usb\install\TUSBInst.exe [2010-5-23 49152]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2002-7-12 141752]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]

S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\downloads\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\downloads\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]

S4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]

S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-12 159600]

S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-8-12 64392]

============== File Associations ===============

txtfile="c:\program files\vim\vim72\gvim.exe %1"

=============== Created Last 30 ================

7051-02-23 02:36:15 6 ---ha-w- C:\rasmon.bin

7051-02-23 02:36:15 4 ---ha-w- C:\ddefact.bin

2010-10-20 00:33:03 -------- d-----w- c:\docume~1\charle~1\applic~1\SUPERAntiSpyware.com

2010-10-20 00:33:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-10-20 00:32:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-18 21:11:19 -------- d-----w- c:\docume~1\charle~1\applic~1\Malwarebytes

2010-10-18 21:10:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 21:10:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-18 21:10:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 21:10:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-16 20:35:42 662 ----a-w- c:\windows\vimdiff.bat

2010-10-16 20:35:42 662 ----a-w- c:\windows\view.bat

2010-10-16 20:35:42 658 ----a-w- c:\windows\vim.bat

2010-10-16 20:35:41 987 ----a-w- c:\windows\gvimdiff.bat

2010-10-16 20:35:41 987 ----a-w- c:\windows\gview.bat

2010-10-16 20:35:41 987 ----a-w- c:\windows\evim.bat

2010-10-16 20:35:41 979 ----a-w- c:\windows\gvim.bat

2010-10-13 18:05:16 1190472 ----a-w- c:\documents and settings\Charles\gotomypc_574.exe

2010-10-13 11:50:01 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 11:50:01 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 11:49:53 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-06 20:58:40 -------- d-----w- c:\program files\MSECache

2010-10-06 19:04:52 54776 ----a-w- c:\windows\system32\drivers\mozy.sys

2010-10-01 21:26:10 -------- d-----w- c:\docume~1\charle~1\applic~1\Palo Alto Software

2010-10-01 21:00:20 -------- d-----w- c:\program files\Palo Alto Software

2010-10-01 21:00:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Palo Alto Software

2010-10-01 20:58:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PAS

2010-09-29 21:05:06 -------- d-----w- c:\program files\iPod

2010-09-29 21:04:58 -------- d-----w- c:\program files\iTunes

2010-09-29 20:58:43 -------- d-----w- c:\program files\Bonjour

2010-09-27 21:35:35 -------- d-----w- C:\Documents%20and%20Settings

2010-09-26 20:20:55 -------- d-----w- c:\docume~1\charle~1\locals~1\applic~1\Ephox

2010-09-26 19:53:34 -------- d-----w- c:\documents and settings\Charles\vue_2

2010-09-26 19:51:01 -------- d-----w- c:\documents and settings\Charles\.SciPloreMindMapping

2010-09-26 19:41:09 -------- d-----w- c:\documents and settings\Charles\.freeplane

2010-09-26 18:02:46 -------- d-----w- c:\docume~1\charle~1\applic~1\XMind

2010-09-26 18:02:28 -------- d-----w- c:\program files\XMind

2010-09-26 18:01:35 -------- d-----w- c:\program files\VUE

2010-09-26 18:01:09 -------- d-----w- c:\program files\SciPlore MindMapping

2010-09-26 18:00:44 -------- d-----w- c:\program files\Freeplane

2010-09-26 17:59:26 -------- d-----w- c:\program files\Compendium

2010-09-26 17:38:41 -------- d-----w- c:\program files\MemoriesOnWeb

==================== Find3M ====================

2010-10-16 20:35:42 688 ----a-w- c:\windows\vimtutor.bat

2010-09-18 21:48:01 32 ----a-w- c:\windows\system32\msvcsv60.dll

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-17 03:27:07 240128 ----a-w- c:\windows\system32\comctl32.oca

2010-09-17 03:27:06 35840 ----a-w- c:\windows\system32\comdlg32.oca

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-07 18:58:59 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-07 18:58:58 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-19 21:06:58 1409 ----a-w- c:\windows\system32\PGTEXTJ_.FOT

2010-08-19 21:06:58 1409 ----a-w- c:\windows\system32\PGTEXT.FOT

2010-08-19 21:06:58 1409 ----a-w- c:\windows\system32\PGCHORDS.FOT

2010-08-19 00:00:57 72080 ----a-w- c:\documents and settings\Charles\g2mdlhlpx.exe

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 16:45:00.04 ===============

Attach.zip

Link to post
Share on other sites

Welcome to the forum.

Can you post the MBAM log.

also please do this:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

---------------------

Next......

Please download and run ComboFix:

A few notes first:

  • ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7 (32-bit only).
  • ComboFix must be run from an Administrative account.
  • Vista and W7 users - Right click, choose "Run as Administrator"
  • It must be downloaded to and run from your desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    ComboFix Guide <---please read!

---------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks

and Please disable Autorun ASAP!.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

You need to update MBAM before you run it:

Database version: 4052 <---yours

Database version: 4897 <--current one

You just have to run a quick scan, full scan is not needed at this time.

Post the log back here, MrC

I tried updating MBAM when I installed it. It did not work. It gives me an error. I also get that error when I attempt to update it on my other machines that have this problem. Is this malware preventing the update?

This is the error I am getting:

MBAM_ERROR_UPDATING(12007, 0, WinHttpSendRequest)

I am running ComboFix right now as per your instructions. Will update as soon as it is done.

Link to post
Share on other sites

I still can't access that URL. Here is what I get (Chrome browser):

-------------------------------------------------------------------

This webpage is not available.

The webpage at http://data.mbamupdates.com/tools/mbam-rules.exe might be temporarily down or it may have moved permanently to a new web address.

Here are some suggestions:

Reload this web page later.

More information on this error

Below is the original error message

Error 105 (net::ERR_NAME_NOT_RESOLVED): The server could not be found.

