Greggars Posted November 5, 2010 ID:340005 Share Posted November 5, 2010 Hey guys - I've recently had quite a nasty virus attack, and I think I've managed to get rid of most of it - I did a System Restore and then via Malwarebytes, Spybot S&D and SuperAntiSpyware managed to get rid of a lot of it.However, there are still two problems I have. I frequently get a message saying "windows host explorer has stopped working" which has slowed my IE down, and I also seem to have a lot of files when scanning called "virtumonde" which aren't picked up under harmful files, but are just made aware to me by S&D. I read the "what do I do now?" topic and I'm still stuck.I have my HijackThis log, but I've no idea what to look for or what should/shouldn't be there. So I was wondering if some-one could help?Logfile of Trend Micro HijackThis v2.0.4Scan saved at 09:44:38, on 05/11/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18527)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exeC:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\SGPSA\ie3sh.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Windows\system32\igfxext.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Windows\system32\wbem\unsecapp.exeC:\Users\Josh\AppData\Local\Temp\RtkBtMnt.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Windows Live\Toolbar\wltuser.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dllO1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dllO2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exeO4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exeO4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeO4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exeO4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s...ri_4.1.71.0.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cabO16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exeO23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exeO23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exeO23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exeO23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exeO23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exeO23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - c:\Program Files\Cyberlink\Shared files\RichVideo.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 12987 bytes Link to post Share on other sites More sharing options...
kahdah Posted November 5, 2010 ID:340028 Share Posted November 5, 2010 Hello GreggarsWelcome to Malwarebytes.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?" Link to post Share on other sites More sharing options...
Greggars Posted November 7, 2010 Author ID:340960 Share Posted November 7, 2010 Thanks for replying. The RootKit link isn't working however - I've been trying it for a couple of hours and it just wont open, I just get the IE error message.OTL did work however, and here is the two notepad documents:OTL logfile created on: 07/11/2010 11:25:09 - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Josh\DesktopWindows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 7.0.6001.18000)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 69.65 Gb Total Space | 21.38 Gb Free Space | 30.70% Space Free | Partition Type: NTFSDrive D: | 69.64 Gb Total Space | 69.55 Gb Free Space | 99.87% Space Free | Partition Type: NTFSComputer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\Josh\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)PRC - C:\Program Files\SGPSA\ie3sh.exe ()PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)PRC - C:\Users\Josh\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)PRC - C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe (Acer Incorporated)PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()PRC - C:\Windows\explorer.exe (Microsoft Corporation)PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)PRC - C:\Program Files\Acer\Empowering Technology\eRecovery\HidChk.exe (Acer Inc.)PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()PRC - C:\Acer\Mobility Center\MobilityService.exe ()========== Modules (SafeList) ==========MOD - C:\Users\Josh\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)MOD - C:\Windows\System32\SysHook.dll ()========== Win32 Services (SafeList) ==========SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not foundSRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()========== Driver Services (SafeList) ==========DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not foundDRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not foundDRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not foundDRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_5735IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (MTWB)IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localFF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/05 11:00:53 | 000,000,000 | ---D | M][2009/06/28 08:57:57 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\extensions[2009/06/28 08:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}O1 HOSTS File: ([2010/07/21 22:32:25 | 000,000,925 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO1 - Hosts: 127.0.0.1 serial.alcohol-soft.comO1 - Hosts: 127.0.0.1 www.alcohol-soft.comO1 - Hosts: 127.0.0.1 images.alcohol-soft.comO1 - Hosts: 127.0.0.1 trial.alcohol-soft.comO1 - Hosts: 127.0.0.1 alcohol-soft.comO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [bkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)O4 - HKLM..\Run: [eRecoveryService] File not foundO4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not foundO4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)O13 - gopher Prefix: missingO15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\Josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO24 - Desktop BackupWallPaper: C:\Users\Josh\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpgO29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{4c30a3cc-6880-11de-9465-001d72f8b10f}\Shell - "" = AutorunO33 - MountPoints2\{4c30a3cc-6880-11de-9465-001d72f8b10f}\Shell\AutoRun\command - "" = C:\Windows\System32\shell32.dll -- [2010/07/26 16:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)O33 - MountPoints2\{4c30a3cc-6880-11de-9465-001d72f8b10f}\Shell\Open\command - "" = G:\RECYCLER\S-1-0-71-100014905-100021752-100008842-7981.com -- File not foundO33 - MountPoints2\{f91dc238-9516-11df-bb71-001d72f8b10f}\Shell - "" = AutoRunO33 - MountPoints2\{f91dc238-9516-11df-bb71-001d72f8b10f}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/11/07 11:24:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe[2010/11/04 21:29:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2010/11/04 18:42:35 | 000,000,000 | ---D | C] -- C:\VundoFix Backups[2010/11/04 14:07:16 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com[2010/11/04 14:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com[2010/11/04 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware[2010/11/04 08:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2010/11/04 08:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2010/11/03 19:29:50 | 000,000,000 | ---D | C] -- C:\Windows\Sun[2010/11/03 18:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage[2010/11/03 13:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun[2010/11/03 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2010/11/03 13:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010/11/02 00:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010/11/01 21:02:40 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server[2010/11/01 20:52:03 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\{F260FCBD-D04F-425B-85F0-269A955896C7}[2010/11/01 20:19:45 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Uspi[2010/11/01 20:04:21 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Yvbeu[2010/11/01 20:03:39 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Ziuxd[2010/11/01 20:03:38 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Uhudp[2010/11/01 19:10:42 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Atari[2010/11/01 19:07:02 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Leadertech[2010/10/26 18:05:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll[2010/10/26 18:05:45 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll[2010/10/21 09:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2010/10/21 09:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2010/10/21 09:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}[2010/10/21 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime[2010/10/21 08:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2010/10/18 19:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Championship Manager 01-02[2010/10/18 19:01:23 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe[2010/10/14 02:01:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll[2010/10/13 22:19:02 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll[2010/10/13 22:18:47 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL[2010/10/13 22:18:36 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll[2010/10/13 22:18:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll[2010/10/13 22:18:34 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll[2010/10/13 22:18:33 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2010/10/13 22:18:31 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll[2010/10/13 22:18:26 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2010/10/13 22:18:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll[2010/10/13 22:18:24 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll[2010/10/13 22:18:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec[2010/10/13 22:18:24 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll[2010/10/13 22:18:24 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll[2010/10/13 22:18:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll[2010/10/13 22:18:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll[2010/10/13 22:18:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2010/10/13 22:18:23 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2009/03/09 21:58:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Josh\Documents\*.tmp files -> C:\Users\Josh\Documents\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/11/07 11:26:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010/11/07 11:26:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010/11/07 11:24:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe[2010/11/07 11:20:02 | 000,005,972 | ---- | M] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat[2010/11/07 11:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2010/11/07 11:20:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml[2010/11/07 11:19:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2010/11/07 11:19:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2010/11/07 11:19:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2010/11/07 11:19:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010/11/07 11:19:16 | 3146,620,928 | -HS- | M] () -- C:\hiberfil.sys[2010/11/05 09:44:16 | 000,002,521 | ---- | M] () -- C:\Users\Josh\Desktop\HiJackThis.lnk[2010/11/04 20:35:47 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk[2010/11/04 20:30:34 | 000,001,083 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk[2010/11/04 20:30:34 | 000,001,059 | ---- | M] () -- C:\Users\Josh\Desktop\Spybot - Search & Destroy.lnk[2010/11/02 10:27:03 | 000,043,008 | ---- | M] () -- C:\Users\Josh\Documents\draft for reflective learning skills.doc[2010/11/01 20:04:29 | 000,000,008 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\ozbjdt.dat[2010/11/01 20:04:27 | 000,000,004 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\avdrn.dat[2010/11/01 16:53:23 | 000,010,518 | ---- | M] () -- C:\Users\Josh\Documents\Letter to Sheffield.docx[2010/10/31 15:03:40 | 000,083,456 | ---- | M] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010/10/31 09:47:54 | 207,936,532 | ---- | M] () -- C:\Windows\MEMORY.DMP[2010/10/21 09:46:19 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2010/10/21 09:30:50 | 000,127,176 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat[2010/10/21 09:01:10 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2010/10/14 02:23:35 | 000,299,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Users\Josh\Documents\*.tmp files -> C:\Users\Josh\Documents\*.tmp -> ]========== Files Created - No Company Name ==========[2010/11/05 09:43:58 | 000,002,521 | ---- | C] () -- C:\Users\Josh\Desktop\HiJackThis.lnk[2010/11/04 20:35:47 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk[2010/11/04 20:30:34 | 000,001,083 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk[2010/11/04 20:30:34 | 000,001,059 | ---- | C] () -- C:\Users\Josh\Desktop\Spybot - Search & Destroy.lnk[2010/11/04 13:09:37 | 3146,620,928 | -HS- | C] () -- C:\hiberfil.sys[2010/11/01 20:04:29 | 000,000,008 