-------------------------------------------------------------------

ComboFix question:

While using a different computer (this one, which is not the one running ComboFix), the PC that IS running ComboFix rebooted. When I logged back in, the ComboFix window came back up and it says "Preparing Log Report. Do not run any programs until ComboFix is finished." But then all of my StartUp programs started running. I closed them down. I did NOT touch the ComboFix window. Is that going to cause problems with ComboFix??

It is still sitting on "Preparing Log Report..." It's been probably 5 - 10 minutes now.

Link to post
Share on other sites

Sounds to me like whatever it is that is frakking up this PC is causing me to be unable to access that site. I will try it again from the PC that had ComboFix run on it.

Anyway, here are the ComboFix and TDSSKiller logs...

First, the TDSSKiller log, as it was run first:

2010/10/21 08:25:52.0281 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/21 08:25:52.0281 ================================================================================

2010/10/21 08:25:52.0281 SystemInfo:

2010/10/21 08:25:52.0281

2010/10/21 08:25:52.0281 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/21 08:25:52.0281 Product type: Workstation

2010/10/21 08:25:52.0281 ComputerName: HERCULES

2010/10/21 08:25:52.0281 UserName: Christopher

2010/10/21 08:25:52.0281 Windows directory: C:\WINDOWS

2010/10/21 08:25:52.0281 System windows directory: C:\WINDOWS

2010/10/21 08:25:52.0281 Processor architecture: Intel x86

2010/10/21 08:25:52.0281 Number of processors: 4

2010/10/21 08:25:52.0281 Page size: 0x1000

2010/10/21 08:25:52.0281 Boot type: Normal boot

2010/10/21 08:25:52.0281 ================================================================================

2010/10/21 08:25:52.0656 Initialize success

2010/10/21 08:25:59.0859 ================================================================================

2010/10/21 08:25:59.0859 Scan started

2010/10/21 08:25:59.0859 Mode: Manual;

2010/10/21 08:25:59.0859 ================================================================================

2010/10/21 08:26:00.0703 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/10/21 08:26:02.0359 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/21 08:26:02.0906 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/21 08:26:04.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/21 08:26:04.0593 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/21 08:26:05.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/21 08:26:08.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/21 08:26:10.0687 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/21 08:26:11.0250 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/10/21 08:26:11.0796 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/10/21 08:26:12.0343 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/10/21 08:26:12.0906 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/10/21 08:26:13.0453 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/10/21 08:26:14.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/21 08:26:14.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/21 08:26:15.0687 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/21 08:26:16.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/21 08:26:16.0828 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

2010/10/21 08:26:17.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/21 08:26:17.0937 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/21 08:26:18.0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/21 08:26:19.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/21 08:26:20.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/21 08:26:20.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/21 08:26:22.0906 ctac32k (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys

2010/10/21 08:26:23.0484 ctaud2k (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys

2010/10/21 08:26:24.0031 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys

2010/10/21 08:26:24.0609 ctprxy2k (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2010/10/21 08:26:25.0187 ctsfm2k (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2010/10/21 08:26:26.0828 DigiFilter (74dd46d49809c5f689f24ccdd0d18a4e) C:\WINDOWS\system32\drivers\DigiFilt.sys

2010/10/21 08:26:27.0406 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/21 08:26:28.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/21 08:26:28.0562 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/21 08:26:29.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/21 08:26:29.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/21 08:26:30.0265 DNE (65fa8bc40664aec99348f98f0b4c2f7c) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2010/10/21 08:26:30.0781 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS

2010/10/21 08:26:31.0953 DrmCAudio (bbd1be3de57c680a60a3b784a60b3524) C:\WINDOWS\system32\drivers\DrmCAudio.sys

2010/10/21 08:26:32.0562 DrmCDriverV32 (7d38e35fadd5280c586e4b6219dbb7b3) C:\WINDOWS\system32\drivers\DrmCDriverV32.sys

2010/10/21 08:26:33.0156 DrmCVideo32 (cdd8b9ba186874f11618ff4b835fad75) C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys

2010/10/21 08:26:33.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/21 08:26:34.0312 emupia (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys

2010/10/21 08:26:34.0875 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys

2010/10/21 08:26:35.0484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/21 08:26:36.0046 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/10/21 08:26:36.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/21 08:26:37.0156 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/10/21 08:26:37.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/21 08:26:38.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/21 08:26:38.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/21 08:26:39.0421 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/10/21 08:26:40.0031 glideps2 (8735064c5ebee85e0fc8c6c777aa235c) C:\WINDOWS\system32\DRIVERS\glideps2.sys

2010/10/21 08:26:40.0609 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/21 08:26:41.0218 ha20x2k (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys

2010/10/21 08:26:41.0796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/21 08:26:42.0343 hipeer81 (f03da1eb7ed0bfdf39a9b12818f3ddb3) C:\WINDOWS\system32\DRIVERS\hipeer81.sys

2010/10/21 08:26:43.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/21 08:26:45.0218 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/21 08:26:45.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/21 08:26:46.0375 INETLOCK (e3dbe4c5522150423188a5487433d4a2) C:\WINDOWS\system32\drivers\Inetlock.sys

2010/10/21 08:26:48.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/21 08:26:49.0453 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/21 08:26:50.0781 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/21 08:26:52.0046 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/21 08:26:52.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/21 08:26:53.0812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/21 08:26:55.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/21 08:26:56.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/21 08:26:57.0265 JSWSCIMD (335a35f4c6c3eee724201eafcd6ffc46) C:\WINDOWS\system32\DRIVERS\jswscimd.sys

2010/10/21 08:26:57.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/21 08:26:58.0656 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys

2010/10/21 08:26:59.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/21 08:26:59.0890 KORGUMDS (816c1d5d831277d0a70d543ae201603d) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS

2010/10/21 08:27:00.0531 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/21 08:27:01.0781 ma763006 (f994c1d602b6ff4de4f13c653a81049c) C:\WINDOWS\system32\drivers\MA763006.sys