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\ozbjdt.dat[2010/11/01 20:04:27 | 000,000,004 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\avdrn.dat[2010/11/01 16:53:22 | 000,010,518 | ---- | C] () -- C:\Users\Josh\Documents\Letter to Sheffield.docx[2010/10/27 09:59:53 | 000,043,008 | ---- | C] () -- C:\Users\Josh\Documents\draft for reflective learning skills.doc[2010/10/21 09:30:50 | 000,127,176 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat[2010/10/21 09:04:17 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2010/10/21 09:01:10 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2010/09/14 17:39:07 | 000,000,800 | ---- | C] () -- C:\ProgramData\hpzinstall.log[2010/03/24 17:57:21 | 000,000,000 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\wklnhst.dat[2010/03/15 01:33:14 | 000,025,152 | ---- | C] () -- C:\Users\Josh\AppData\Roaming\UserTile.png[2010/02/26 22:39:32 | 000,005,972 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat[2010/02/26 22:37:28 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2009/07/05 10:43:03 | 000,083,456 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/03/09 22:18:42 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini[2009/03/09 22:15:54 | 000,006,071 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log[2009/03/09 22:13:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll[2009/03/09 22:09:54 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini[2009/03/09 21:57:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll[2009/02/02 21:03:59 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll[2009/02/02 20:49:30 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll[2009/02/02 20:49:30 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll[2009/02/02 03:11:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll[2009/02/02 03:11:15 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll[2009/02/02 03:11:15 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll[2009/02/02 03:10:43 | 000,000,042 | ---- | C] () -- C:\Windows\Prelaunch.ini[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2001/12/27 00:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll[2001/09/04 07:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll[2001/07/31 00:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll[2001/07/24 06:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll========== LOP Check ==========[2009/02/02 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Acer GameZone Console[2010/04/29 06:38:39 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Amiz[2010/11/01 20:56:43 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Atari[2010/11/04 21:24:46 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Big Match Striker[2009/08/14 12:39:51 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BraCa_Soft[2010/07/22 08:08:26 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\DAEMON Tools Pro[2009/08/27 14:24:39 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Flood Light Games[2009/07/31 15:44:25 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Go-Go Gourmet Chef of the Year[2010/11/01 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Leadertech[2009/08/06 15:52:02 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Meridian93[2010/03/15 01:33:14 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PeerNetworking[2009/08/31 22:52:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\PowerCinema[2010/11/01 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Qiynd[2010/01/19 13:50:20 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Skinux[2009/08/31 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\SoftDMA[2010/03/05 20:13:40 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Sports Interactive[2010/10/27 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Spotify[2010/03/24 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Template[2010/11/02 09:11:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Uhudp[2010/11/02 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Uspi[2010/11/04 20:34:13 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent[2010/09/07 15:39:35 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Ypys[2010/11/01 20:04:21 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Yvbeu[2010/11/01 20:04:16 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Ziuxd[2010/11/05 11:18:36 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Files - Unicode (All) ==========[2010/11/03 20:28:02 | 000,001,285 | ---- | M] ()(C:\?w) -- C:\?w[2010/11/03 20:27:18 | 000,000,192 | ---- | M] ()(C:\?w Link to post Share on other sites More sharing options...
kahdah Posted November 7, 2010 ID:340991 Share Posted November 7, 2010 Ok try this one please.Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done. Link to post Share on other sites More sharing options...
Greggars Posted November 7, 2010 Author ID:341171 Share Posted November 7, 2010 Thanks again for the quick replyGMER 1.0.15.15507 - http://www.gmer.netRootkit scan 2010-11-07 19:55:24Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600BEVT-22ZCT0 11.01A11Running: rbdqesof.exe; Driver: C:\Users\Josh\AppData\Local\Temp\kwldypow.sys---- System - GMER 1.0.15 ----SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F2C4620]INT 0x72 ? 86649BF8INT 0x72 ? 86649BF8INT 0x72 ? 86649BF8INT 0x72 ? 86649BF8INT 0x72 ? 86649BF8INT 0x82 ? 86649BF8INT 0x92 ? 848E9BF8INT 0x92 ? 848E9BF8INT 0x92 ? 848E9BF8INT 0x92 ? 848E9BF8INT 0x92 ? 848E9BF8INT 0xA2 ? 86649BF8---- Kernel code sections - GMER 1.0.15 ----.text ntkrnlpa.exe!KeSetTimerEx + 854 820FBF18 4 Bytes [20, 46, 2C, 8F]? System32\Drivers\spdr.sys The system cannot find the path specified. !PAGE ataport.SYS!DllUnload 82682B2E 5 Bytes JMP 848E91D8 .text USBPORT.SYS!DllUnload 8E7D246F 5 Bytes JMP 866491D8 ---- User code sections - GMER 1.0.15 ----.text C:\Windows\Explorer.EXE[1668] ntdll.dll!NtProtectVirtualMemory 77668968 5 Bytes JMP 0050000A .text C:\Windows\Explorer.EXE[1668] ntdll.dll!NtWriteVirtualMemory 776692A8 5 Bytes JMP 0051000A .text C:\Windows\Explorer.EXE[1668] ntdll.dll!KiUserExceptionDispatcher 776699E8 5 Bytes JMP 004F000A .text C:\Windows\Explorer.EXE[1668] SHELL32.dll!InitNetworkAddressControl + 2939 767B0064 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}.text C:\Program Files\Internet Explorer\iexplore.exe[2400] ntdll.dll!NtProtectVirtualMemory 77668968 5 Bytes JMP 0099000A .text C:\Program Files\Internet Explorer\iexplore.exe[2400] ntdll.dll!NtWriteVirtualMemory 776692A8 5 Bytes JMP 009A000A .text C:\Program Files\Internet Explorer\iexplore.exe[2400] ntdll.dll!KiUserExceptionDispatcher 776699E8 5 Bytes JMP 003F000A .text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxIndirectParamW 7641BD25 5 Bytes JMP 6DC40D2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxParamW 76431FD5 5 Bytes JMP 6DC40CB7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxParamA 764580B2 5 Bytes JMP 6DC40CF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!DialogBoxIndirectParamA 764583DD 5 Bytes JMP 6DC40D68 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxIndirectA 7646D471 5 Bytes JMP 6DC40C73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxIndirectW 7646D56B 5 Bytes JMP 6DC40C2F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxExA 7646D5D1 5 Bytes JMP 6DC40BF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] USER32.dll!MessageBoxExW 7646D5F5 5 Bytes JMP 6DC40BBB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\iexplore.exe[2400] ole32.dll!OleLoadFromStream 76209794 5 Bytes JMP 6DC40F2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Windows\system32\svchost.exe[5368] ntdll.dll!NtProtectVirtualMemory 77668968 5 Bytes JMP 0071000A .text C:\Windows\system32\svchost.exe[5368] ntdll.dll!NtWriteVirtualMemory 776692A8 5 Bytes JMP 0076000A .text C:\Windows\system32\svchost.exe[5368] ntdll.dll!KiUserExceptionDispatcher 776699E8 5 Bytes JMP 0028000A .text C:\Windows\system32\svchost.exe[5368] ole32.dll!CoCreateInstance 7623E2D8 5 Bytes JMP 00D9000A .text C:\Windows\system32\svchost.exe[5368] USER32.dll!GetCursorPos 76430F5E 5 Bytes JMP 00D5000A ---- Kernel IAT/EAT - GMER 1.0.15 ----IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806946D6] \SystemRoot\System32\Drivers\spdr.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80694042] \SystemRoot\System32\Drivers\spdr.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80694800] \SystemRoot\System32\Drivers\spdr.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806940C0] \SystemRoot\System32\Drivers\spdr.sysIAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069413E] \SystemRoot\System32\Drivers\spdr.sysIAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3B90] \SystemRoot\System32\Drivers\spdr.sys---- User IAT/EAT - GMER 1.0.15 ----IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746D88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747198A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746DB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746CFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746D7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746CEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7470B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746DBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746D074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746D06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746C71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7475D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746F7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746CE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746C697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746C69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746D2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)IAT C:\Windows\Explorer.EXE[1668] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)---- Devices - GMER 1.0.15 ----Device \FileSystem\Ntfs \Ntfs 856AD1F8Device \FileSystem\fastfat \FatCdrom 86FEA1F8AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)Device \Driver\volmgr \Device\VolMgrControl 848EB1F8Device \Driver\usbuhci \Device\USBPDO-0 866F8500Device \Driver\usbuhci \Device\USBPDO-1 866F8500Device \Driver\usbuhci \Device\USBPDO-2 866F8500Device \Driver\usbehci \Device\USBPDO-3 86707500Device \Driver\usbuhci \Device\USBPDO-4 866F8500Device \Driver\usbuhci \Device\USBPDO-5 866F8500Device \Driver\usbuhci \Device\USBPDO-6 866F8500Device \Driver\volmgr \Device\HarddiskVolume1 848EB1F8Device \Driver\usbehci \Device\USBPDO-7 86707500Device \Driver\volmgr \Device\HarddiskVolume2 848EB1F8Device \Driver\cdrom \Device\CdRom0 8666B1F8Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86539292Device \Driver\atapi \Device\Ide\IdePort0 856AB1F8Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86539292Device \Driver\atapi \Device\Ide\IdePort1 856AB1F8Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86539292Device \Driver\atapi \Device\Ide\IdePort2 856AB1F8Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86539292Device \Driver\atapi \Device\Ide\IdePort3 856AB1F8Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-1 86539292Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 856AB1F8Device \Driver\msahci \Device\Ide\PciIde0Channel0 856AC1F8Device \Driver\msahci \Device\Ide\PciIde0Channel1 856AC1F8Device \Driver\msahci \Device\Ide\PciIde0Channel4 856AC1F8Device \Driver\msahci \Device\Ide\PciIde0Channel5 856AC1F8Device \Driver\volmgr \Device\HarddiskVolume3 848EB1F8Device \Driver\netbt \Device\NetBt_Wins_Export 86E581F8Device \Driver\netbt \Device\NetBT_Tcpip_{F5BCB6EA-BAE7-49E2-810C-2946A71F05AB} 86E581F8Device \Driver\Smb \Device\NetbiosSmb 86FEC1F8Device \Driver\iScsiPrt \Device\RaidPort0 867EA1F8Device \Driver\usbuhci \Device\USBFDO-0 866F8500Device \Driver\usbuhci \Device\USBFDO-1 866F8500Device \Driver\usbuhci \Device\USBFDO-2 866F8500Device \Driver\usbehci \Device\USBFDO-3 86707500Device \Driver\usbuhci \Device\USBFDO-4 866F8500Device \Driver\usbuhci \Device\USBFDO-5 866F8500Device \Driver\netbt \Device\NetBT_Tcpip_{2F46AC0D-8740-46DE-99D4-F5791AC3BDE7} 86E581F8Device \Driver\usbuhci \Device\USBFDO-6 866F8500Device \Driver\usbehci \Device\USBFDO-7 86707500Device \FileSystem\fastfat \Fat 86FEA1F8AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)Device \FileSystem\cdfs \Cdfs 87F7A430Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD1600BEVT-22ZCT0___________________11.01A11#5&128fa69d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0xFB 0x6A 0x58 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x10 0xC2 0x2C ...Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0xFB 0x6A 0x58 ...Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x10 0xC2 0x2C ...---- Disk sectors - GMER 1.0.15 ----Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sectors 312581552 (+255): rootkit-like behavior; ---- EOF - GMER 1.0.15 ---- Link to post Share on other sites More sharing options...