2010/10/21 08:27:02.0453 MADFU006 (2888658b6ebfe16ab13806e46f3551d2) C:\WINDOWS\system32\DRIVERS\MADFU006.sys

2010/10/21 08:27:03.0687 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/21 08:27:04.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/21 08:27:04.0890 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/21 08:27:05.0531 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/21 08:27:06.0203 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/21 08:27:08.0312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/21 08:27:08.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/21 08:27:09.0859 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/21 08:27:10.0656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/21 08:27:11.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/21 08:27:11.0859 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/21 08:27:12.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/21 08:27:13.0046 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/21 08:27:13.0640 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/10/21 08:27:14.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/21 08:27:14.0843 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/21 08:27:15.0468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/21 08:27:16.0062 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/21 08:27:16.0671 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/21 08:27:17.0281 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/21 08:27:17.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/21 08:27:18.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/21 08:27:19.0109 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/21 08:27:19.0718 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/21 08:27:20.0343 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/21 08:27:20.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/21 08:27:21.0484 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS

2010/10/21 08:27:22.0125 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/21 08:27:22.0765 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/21 08:27:23.0359 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/21 08:27:24.0093 nv (d773337c2da933c6c457001079266f12) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/21 08:27:24.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: d773337c2da933c6c457001079266f12, Fake md5: 8c0456001b6900114bbb1c548bd8aaf5

2010/10/21 08:27:24.0281 nv - detected Forged file (1)

2010/10/21 08:27:24.0875 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

2010/10/21 08:27:25.0453 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/10/21 08:27:26.0046 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/10/21 08:27:26.0625 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/21 08:27:27.0218 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/21 08:27:27.0812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/21 08:27:28.0421 ossrv (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys

2010/10/21 08:27:29.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/21 08:27:29.0625 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/21 08:27:30.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/21 08:27:30.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/21 08:27:32.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/21 08:27:32.0593 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/21 08:27:33.0218 PCTCore (d302a59e6d1842a201930928a5bad68b) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/21 08:27:33.0859 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys

2010/10/21 08:27:34.0468 pctplsg (5aa75b88e57aedf7fdb1f6b5196ad8a6) C:\WINDOWS\system32\drivers\pctplsg.sys

2010/10/21 08:27:38.0781 PfModNT (4ed9a978c079689bdea1184d15fa6323) C:\WINDOWS\system32\drivers\PfModNT.sys

2010/10/21 08:27:39.0390 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/21 08:27:40.0000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/21 08:27:40.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/21 08:27:41.0250 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/21 08:27:44.0812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/21 08:27:45.0453 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/21 08:27:46.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/21 08:27:46.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/21 08:27:47.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/21 08:27:47.0906 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/21 08:27:48.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/21 08:27:49.0125 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/21 08:27:49.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/21 08:27:50.0375 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys

2010/10/21 08:27:50.0578 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys

2010/10/21 08:27:50.0781 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/10/21 08:27:51.0000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/10/21 08:27:51.0609 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys

2010/10/21 08:27:52.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/21 08:27:52.0843 Sentinel (3e7ff2405bcc1384d946dc45edc7ed61) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2010/10/21 08:27:53.0453 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/21 08:27:54.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/21 08:27:54.0640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/21 08:27:55.0843 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/21 08:27:57.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/21 08:27:57.0671 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/21 08:27:58.0312 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/21 08:27:58.0921 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/21 08:27:59.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/21 08:28:00.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/21 08:28:03.0078 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/21 08:28:03.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/21 08:28:04.0312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/21 08:28:05.0046 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/21 08:28:05.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/21 08:28:06.0281 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys

2010/10/21 08:28:06.0937 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys

2010/10/21 08:28:07.0546 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys

2010/10/21 08:28:08.0765 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys

2010/10/21 08:28:09.0421 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys

2010/10/21 08:28:10.0046 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/21 08:28:11.0296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/21 08:28:12.0312 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/21 08:28:13.0093 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/21 08:28:13.0921 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/21 08:28:15.0375 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/21 08:28:16.0765 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/21 08:28:17.0718 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/21 08:28:19.0031 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/21 08:28:19.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/21 08:28:21.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/21 08:28:21.0718 vsdatant (8d25c4dafc1c1e9d9884d89b1b0fa3ac) C:\WINDOWS\system32\vsdatant.sys

2010/10/21 08:28:22.0500 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

2010/10/21 08:28:23.0171 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/21 08:28:23.0812 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/21 08:28:25.0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/21 08:28:25.0812 WN111v2 (d496e93a2448b6bac1fcccec0f1a195f) C:\WINDOWS\system32\DRIVERS\WN111v2.sys

2010/10/21 08:28:26.0421 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/21 08:28:27.0031 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/21 08:28:27.0625 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys

2010/10/21 08:28:28.0234 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/21 08:28:28.0890 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/21 08:28:29.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/21 08:28:29.0703 ================================================================================

2010/10/21 08:28:29.0703 Scan finished

2010/10/21 08:28:29.0703 ================================================================================

2010/10/21 08:28:29.0734 Detected object count: 1

2010/10/21 08:31:13.0796 Forged file(nv) - User select action: Skip

2010/10/21 08:31:31.0031 Deinitialize success

********************************************************************************

************************************

****< End TDSSKiller log >*****************************************************************************

*************

********************************************************************************

************************************

ComboFix log:

ComboFix 10-10-20.04 - Christopher 10/21/2010 9:20.1.4 - x86

Running from: c:\documents and settings\Christopher\Desktop\ComboFix.exe

.

ADS - WINDOWS: deleted 8 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Christopher\Application Data\Desktopicon

c:\documents and settings\Christopher\Application Data\Desktopicon\eBay.ico

c:\documents and settings\Christopher\Application Data\Desktopicon\uninst.exe

c:\documents and settings\Christopher\g2mdlhlpx.exe

c:\program files\Internet Explorer\SET7C.tmp

c:\program files\Internet Explorer\SET7D.tmp

C:\test.txt

c:\windows\system32\_000012_.tmp.dll

c:\windows\system32\msvcsv60.dll

c:\windows\system32\skinboxer43.dll

I:\Autorun.inf

J:\Autorun.inf

L:\autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))

.