kahdah Posted November 7, 2010 ID:341237 Share Posted November 7, 2010 You are welcome One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.If you still want to clean it please do the following===================Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. ========Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
Greggars Posted November 8, 2010 Author ID:341323 Share Posted November 8, 2010 I will go for the cleaning, the logs are below. However, I would consider a re-format re-install, but I'm a complete novice, and I'd have no idea where to begin. I do have financial details on the computer that I am concerned about, and will be taking your advice asap.Thankyou so much for your help.Here is the TDS log:2010/11/08 00:32:46.0255 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:432010/11/08 00:32:46.0256 ================================================================================2010/11/08 00:32:46.0256 SystemInfo:2010/11/08 00:32:46.0256 2010/11/08 00:32:46.0256 OS Version: 6.0.6001 ServicePack: 1.02010/11/08 00:32:46.0256 Product type: Workstation2010/11/08 00:32:46.0260 ComputerName: JOSH-PC2010/11/08 00:32:46.0261 UserName: Josh2010/11/08 00:32:46.0261 Windows directory: C:\Windows2010/11/08 00:32:46.0261 System windows directory: C:\Windows2010/11/08 00:32:46.0261 Processor architecture: Intel x862010/11/08 00:32:46.0261 Number of processors: 22010/11/08 00:32:46.0261 Page size: 0x10002010/11/08 00:32:46.0261 Boot type: Normal boot2010/11/08 00:32:46.0261 ================================================================================2010/11/08 00:32:46.0778 Initialize success2010/11/08 00:32:49.0657 ================================================================================2010/11/08 00:32:49.0657 Scan started2010/11/08 00:32:49.0657 Mode: Manual; 2010/11/08 00:32:49.0657 ================================================================================2010/11/08 00:32:51.0406 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys2010/11/08 00:32:51.0480 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys2010/11/08 00:32:51.0530 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys2010/11/08 00:32:51.0580 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys2010/11/08 00:32:51.0615 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys2010/11/08 00:32:51.0697 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys2010/11/08 00:32:51.0837 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys2010/11/08 00:32:51.0947 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys2010/11/08 00:32:52.0008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys2010/11/08 00:32:52.0112 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys2010/11/08 00:32:52.0166 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys2010/11/08 00:32:52.0204 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys2010/11/08 00:32:52.0277 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys2010/11/08 00:32:52.0304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys2010/11/08 00:32:52.0373 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys2010/11/08 00:32:52.0418 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys2010/11/08 00:32:52.0470 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys2010/11/08 00:32:52.0524 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys2010/11/08 00:32:52.0606 athr (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys2010/11/08 00:32:52.0715 b57nd60x (6fb43f0dadb3fdc287d080c19666af8d) C:\Windows\system32\DRIVERS\b57nd60x.sys2010/11/08 00:32:52.0769 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys2010/11/08 00:32:52.0869 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys2010/11/08 00:32:52.0937 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys2010/11/08 00:32:52.0985 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys2010/11/08 00:32:53.0033 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys2010/11/08 00:32:53.0083 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys2010/11/08 00:32:53.0120 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys2010/11/08 00:32:53.0188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys2010/11/08 00:32:53.0229 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys2010/11/08 00:32:53.0273 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys2010/11/08 00:32:53.0312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys2010/11/08 00:32:53.0369 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys2010/11/08 00:32:53.0421 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys2010/11/08 00:32:53.0473 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys2010/11/08 00:32:53.0525 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys2010/11/08 00:32:53.0577 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys2010/11/08 00:32:53.0658 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys2010/11/08 00:32:53.0712 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys2010/11/08 00:32:53.0742 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys2010/11/08 00:32:53.0790 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys2010/11/08 00:32:53.0837 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys2010/11/08 00:32:53.0935 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys2010/11/08 00:32:54.0009 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys2010/11/08 00:32:54.0059 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys2010/11/08 00:32:54.0152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys2010/11/08 00:32:54.0229 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys2010/11/08 00:32:54.0299 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys2010/11/08 00:32:54.0367 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys2010/11/08 00:32:54.0435 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys2010/11/08 00:32:54.0521 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys2010/11/08 00:32:54.0604 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys2010/11/08 00:32:54.0658 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys2010/11/08 00:32:54.0707 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys2010/11/08 00:32:54.0779 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys2010/11/08 00:32:54.0818 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys2010/11/08 00:32:54.0860 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys2010/11/08 00:32:54.0899 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys2010/11/08 00:32:54.0962 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys2010/11/08 00:32:55.0010 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys2010/11/08 00:32:55.0061 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys2010/11/08 00:32:55.0173 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys2010/11/08 00:32:55.0249 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys2010/11/08 00:32:55.0285 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys2010/11/08 00:32:55.0333 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys2010/11/08 00:32:55.0398 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys2010/11/08 00:32:55.0462 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys2010/11/08 00:32:55.0515 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS2010/11/08 00:32:55.0594 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS2010/11/08 00:32:55.0695 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys2010/11/08 00:32:55.0741 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys2010/11/08 00:32:55.0818 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys2010/11/08 00:32:55.0888 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys2010/11/08 00:32:56.0018 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys2010/11/08 00:32:56.0118 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys2010/11/08 00:32:56.0194 int15 (58ff11c95c3681c9250914521cb9f036) C:\Windows\system32\drivers\int15.sys2010/11/08 00:32:56.0463 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys2010/11/08 00:32:56.0579 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys2010/11/08 00:32:56.0615 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys2010/11/08 00:32:56.0684 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys2010/11/08 00:32:56.0777 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys2010/11/08 00:32:56.0825 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys2010/11/08 00:32:56.0884 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys2010/11/08 00:32:56.0916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys2010/11/08 00:32:57.0017 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys2010/11/08 00:32:57.0067 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys2010/11/08 00:32:57.0174 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys2010/11/08 00:32:57.0215 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys2010/11/08 00:32:57.0260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys2010/11/08 00:32:57.0317 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys2010/11/08 00:32:57.0371 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys2010/11/08 00:32:57.0546 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys2010/11/08 00:32:57.0615 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys2010/11/08 00:32:57.0669 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys2010/11/08 00:32:57.0718 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys2010/11/08 00:32:57.0761 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys2010/11/08 00:32:57.0793 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys2010/11/08 00:32:57.0848 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys2010/11/08 00:32:57.0944 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys2010/11/08 00:32:57.0980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys2010/11/08 00:32:58.0033 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys2010/11/08 00:32:58.0062 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys2010/11/08 00:32:58.0100 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys2010/11/08 00:32:58.0166 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys2010/11/08 00:32:58.0225 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys2010/11/08 00:32:58.0278 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys2010/11/08 00:32:58.0325 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys2010/11/08 00:32:58.0354 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys2010/11/08 00:32:58.0394 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys2010/11/08 00:32:58.0440 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys2010/11/08 00:32:58.0500 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys2010/11/08 00:32:58.0537 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys2010/11/08 00:32:58.0604 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys2010/11/08 00:32:58.0641 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys2010/11/08 00:32:58.0715 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys2010/11/08 00:32:58.0778 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys2010/11/08 00:32:58.0817 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys2010/11/08 00:32:58.0860 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys2010/11/08 00:32:58.0909 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys2010/11/08 00:32:58.0939 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys2010/11/08 00:32:58.0978 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys2010/11/08 00:32:59.0049 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys2010/11/08 00:32:59.0127 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys2010/11/08 00:32:59.0222 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys2010/11/08 00:32:59.0268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys2010/11/08 00:32:59.0302 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys2010/11/08 00:32:59.0342 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys2010/11/08 00:32:59.0390 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys2010/11/08 00:32:59.0435 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys2010/11/08 00:32:59.0523 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys2010/11/08 00:32:59.0615 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys2010/11/08 00:32:59.0685 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys2010/11/08 00:32:59.0734 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys2010/11/08 00:32:59.0814 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys2010/11/08 00:32:59.0940 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys2010/11/08 00:32:59.0985 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys2010/11/08 00:33:00.0024 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys2010/11/08 00:33:00.0067 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys2010/11/08 00:33:00.0108 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys2010/11/08 00:33:00.0166 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys2010/11/08 00:33:00.0282 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys2010/11/08 00:33:00.0383 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys2010/11/08 00:33:00.0438 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys2010/11/08 00:33:00.0530 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys2010/11/08 00:33:00.0588 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys2010/11/08 00:33:00.0618 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys2010/11/08 00:33:00.0669 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys2010/11/08 00:33:00.0739 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys2010/11/08 00:33:00.0973 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys2010/11/08 00:33:01.0005 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys2010/11/08 00:33:01.0177 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys2010/11/08 00:33:01.0231 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys2010/11/08 00:33:01.0313 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys2010/11/08 00:33:01.0354 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys2010/11/08 00:33:01.0551 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys2010/11/08 00:33:01.0668 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys2010/11/08 00:33:01.0968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys2010/11/08 00:33:02.0031 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys2010/11/08 00:33:02.0078 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys2010/11/08 00:33:02.0152 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys2010/11/08 00:33:02.0198 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys2010/11/08 00:33:02.0305 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys2010/11/08 00:33:02.0352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys2010/11/08 00:33:02.0412 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys2010/11/08 00:33:02.0471 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys2010/11/08 00:33:02.0533 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys2010/11/08 00:33:02.0678 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys2010/11/08 00:33:02.0724 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS2010/11/08 00:33:02.0825 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2010/11/08 00:33:02.0876 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS2010/11/08 00:33:02.0919 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys2010/11/08 00:33:03.0030 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys2010/11/08 00:33:03.0104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2010/11/08 00:33:03.0193 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys2010/11/08 00:33:03.0238 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys2010/11/08 