7051-02-23 02:36 . 7051-02-23 02:36 6 ---ha-w- C:\rasmon.bin

7051-02-23 02:36 . 7051-02-23 02:36 4 ---ha-w- C:\ddefact.bin

2010-10-20 00:33 . 2010-10-20 00:33 -------- d-----w- c:\documents and settings\Christopher\Application Data\SUPERAntiSpyware.com

2010-10-20 00:33 . 2010-10-20 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-20 00:32 . 2010-10-20 00:33 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-10-18 21:11 . 2010-10-18 21:11 -------- d-----w- c:\documents and settings\Christopher\Application Data\Malwarebytes

2010-10-18 21:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 21:10 . 2010-10-18 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-18 21:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 21:10 . 2010-10-18 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-16 20:35 . 2010-10-16 20:35 662 ----a-w- c:\windows\vimdiff.bat

2010-10-16 20:35 . 2010-10-16 20:35 662 ----a-w- c:\windows\view.bat

2010-10-16 20:35 . 2010-10-16 20:35 658 ----a-w- c:\windows\vim.bat

2010-10-16 20:35 . 2010-10-16 20:35 987 ----a-w- c:\windows\gvimdiff.bat

2010-10-16 20:35 . 2010-10-16 20:35 987 ----a-w- c:\windows\gview.bat

2010-10-16 20:35 . 2010-10-16 20:35 987 ----a-w- c:\windows\evim.bat

2010-10-16 20:35 . 2010-10-16 20:35 979 ----a-w- c:\windows\gvim.bat

2010-10-13 18:05 . 2010-10-13 18:05 1190472 ----a-w- c:\documents and settings\Christopher\gotomypc_574.exe

2010-10-13 11:50 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-13 11:50 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-13 11:49 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-12 16:39 . 2010-10-12 16:39 -------- d-----w- c:\program files\Common Files\Skype

2010-10-06 20:58 . 2010-10-06 20:58 -------- d-----w- c:\program files\MSECache

2010-10-06 19:04 . 2010-08-11 02:35 54776 ----a-w- c:\windows\system32\drivers\mozy.sys

2010-10-01 21:26 . 2010-10-01 21:26 -------- d-----w- c:\documents and settings\Christopher\Application Data\Palo Alto Software

2010-10-01 21:00 . 2010-10-01 21:00 -------- d-----w- c:\program files\Palo Alto Software

2010-10-01 21:00 . 2010-10-01 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Palo Alto Software

2010-10-01 20:58 . 2010-10-01 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PAS

2010-09-29 21:05 . 2010-09-29 21:05 -------- d-----w- c:\program files\iPod

2010-09-29 21:04 . 2010-09-29 21:07 -------- d-----w- c:\program files\iTunes

2010-09-29 20:58 . 2010-09-29 20:58 -------- d-----w- c:\program files\Bonjour

2010-09-27 21:35 . 2010-09-27 21:35 -------- d-----w- C:\Documents%20and%20Settings

2010-09-26 20:20 . 2010-09-28 12:30 -------- d-----w- c:\documents and settings\Christopher\Local Settings\Application Data\Ephox

2010-09-26 19:53 . 2010-09-26 19:53 -------- d-----w- c:\documents and settings\Christopher\vue_2

2010-09-26 19:51 . 2010-10-04 03:33 -------- d-----w- c:\documents and settings\Christopher\.SciPloreMindMapping

2010-09-26 19:41 . 2010-09-27 20:56 -------- d-----w- c:\documents and settings\Christopher\.freeplane

2010-09-26 18:02 . 2010-09-26 18:03 -------- d-----w- c:\documents and settings\Christopher\Application Data\XMind

2010-09-26 18:02 . 2010-10-01 13:52 -------- d-----w- c:\program files\XMind

2010-09-26 18:01 . 2010-09-26 18:02 -------- d-----w- c:\program files\VUE

2010-09-26 18:01 . 2010-09-26 18:01 -------- d-----w- c:\program files\SciPlore MindMapping

2010-09-26 18:00 . 2010-09-26 18:00 -------- d-----w- c:\program files\Freeplane

2010-09-26 17:59 . 2010-09-26 19:33 -------- d-----w- c:\program files\Compendium

2010-09-26 17:38 . 2010-09-26 17:39 -------- d-----w- c:\program files\MemoriesOnWeb

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2007-11-02 655640]

"GoodSync"="c:\program files\Siber Systems\GoodSync\GoodSync.exe" [2010-07-25 4679096]

"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

"Link Commander"="c:\program files\Link Commander\LinkCommander.exe" [2007-01-16 2809856]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-01-10 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"CTHelper"="CTHELPER.EXE" [2006-05-24 17920]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]

"VX6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]

"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]

"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2010-03-21 424480]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\Christopher\Start Menu\Programs\Startup\

Evernote.lnk - c:\program files\Evernote\Evernote3\EvernoteTray.exe [2009-11-30 350656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Advanced Archive Password Recovery.lnk - c:\program files\ElcomSoft\ARCHPR\ARCHPR.EXE [2005-11-30 579584]

Evernote.lnk - c:\program files\Evernote\Evernote3\EvernoteTray.exe [2009-11-30 350656]

FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2006-10-26 1092096]

Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-3-23 380928]

Macro Scheduler.lnk - c:\program files\Macro Scheduler\msched.exe [2006-8-23 1345944]

MediaMonkey.lnk - c:\program files\MediaMonkey\MediaMonkey.exe [2008-10-16 7894672]

Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

Quick ShutDown.lnk - c:\program files\Quick ShutDown\qsd.exe [2003-2-18 294400]

Stickies.lnk - c:\program files\stickies\stickies.exe [2007-3-9 700416]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KeyScrambler]

2010-03-21 15:30 109088 ----a-w- c:\windows\system32\KeyScramblerLogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyTime Organizer]

2006-08-03 18:49 36864 ----a-w- c:\program files\AnyTime Deluxe\AtDem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]

2007-10-31 05:35 77824 ----a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-09-03 21:37 133104 ----atw- c:\documents and settings\Christopher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-01-19 17:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-07-07 07:34 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-02-13 03:02 1217808 ----a-w- c:\program files\Valve\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2007-07-12 08:00 132496 ----a-w- c:\java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-08-19 00:02 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"a2AntiMalware"=2 (0x2)

"winvnc"=2 (0x2)

"mnmsrvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"AutoLogon"=3 (0x3)

"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ditto\\Ditto.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"l:\\Apps\\JDev_10.1.3.1\\jdev\\bin\\jdev.exe"=

"l:\\Apps\\JDev_10.1.3.1\\jdk\\bin\\javaw.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\eldaveer\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"c:\\Program Files\\Ubisoft\\Chessmaster Grandmaster Edition\\game.exe"=

"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Java\\jre1.6.0_02\\bin\\javaw.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\JDeveloper\\jdk\\bin\\javaw.exe"=

"c:\\JDeveloper\\jdev\\bin\\jdev.exe"=

"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=

"c:\\Documents and Settings\\Christopher\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Christopher\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Elisa\\elisa.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Documents and Settings\\Christopher\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\SecondLife\\SLVoice.exe"=

"c:\\Program Files\\MasterWriter 2.0\\jre\\bin\\java.exe"=

"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=

"c:\\Program Files\\NinjaTrader 6.5\\bin\\NinjaTrader.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Zend\\Zend Studio - 7.2.0\\ZendStudio.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [1/10/2009 7:22 PM 16384]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/12/2009 7:22 AM 206256]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/12/2009 7:23 AM 51488]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/12/2009 7:23 AM 39200]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/2/2009 2:02 PM 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/20/2009 29416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2009 2:02 PM 17744]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 5:42 PM 156968]

R2 GlidePoint;GlidePoint Touchpad Client;c:\program files\GlidePoint\glidesvc.exe [6/11/2007 4:54 PM 180224]

R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\InetLock.sys [7/7/2008 3:00 AM 17659]

R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [7/23/2008 6:58 AM 139264]

R3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [7/14/2010 11:27 PM 23096]

R3 glideps2;GlidePoint PS/2 Touchpad Filter;c:\windows\system32\drivers\glideps2.sys [2/16/2008 11:49 AM 17792]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/12/2008 7:05 PM 57440]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2/16/2008 12:30 PM 114952]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [5/31/2008 3:46 PM 434688]

S2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [8/23/2007 8:49 PM 246784]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 5:58 PM 135664]

S2 Mercury;Mercury;c:\xampp\xampp_service_mercury.exe [12/20/2009 78480]

S3 AutoLogon;Auto Logon Service;c:\program files\Macro Scheduler\autologonsvc.exe [8/23/2006 3:44 AM 197840]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]

S3 DrmCDriverV32;DrmCDriverV32;c:\windows\system32\drivers\DrmCDriverV32.sys [6/23/2010 11:22 AM 508544]

S3 DrmCVideo32;DrmCVideo32;c:\windows\system32\drivers\DrmCVideo32.sys [9/14/2008 11:34 AM 3768]

S3 hipeer81;Remobo Virtual Interface;c:\windows\system32\drivers\hipeer81.sys [12/6/2006 2:08 PM 54528]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2/1/2009 5:59 PM 20696]

S3 ma763006;M-Audio Transit USB;c:\windows\system32\drivers\MA763006.sys [5/23/2010 2:35 PM 41216]

S3 MADFU006;MADFU006;c:\windows\system32\drivers\MADFU006.sys [5/23/2010 2:35 PM 16512]

S3 mschedsvc;Macro Scheduler Service;c:\program files\Macro Scheduler\msschedsvc.exe [8/23/2006 3:44 AM 183504]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/5/2008 3:45 PM 348752]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [6/23/2010 11:23 AM 245760]

S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [6/23/2010 11:23 AM 245760]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/12/2009 7:23 AM 33056]

S3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]

S3 Transit USBInstallerService;Transit USB Installer;c:\program files\M-Audio Transit USB\Install\TUSBInst.exe [5/23/2010 2:35 PM 49152]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 7:56 PM 2383152]

S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\downloads\aircrack-ng-1.0-rc1-win\bin\wzcook.exe" --> c:\downloads\aircrack-ng-1.0-rc1-win\bin\wzcook.exe [?]

S4 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/12/2009 7:22 AM 159600]

S4 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/12/2009 7:22 AM 64392]

.

Contents of the 'Scheduled Tasks' folder

2010-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:58]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 21:58]

2010-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1383384898-725345543-1004Core.job

- c:\documents and settings\Christopher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:37]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1383384898-725345543-1004UA.job

- c:\documents and settings\Christopher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:37]

2010-10-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: &Down&load &Link& Us&ing Ge&tGo - c:\program files\GetGo Software\GetGo Download Manager\GGCatch.htm

IE: &Down&load All &Links& Us&ing Ge&tGo - c:\program files\GetGo Software\GetGo Download Manager\GGCatchAll.htm

IE: &GetGo Toolbar Search - c:\program files\GetGo Software\GetGo Download Manager\GGToolBand.dll/MENUSEARCH.HTM

IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Add to Link Commander collection - c:\program files\Link Commander\add_link.htm

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Download images to iGrab - c:\program files\iGrab\iGrab.exe/%23237

IE: Download videos to iGrab - c:\program files\iGrab\iGrab.exe/%23246

IE: Download with Xilisoft YouTube Video Converter - c:\program files\Video Converters\YouTube Video Converter\upod_link.HTM

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Zend Studio - Debug current page - c:\program files\Zend\Zend Studio - 7.2.0\toolbars\ZendIEToolbar.dll/DebugCurrent.html

IE: Zend Studio - Debug next page - c:\program files\Zend\Zend Studio - 7.2.0\toolbars\ZendIEToolbar.dll/DebugNext.html

IE: {{01A13E40-2F55-4397-B39B-7851BCFB8008} - c:\program files\GetGo Software\GetGo Download Manager\GetGoDM.exe

IE: {{0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - {0492EC8E-CBD1-4303-BC8B-74A8EC2CED09} - c:\progra~1\LINKCO~1\LCLaunch.dll

IE: {{12ADBF1D-867C-418b-9E14-57B54B13C292} - {48E3917C-0227-4EB7-83A7-5C76D8B6724C} - c:\program files\Naturally Open\WWWinkazon\WWWinkazon.dll

IE: {{4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - {4712ACB0-8ABC-4FF1-8485-2FC9E9348542} - c:\progra~1\LINKCO~1\LCAdd.dll

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: //rhap-app-4-0.real.com/

Trusted Zone: //rhapapp.real.com/

Trusted Zone: intuit.com

Trusted Zone: intuit.com\ttlc

Trusted Zone: listen.com

Trusted Zone: llnwd.net

Trusted Zone: real.com

Trusted Zone: real.com\rhapapp

Trusted Zone: tradestation.com\www

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath -

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

------- File Associations -------

.

txtfile="c:\program files\vim\vim72\gvim.exe %1"

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe

MSConfigStartUp-a-squared - c:\program files\a-squared Anti-Malware\a2guard.exe

MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe

MSConfigStartUp-WinVNC - c:\program files\TightVNC\WinVNC.exe

AddRemove-eBay Icon - c:\documents and settings\Christopher\Application Data\Desktopicon\uninst.exe

AddRemove-HijackThis - c:\downloads\HijackThis.exe

AddRemove-phpDesigner7_is1 - c:\program files\WebTools\phpDesigner 7\unins000.exe

AddRemove-TopStyle4_is1 - c:\program files\WebTools\TopStyle 4\unins000.exe

AddRemove-Totalcmd - c:\program files\TotalCmdr\tcuninst.exe

AddRemove-Adobe Digital Editions - c:\documents and settings\christopher\application data\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1383384898-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1383384898-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7F5ECCF-DFC2-4F59-4CB7-FDB2F70B0441}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1383384898-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ec,54,84,29,4f,15,4c,f0,5a,18,0f,d2,10,60,9e,a5,c5,74,1e,95,be,8f,e2,

c8,00,2c,2f,6b,99,31,78,a9,ce,23,c3,61,a8,35,ca,34,87,b1,48,04,80,64,f0,f1,\

"??"=hex:f1,42,49,73,a4,b4,8b,22,77,dd,69,bc,52,95,ad,ee

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Xanthic\{290A6A8A-0F70-FC9A-A343-BE3AB91B8116}*_]

"fr"="078E767044555A"

"lr"="078E4B4A5E554A"

[HKEY_LOCAL_MACHINE\software\Xanthic\{EA85997E-F0A5-F38F-C44B-1D1A619FAE56}*_]

"fr"="F94C3121C939E340"

"lr"="8A6745BBCA39E340"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1608)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\KeyScramblerLogon.dll

- - - - - - - > 'explorer.exe'(3088)

c:\windows\system32\WININET.dll

c:\windows\system32\nview.dll

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\Subversion\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\Subversion\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\Subversion\TortoiseSVN\bin\intl3_tsvn.dll

c:\windows\system32\ctagent.dll

c:\program files\MediaMonkey\DeskPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\brss01a.exe

c:\windows\system32\acs.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\xampp\mysql\bin\mysqld.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\wscntfy.exe

c:\program files\Subversion\TortoiseSVN\bin\TSVNCache.exe

c:\windows\CTHELPER.EXE

c:\windows\system32\CTXFIHLP.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\rundll32.exe

c:\windows\SYSTEM32\CTXFISPI.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-10-21 10:06:08 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-21 14:06

Pre-Run: 28,901,187,584 bytes free

Post-Run: 31,752,241,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 3FAB0E31292627BFC596205DB34E8E5E

********************************************************************************

************************************

****< End ComboFix log >*****************************************************************************

***************

********************************************************************************

************************************

END of POST

Link to post
Share on other sites

2010/10/21 08:27:24.0093 nv (d773337c2da933c6c457001079266f12) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/21 08:27:24.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: d773337c2da933c6c457001079266f12, Fake md5: 8c0456001b6900114bbb1c548bd8aaf5

2010/10/21 08:27:24.0281 nv - detected Forged file (1)

2010/10/21 08:28:29.0734 Detected object count: 1

2010/10/21 08:31:13.0796 Forged file(nv) - User select action: Skip

2010/10/21 08:31:31.0031 Deinitialize success

OK, TDSSKiller found a fake driver.

Run TDSSKiller again but this time choose Cure.

Reboot and run TDSSKiller again to confirm that nothing is found and you're clean.

-------------------------

I'm looking over the ComboFix log now, MrC

Link to post
Share on other sites

2010/10/21 08:27:24.0093 nv (d773337c2da933c6c457001079266f12) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/21 08:27:24.0265 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: d773337c2da933c6c457001079266f12, Fake md5: 8c0456001b6900114bbb1c548bd8aaf5

2010/10/21 08:27:24.0281 nv - detected Forged file (1)

2010/10/21 08:28:29.0734 Detected object count: 1

2010/10/21 08:31:13.0796 Forged file(nv) - User select action: Skip

2010/10/21 08:31:31.0031 Deinitialize success

OK, TDSSKiller found a fake driver.

Run TDSSKiller again but this time choose Cure.

Reboot and run TDSSKiller again to confirm that nothing is found and you're clean.

Thanks. I re-ran TDSSKiller. It did not find anything this time.

BTW, I remember when I saw that forged file in TDSSKiller come up. "Cure" wasn't an option. It was Skip or Quarantine... I skipped it. Now it's gone. Perhaps ComboFix removed it?

Here is the new log:

2010/10/21 10:54:13.0890 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/21 10:54:13.0890 ================================================================================

2010/10/21 10:54:13.0890 SystemInfo:

2010/10/21 10:54:13.0890

2010/10/21 10:54:13.0890 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/21 10:54:13.0890 Product type: Workstation

2010/10/21 10:54:13.0890 ComputerName: HERCULES

2010/10/21 10:54:13.0890 UserName: Christopher

2010/10/21 10:54:13.0890 Windows directory: C:\WINDOWS

2010/10/21 10:54:13.0890 System windows directory: C:\WINDOWS

2010/10/21 10:54:13.0890 Processor architecture: Intel x86

2010/10/21 10:54:13.0890 Number of processors: 4

2010/10/21 10:54:13.0890 Page size: 0x1000

2010/10/21 10:54:13.0890 Boot type: Normal boot

2010/10/21 10:54:13.0890 ================================================================================

2010/10/21 10:54:14.0140 Initialize success

2010/10/21 10:54:16.0750 ================================================================================

2010/10/21 10:54:16.0750 Scan started

2010/10/21 10:54:16.0750 Mode: Manual;

2010/10/21 10:54:16.0750 ================================================================================

2010/10/21 10:54:17.0609 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/10/21 10:54:18.0015 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/21 10:54:18.0578 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/21 10:54:19.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/21 10:54:20.0328 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/21 10:54:20.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/21 10:54:24.0343 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/21 10:54:25.0312 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys

2010/10/21 10:54:25.0875 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/10/21 10:54:26.0453 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/10/21 10:54:27.0031 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/10/21 10:54:27.0390 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/10/21 10:54:27.0437 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/10/21 10:54:28.0015 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/21 10:54:28.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/21 10:54:29.0734 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/21 10:54:30.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/21 10:54:30.0890 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

2010/10/21 10:54:31.0250 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/21 10:54:31.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/21 10:54:32.0515 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/21 10:54:32.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/21 10:54:32.0921 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/21 10:54:33.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/21 10:54:35.0843 ctac32k (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys

2010/10/21 10:54:36.0453 ctaud2k (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys

2010/10/21 10:54:37.0015 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys

2010/10/21 10:54:37.0625 ctprxy2k (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2010/10/21 10:54:37.0953 ctsfm2k (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2010/10/21 10:54:39.0500 DigiFilter (74dd46d49809c5f689f24ccdd0d18a4e) C:\WINDOWS\system32\drivers\DigiFilt.sys

2010/10/21 10:54:39.0843 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/21 10:54:39.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/21 10:54:40.0531 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/21 10:54:40.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/21 10:54:40.0921 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/21 10:54:41.0515 DNE (65fa8bc40664aec99348f98f0b4c2f7c) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2010/10/21 10:54:42.0046 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS

2010/10/21 10:54:43.0046 DrmCAudio (bbd1be3de57c680a60a3b784a60b3524) C:\WINDOWS\system32\drivers\DrmCAudio.sys

2010/10/21 10:54:43.0625 DrmCDriverV32 (7d38e35fadd5280c586e4b6219dbb7b3) C:\WINDOWS\system32\drivers\DrmCDriverV32.sys

2010/10/21 10:54:44.0171 DrmCVideo32 (cdd8b9ba186874f11618ff4b835fad75) C:\WINDOWS\system32\DRIVERS\DrmCVideo32.sys

2010/10/21 10:54:44.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/21 10:54:45.0281 emupia (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys

2010/10/21 10:54:45.0796 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys

2010/10/21 10:54:46.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/21 10:54:46.0937 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/10/21 10:54:47.0500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/21 10:54:48.0062 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/10/21 10:54:48.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/21 10:54:49.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/21 10:54:49.0734 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/21 10:54:50.0296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/10/21 10:54:50.0859 glideps2 (8735064c5ebee85e0fc8c6c777aa235c) C:\WINDOWS\system32\DRIVERS\glideps2.sys

2010/10/21 10:54:51.0421 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/21 10:54:52.0015 ha20x2k (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys

2010/10/21 10:54:52.0562 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/21 10:54:53.0109 hipeer81 (f03da1eb7ed0bfdf39a9b12818f3ddb3) C:\WINDOWS\system32\DRIVERS\hipeer81.sys

2010/10/21 10:54:54.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/21 10:54:55.0875 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/21 10:54:56.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/21 10:54:56.0984 INETLOCK (e3dbe4c5522150423188a5487433d4a2) C:\WINDOWS\system32\drivers\Inetlock.sys

2010/10/21 10:54:58.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/21 10:54:59.0171 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/21 10:54:59.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/21 10:55:00.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/21 10:55:00.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/21 10:55:01.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/21 10:55:01.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/21 10:55:02.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/21 10:55:03.0046 JSWSCIMD (335a35f4c6c3eee724201eafcd6ffc46) C:\WINDOWS\system32\DRIVERS\jswscimd.sys

2010/10/21 10:55:03.0625 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/21 10:55:04.0156 KeyScrambler (75c3aca076eba5a676e3552085545f21) C:\WINDOWS\system32\drivers\keyscrambler.sys

2010/10/21 10:55:04.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/21 10:55:05.0281 KORGUMDS (816c1d5d831277d0a70d543ae201603d) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS

2010/10/21 10:55:05.0843 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/21 10:55:06.0968 ma763006 (f994c1d602b6ff4de4f13c653a81049c) C:\WINDOWS\system32\drivers\MA763006.sys

2010/10/21 10:55:07.0515 MADFU006 (2888658b6ebfe16ab13806e46f3551d2) C:\WINDOWS\system32\DRIVERS\MADFU006.sys

2010/10/21 10:55:08.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/21 10:55:09.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/21 10:55:09.0734 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/21 10:55:10.0281 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/21 10:55:10.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/21 10:55:12.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/21 10:55:13.0046 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/21 10:55:13.0609 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/21 10:55:14.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/21 10:55:14.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/21 10:55:15.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/21 10:55:15.0843 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/21 10:55:16.0390 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/21 10:55:16.0953 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2010/10/21 10:55:17.0515 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/21 10:55:18.0093 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/21 10:55:18.0656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/21 10:55:19.0234 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/21 10:55:19.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/21 10:55:20.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/21 10:55:20.0906 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/21 10:55:21.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/21 10:55:22.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/21 10:55:22.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/21 10:55:23.0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/21 10:55:23.0718 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/21 10:55:24.0234 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS

2010/10/21 10:55:24.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/21 10:55:25.0265 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/21 10:55:25.0828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/21 10:55:26.0609 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/21 10:55:27.0312 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys

2010/10/21 10:55:27.0640 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2010/10/21 10:55:28.0187 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2010/10/21 10:55:28.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/21 10:55:29.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/21 10:55:29.0875 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/21 10:55:30.0437 ossrv (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys

2010/10/21 10:55:30.0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/21 10:55:31.0531 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/21 10:55:32.0093 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/21 10:55:32.0640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/21 10:55:33.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/21 10:55:33.0078 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/21 10:55:33.0625 PCTCore (d302a59e6d1842a201930928a5bad68b) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/21 10:55:34.0218 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys

2010/10/21 10:55:34.0781 pctplsg (5aa75b88e57aedf7fdb1f6b5196ad8a6) C:\WINDOWS\system32\drivers\pctplsg.sys

2010/10/21 10:55:35.0265 PfModNT (4ed9a978c079689bdea1184d15fa6323) C:\WINDOWS\system32\drivers\PfModNT.sys

2010/10/21 10:55:35.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/21 10:55:36.0125 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/21 10:55:36.0468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/21 10:55:36.0796 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/21 10:55:37.0203 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/21 10:55:37.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/21 10:55:37.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/21 10:55:37.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/21 10:55:37.0968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/21 10:55:38.0546 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/21 10:55:38.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/21 10:55:39.0171 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/21 10:55:39.0484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/21 10:55:39.0546 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys

2010/10/21 10:55:39.0765 RVIEG01 (93f66faea8bf047d4242ac85aada403d) C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys

2010/10/21 10:55:39.0812 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2010/10/21 10:55:39.0828 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2010/10/21 10:55:40.0421 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys

2010/10/21 10:55:41.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/21 10:55:41.0046 Sentinel (3e7ff2405bcc1384d946dc45edc7ed61) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2010/10/21 10:55:41.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/21 10:55:41.0125 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/21 10:55:41.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/21 10:55:41.0312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/21 10:55:41.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/21 10:55:41.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/21 10:55:41.0515 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/21 10:55:41.0640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/21 10:55:41.0687 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/21 10:55:41.0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/21 10:55:41.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/21 10:55:42.0000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/21 10:55:42.0046 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/21 10:55:42.0078 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/21 10:55:42.0093 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/21 10:55:42.0156 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys

2010/10/21 10:55:42.0203 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys

2010/10/21 10:55:42.0234 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys

2010/10/21 10:55:42.0312 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\WINDOWS\system32\drivers\TPkd.sys

2010/10/21 10:55:42.0359 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys

2010/10/21 10:55:42.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/21 10:55:42.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/21 10:55:42.0750 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/21 10:55:42.0781 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/21 10:55:42.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/21 10:55:42.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/21 10:55:42.0937 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/21 10:55:42.0984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/21 10:55:43.0015 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/21 10:55:43.0078 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/21 10:55:43.0109 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/21 10:55:43.0187 vsdatant (8d25c4dafc1c1e9d9884d89b1b0fa3ac) C:\WINDOWS\system32\vsdatant.sys

2010/10/21 10:55:43.0343 VX6000 (61fc38a2e136a2e5944e7ca286abaaae) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys

2010/10/21 10:55:43.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/21 10:55:43.0500 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/21 10:55:43.0562 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/21 10:55:43.0625 WN111v2 (d496e93a2448b6bac1fcccec0f1a195f) C:\WINDOWS\system32\DRIVERS\WN111v2.sys

2010/10/21 10:55:43.0671 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/21 10:55:43.0718 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/21 10:55:43.0781 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys

2010/10/21 10:55:43.0828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/21 10:55:43.0984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/21 10:55:44.0000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/21 10:55:44.0171 ================================================================================

2010/10/21 10:55:44.0171 Scan finished

2010/10/21 10:55:44.0171 ================================================================================

2010/10/21 10:56:17.0000 Deinitialize success

Link to post
Share on other sites

If you don't need it, please delete it, MrC

Done.

I re-ran TDSSKiller. It found nothing.

BTW, before I posted to this forum I followed the instructions in the post here (titled "I'm infected - What do I do now?, Please follow these instructions to clean your system"):

http://forums.malwarebytes.org/index.php?showtopic=9573

I did the following. I have NOT yet re-enabled the drivers using DeFogger. SHOULD I DO THAT NOW?

Disable CD-ROM Emulation Software

DeFogger - Disable

Please download the following tool DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear

Click the Disable button to disable your CD Emulation drivers.

Click Yes to continue

A 'Finished!' message will appear

Click OK

DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Link to post
Share on other sites

The problem is still showing up. :)

After rebooting and re-running TDSSKiller and seeing it clean, I turned on my Avast anti-virus protection and opened a browser. I hit Ctrl-N to open a new window and a pop-up window came up in addition to that new window. The URL of the pop-up? You guessed it:

epoclick.com

See attched GIF for a view of this #(%*$.

At this point I am really wondering if this thing really IS malware. While doing some research last night I came across an APPLE forum where they were discussing the same problem with epoclick redirects! On MACs! Here's that link:

http://discussions.info.apple.com/message....sageID=12448147

How can malware affect both Windows and Mac machines?

What do I do now?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.