00:33:03.0308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys2010/11/08 00:33:03.0406 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys2010/11/08 00:33:03.0455 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys2010/11/08 00:33:03.0497 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys2010/11/08 00:33:03.0527 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys2010/11/08 00:33:03.0617 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys2010/11/08 00:33:03.0678 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys2010/11/08 00:33:03.0717 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys2010/11/08 00:33:03.0770 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys2010/11/08 00:33:03.0850 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys2010/11/08 00:33:03.0934 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys2010/11/08 00:33:03.0934 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb487596735052010/11/08 00:33:03.0947 sptd - detected Locked file (1)2010/11/08 00:33:03.0990 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys2010/11/08 00:33:04.0065 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys2010/11/08 00:33:04.0101 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys2010/11/08 00:33:04.0184 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys2010/11/08 00:33:04.0258 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys2010/11/08 00:33:04.0310 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys2010/11/08 00:33:04.0360 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys2010/11/08 00:33:04.0425 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys2010/11/08 00:33:04.0631 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys2010/11/08 00:33:04.0714 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys2010/11/08 00:33:04.0761 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys2010/11/08 00:33:04.0827 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys2010/11/08 00:33:04.0881 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys2010/11/08 00:33:04.0916 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys2010/11/08 00:33:04.0956 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys2010/11/08 00:33:05.0088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys2010/11/08 00:33:05.0136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys2010/11/08 00:33:05.0177 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys2010/11/08 00:33:05.0215 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys2010/11/08 00:33:05.0275 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys2010/11/08 00:33:05.0342 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys2010/11/08 00:33:05.0431 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys2010/11/08 00:33:05.0485 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys2010/11/08 00:33:05.0548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys2010/11/08 00:33:05.0591 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys2010/11/08 00:33:05.0639 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys2010/11/08 00:33:05.0749 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys2010/11/08 00:33:05.0835 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys2010/11/08 00:33:05.0873 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys2010/11/08 00:33:05.0948 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys2010/11/08 00:33:05.0989 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys2010/11/08 00:33:06.0031 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys2010/11/08 00:33:06.0077 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys2010/11/08 00:33:06.0112 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS2010/11/08 00:33:06.0145 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys2010/11/08 00:33:06.0206 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys2010/11/08 00:33:06.0271 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys2010/11/08 00:33:06.0323 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys2010/11/08 00:33:06.0399 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys2010/11/08 00:33:06.0481 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys2010/11/08 00:33:06.0521 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys2010/11/08 00:33:06.0554 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys2010/11/08 00:33:06.0668 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys2010/11/08 00:33:06.0773 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys2010/11/08 00:33:06.0823 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys2010/11/08 00:33:06.0862 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys2010/11/08 00:33:06.0963 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys2010/11/08 00:33:07.0008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/08 00:33:07.0042 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/08 00:33:07.0102 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys2010/11/08 00:33:07.0158 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys2010/11/08 00:33:07.0327 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS2010/11/08 00:33:07.0529 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys2010/11/08 00:33:07.0708 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys2010/11/08 00:33:07.0778 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys2010/11/08 00:33:07.0877 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys2010/11/08 00:33:07.0973 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys2010/11/08 00:33:08.0054 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2010/11/08 00:33:08.0062 ================================================================================2010/11/08 00:33:08.0062 Scan finished2010/11/08 00:33:08.0062 ================================================================================2010/11/08 00:33:08.0098 Detected object count: 22010/11/08 00:33:21.0824 Locked file(sptd) - User select action: Skip2010/11/08 00:33:21.0888 \HardDisk0 - will be cured after reboot2010/11/08 00:33:21.0888 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure2010/11/08 00:33:34.0244 Deinitialize successComboFix:ComboFix 10-11-07.07 - Josh 08/11/2010 0:59.1.2 - x86Microsoft Link to post Share on other sites More sharing options...
kahdah Posted November 8, 2010 ID:341503 Share Posted November 8, 2010 Update Run MalwarebytesPlease update\run Malwarebytes' Anti-Malware.Double Click the Malwarebytes Anti-Malware icon to run the application.Click on the update tab then click on Check for updates.If an update is found, it will download and install the latest version.Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.=====* Go here to run an online scannner from ESET.Note: You will need to use Internet explorer for this scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartCheck next options: Remove found threats and Scan unwanted applications.Click ScanWait for the scan to finishUse notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
Greggars Posted November 8, 2010 Author ID:341642 Share Posted November 8, 2010 Malwarebytes' Anti-Malware 1.41Database version: 3105Windows 6.0.6001 Service Pack 108/11/2010 18:11:40mbam-log-2010-11-08 (18-11-40).txtScan type: Quick ScanObjects scanned: 91739Time elapsed: 4 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)There's a problem with ESET - whenver it gets to 41%, it just stops scanning. I've tried it several times. Link to post Share on other sites More sharing options...
kahdah Posted November 8, 2010 ID:341670 Share Posted November 8, 2010 Ok please try the following scan.Please do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post. Link to post Share on other sites More sharing options...
Greggars Posted November 8, 2010 Author ID:341738 Share Posted November 8, 2010 Again, this one gets to 26% and stops. Link to post Share on other sites More sharing options...
Greggars Posted November 8, 2010 Author ID:341797 Share Posted November 8, 2010 Scrap that, it got through it.Here are the results--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7.0: scan report Monday, November 8, 2010 Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 08, 2010 17:07:23 Records in database: 4236658--------------------------------------------------------------------------------Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yesScan area - My Computer: C:\ D:\ E:\Scan statistics: Objects scanned: 136943 Threats found: 5 Infected objects found: 22 Suspicious objects found: 0 Scan duration: 03:00:08File name / Threat / Threats countC:\Program Files\Acer\Empowering Technology\eDataSecurity\DecryptionGuide.html Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\30707060.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\LocalLow\Hotbar\v3.5\Hotbar\static\1\business_promo.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\AppData\LocalLow\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Users\Josh\Pictures\DayOutOffer.htm Infected: Trojan-Dropper.VBS.Exe2Vbs.b 1C:\Windows\System32\config\systemprofile\AppData\Local\6540401764.exe Infected: Trojan.Win32.FakeAV.pot 1C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HNH1N6O\sdm64[1].exe Infected: Trojan-Downloader.Win32.CodecPack.ohg 1C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HNH1N6O\tkbvqkfdls[1].htm Infected: Trojan-PSW.Win32.LdPinch.asbc 1C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\68c6b701-21d5c1d6 Infected: Trojan-Downloader.Java.OpenConnection.bu 1C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\23f6b382-76d4bdbb Infected: Trojan-Downloader.Java.OpenConnection.bu 1Selected area has been scanned. Link to post Share on other sites More sharing options...
kahdah Posted November 9, 2010 ID:341818 Share Posted November 9, 2010 1. Open notepad and copy/paste the text in the codebox below into it:http://forums.malwarebytes.org/index.php?showtopic=66847&st=0entry341738Collect::C:\Program Files\Acer\Empowering Technology\eDataSecurity\DecryptionGuide.htmlC:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm C:\Users\Josh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\30707060.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm C:\Users\Josh\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm C:\Users\Josh\AppData\LocalLow\Hotbar\v3.5\Hotbar\static\1\business_promo.htm C:\Users\Josh\AppData\LocalLow\Hotbar\v3.5\Hotbar\static\1\hotbar_promo.htm C:\Users\Josh\Pictures\DayOutOffer.htm C:\Windows\System32\config\systemprofile\AppData\Local\6540401764.exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HNH1N6O\sdm64[1].exe C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HNH1N6O\tkbvqkfdls[1].htm File::C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\68c6b701-21d5c1d6 C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\23f6b382-76d4bdbbFolder::C:\Users\Josh\AppData\LocalLow\Hotbarc:\users\Josh\AppData\Roaming\Uspic:\users\Josh\AppData\Roaming\Yvbeuc:\users\Josh\AppData\Roaming\Ziuxdc:\users\Josh\AppData\Roaming\UhudpRegistry::[HKLM\Software\Microsoft\Windows\CurrentVersion\Run}"FBSSA"=-Reglock::[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]2. Save the above as CFScript.txt3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.4. During this run Combofix will collect and automatically upload some sample files.You will see it say Combofix needs to upload some samples.If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:Combofix.txt ===========Note::If Combofix fails to upload anything please do the following:Go to Start > My Computer > C:\Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zipClick Here to upload the submit.zip please. Link to post Share on other sites More sharing options...
Greggars Posted November 9, 2010 Author ID:341955 Share Posted November 9, 2010 ComboFix 10-11-07.07 - Josh 09/11/2010 9:18.2.2 - x86Microsoft Link to post Share on other sites More sharing options...
kahdah Posted November 9, 2010 ID:341980 Share Posted November 9, 2010 Looks great how are things running now?Any leftover issues? Link to post Share on other sites More sharing options...
Greggars Posted November 9, 2010 Author ID:341987 Share Posted November 9, 2010 I don't think so, everything seems normal. I left that this morning and I'm not on my computer, but even before I used ComboFix again it seemed a lot better.One last thing: Do you have any links to websites that can walk me through re-formatting and re-installing? Also, can I uninstall these programs I used and delete the logs or is it best to keep them?Anyway, I can't thank you enough for the help. I'dve been lost otherwise! Link to post Share on other sites More sharing options...
kahdah Posted November 9, 2010 ID:341988 Share Posted November 9, 2010 If you reformat then they will be gone but yes to remove them the instructions are below.For an acer recovery you can use the built in recovery to reset everything back to factory settings.Instructions are here: http://en.kioskea.net/faq/2040-acer-pc-res...actory-settings=======Cleanup======= Click START then RUN Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.======Next======Double click on OTL to run it.Click on the Cleanup button at the top.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.This will remove itself and other tools we may have used. Delete\uninstall anything else that we have used that is leftover.After that your all set. ===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes."How did I get infected in the first place?" Also this one by Tony Klein.If your computer is slow Is a tutorial on what you can do if your computer is slow.File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===Malwarebytes Antimalwaresuperantispyware===Free antivirus links===This is antivirus and antispyware. Microsoft Security EssentialsThis is free antispyware protection and Antivirus protection. AVG freeThis is just antivirus protection. AntivirThis is antivirus and antispyware protection.Avast Link to post Share on other sites More sharing options...
Greggars Posted November 9, 2010 Author ID:342028 Share Posted November 9, 2010 You've been fantastic, thankyou very much! Link to post Share on other sites More sharing options...
kahdah Posted November 9, 2010 ID:342036 Share Posted November 9, 2010 You are welcome Link to post Share on other sites More sharing options...
LDTate Posted November 13, 2010 ID:344432 Share Posted November 13, 2010 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts