Jump to content

Browser Hijacking, Win32 Generic Host Error


Recommended Posts

I am having very similar problems to other posts I have read here. I will get redirected when trying to view google search results and always receive a "Win32 generic host process has encountered a problem and needs to close" error when I first log in to my computer. Also, I have been blocked from certain websites, such as download.microsoft.com and even the malwarebytes website.

In order to resolve my problems, I ran a trial version of McAfee as well as PC Tools Security's Spyware Doctor which both managed to find trojans that they removed. Then, I tried the steps here: http://forums.malwarebytes.org/lofiversion...php?t65233.html (unistalled adobe reader, unistalled/cleaned up Java, ran ComboFix). After running Combofix, which detected a rootkit, my situation improved in that I was no longer blocked from any websites, but I am still being redirected from google search results and still having the Win32 error.

I then followed the steps on the sticky thread "I'm infected - What do I do now?" (installed/ran Avira Antivir, installed/ran Malwarebytes' Anti-Malware, ran DeFogger, ran DDS, ran GMER). Here are all of my log files:

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86

Run by Alex L at 22:54:34.25 on Mon 02/07/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2506 [GMT -6:00]

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Program Files\National Instruments\MAX\nimxs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Cyberlink\Shared Files\brs.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Alex L\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Alex L\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Documents and Settings\Alex L\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: H - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [Google Update] "c:\documents and settings\alex l\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [GEST] m

Attach.zip

Link to post
Share on other sites

:)

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thank you for the timely response. I just finished the steps you listed. For the first time, my computer did not produce the Win32 Generic Host Error. Also, Windows updated itself which it has not been doing since the infection. As a side note, I have been using Google Chrome since some of the first symptoms of the infection started showing up, although I had been using Firefox primarily before. I'm not sure if that's important.

TDSS Log:

2011/02/09 18:01:45.0687 0372 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03

2011/02/09 18:01:46.0140 0372 ================================================================================

2011/02/09 18:01:46.0140 0372 SystemInfo:

2011/02/09 18:01:46.0140 0372

2011/02/09 18:01:46.0140 0372 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/09 18:01:46.0140 0372 Product type: Workstation

2011/02/09 18:01:46.0140 0372 ComputerName: ALEX

2011/02/09 18:01:46.0140 0372 UserName: Alex L

2011/02/09 18:01:46.0140 0372 Windows directory: C:\WINDOWS

2011/02/09 18:01:46.0140 0372 System windows directory: C:\WINDOWS

2011/02/09 18:01:46.0140 0372 Processor architecture: Intel x86

2011/02/09 18:01:46.0140 0372 Number of processors: 2

2011/02/09 18:01:46.0140 0372 Page size: 0x1000

2011/02/09 18:01:46.0140 0372 Boot type: Normal boot

2011/02/09 18:01:46.0140 0372 ================================================================================

2011/02/09 18:01:46.0375 0372 Initialize success

2011/02/09 18:01:51.0015 3360 ================================================================================

2011/02/09 18:01:51.0015 3360 Scan started

2011/02/09 18:01:51.0015 3360 Mode: Manual;

2011/02/09 18:01:51.0015 3360 ================================================================================

2011/02/09 18:01:52.0937 3360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/09 18:01:53.0015 3360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/09 18:01:53.0078 3360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/09 18:01:53.0156 3360 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/09 18:01:53.0375 3360 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/02/09 18:01:53.0421 3360 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

2011/02/09 18:01:53.0500 3360 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/02/09 18:01:53.0671 3360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/09 18:01:53.0718 3360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/09 18:01:53.0796 3360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/09 18:01:53.0859 3360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/09 18:01:54.0031 3360 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/02/09 18:01:54.0109 3360 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/02/09 18:01:54.0171 3360 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/02/09 18:01:54.0343 3360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/09 18:01:54.0406 3360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/09 18:01:54.0453 3360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/09 18:01:54.0515 3360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/09 18:01:54.0546 3360 Cdrom (9202b973764b13684538f3e5ace5b15f) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/09 18:01:54.0546 3360 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9202b973764b13684538f3e5ace5b15f, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe

2011/02/09 18:01:54.0562 3360 Cdrom - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/02/09 18:01:54.0640 3360 CLBStor (cc82215750723d839dbc5d2d625fc130) C:\WINDOWS\system32\drivers\CLBStor.sys

2011/02/09 18:01:54.0687 3360 CLBUDFR (c002f79e6ee9bdf442514435c3d2bcb6) C:\WINDOWS\system32\drivers\CLBUDFR.sys

2011/02/09 18:01:54.0812 3360 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys

2011/02/09 18:01:54.0890 3360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/09 18:01:54.0953 3360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/09 18:01:55.0046 3360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/09 18:01:55.0078 3360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/09 18:01:55.0109 3360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/09 18:01:55.0203 3360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/09 18:01:55.0328 3360 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

2011/02/09 18:01:55.0406 3360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/09 18:01:55.0453 3360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/02/09 18:01:55.0484 3360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/09 18:01:55.0515 3360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/02/09 18:01:55.0531 3360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/09 18:01:55.0609 3360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/09 18:01:55.0656 3360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/09 18:01:55.0734 3360 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys

2011/02/09 18:01:55.0812 3360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/09 18:01:55.0843 3360 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/02/09 18:01:55.0890 3360 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/09 18:01:56.0000 3360 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/02/09 18:01:56.0078 3360 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/02/09 18:01:56.0125 3360 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/02/09 18:01:56.0218 3360 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/09 18:01:56.0343 3360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

2011/02/09 18:01:56.0406 3360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/09 18:01:56.0703 3360 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/02/09 18:01:56.0828 3360 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/09 18:01:56.0906 3360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/09 18:01:56.0984 3360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/09 18:01:57.0046 3360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/09 18:01:57.0078 3360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/09 18:01:57.0125 3360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/09 18:01:57.0156 3360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/09 18:01:57.0203 3360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/09 18:01:57.0265 3360 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/02/09 18:01:57.0296 3360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/09 18:01:57.0359 3360 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/09 18:01:57.0500 3360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/09 18:01:57.0546 3360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/09 18:01:57.0640 3360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/09 18:01:57.0703 3360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/09 18:01:57.0750 3360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/09 18:01:57.0843 3360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/09 18:01:57.0906 3360 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/09 18:01:57.0968 3360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/09 18:01:58.0015 3360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/09 18:01:58.0062 3360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/09 18:01:58.0109 3360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/09 18:01:58.0156 3360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/09 18:01:58.0171 3360 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/09 18:01:58.0265 3360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/09 18:01:58.0312 3360 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/09 18:01:58.0375 3360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/09 18:01:58.0421 3360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/09 18:01:58.0484 3360 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/09 18:01:58.0546 3360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/09 18:01:58.0640 3360 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/09 18:01:58.0750 3360 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/02/09 18:01:58.0812 3360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/09 18:01:58.0843 3360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/09 18:01:58.0953 3360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/09 18:01:59.0296 3360 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/09 18:01:59.0671 3360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/09 18:01:59.0718 3360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/09 18:01:59.0765 3360 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/02/09 18:01:59.0843 3360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/09 18:01:59.0875 3360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/09 18:01:59.0906 3360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/09 18:01:59.0937 3360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/09 18:02:00.0000 3360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/09 18:02:00.0062 3360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/09 18:02:00.0140 3360 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys

2011/02/09 18:02:00.0265 3360 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

2011/02/09 18:02:00.0343 3360 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

2011/02/09 18:02:00.0671 3360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/09 18:02:00.0718 3360 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/09 18:02:00.0765 3360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/09 18:02:00.0843 3360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/09 18:02:01.0000 3360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/09 18:02:01.0031 3360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/09 18:02:01.0062 3360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/09 18:02:01.0078 3360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/09 18:02:01.0109 3360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/09 18:02:01.0203 3360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/09 18:02:01.0250 3360 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/09 18:02:01.0296 3360 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/09 18:02:01.0359 3360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/09 18:02:01.0437 3360 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/02/09 18:02:01.0500 3360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/09 18:02:01.0531 3360 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/09 18:02:01.0562 3360 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/09 18:02:01.0625 3360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/09 18:02:01.0750 3360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/09 18:02:01.0875 3360 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys

2011/02/09 18:02:02.0062 3360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/09 18:02:02.0109 3360 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/09 18:02:02.0187 3360 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/02/09 18:02:02.0265 3360 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/09 18:02:02.0281 3360 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/09 18:02:02.0421 3360 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/09 18:02:02.0468 3360 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/09 18:02:02.0593 3360 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/09 18:02:02.0656 3360 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/09 18:02:02.0687 3360 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/09 18:02:02.0750 3360 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/09 18:02:02.0828 3360 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/09 18:02:02.0875 3360 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/09 18:02:02.0984 3360 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/09 18:02:03.0031 3360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/09 18:02:03.0078 3360 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/02/09 18:02:03.0109 3360 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/09 18:02:03.0156 3360 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/09 18:02:03.0250 3360 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/02/09 18:02:03.0343 3360 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/09 18:02:03.0406 3360 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/09 18:02:03.0484 3360 vpnva (2fa9fb828d29fed55efc800e267be09d) C:\WINDOWS\system32\DRIVERS\vpnva.sys

2011/02/09 18:02:03.0546 3360 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/09 18:02:03.0671 3360 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/09 18:02:03.0781 3360 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/02/09 18:02:03.0890 3360 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/02/09 18:02:03.0968 3360 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/09 18:02:04.0015 3360 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/09 18:02:04.0140 3360 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl

2011/02/09 18:02:04.0328 3360 ================================================================================

2011/02/09 18:02:04.0328 3360 Scan finished

2011/02/09 18:02:04.0328 3360 ================================================================================

2011/02/09 18:02:04.0328 1916 Detected object count: 1

2011/02/09 18:02:09.0359 1916 Cdrom (9202b973764b13684538f3e5ace5b15f) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/09 18:02:09.0359 1916 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 9202b973764b13684538f3e5ace5b15f, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe

2011/02/09 18:02:18.0390 1916 Backup copy found, using it..

2011/02/09 18:02:18.0390 1916 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot

2011/02/09 18:02:18.0390 1916 Rootkit.Win32.TDSS.tdl3(Cdrom) - User select action: Cure

2011/02/09 18:02:52.0781 1444 Deinitialize success

Link to post
Share on other sites

Done. Is there anything else I should do?

New TDSS Log:

2011/02/10 08:27:43.0984 3880 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20

2011/02/10 08:27:44.0109 3880 ================================================================================

2011/02/10 08:27:44.0109 3880 SystemInfo:

2011/02/10 08:27:44.0109 3880

2011/02/10 08:27:44.0109 3880 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/10 08:27:44.0109 3880 Product type: Workstation

2011/02/10 08:27:44.0109 3880 ComputerName: ALEX

2011/02/10 08:27:44.0109 3880 UserName: Alex L

2011/02/10 08:27:44.0109 3880 Windows directory: C:\WINDOWS

2011/02/10 08:27:44.0109 3880 System windows directory: C:\WINDOWS

2011/02/10 08:27:44.0109 3880 Processor architecture: Intel x86

2011/02/10 08:27:44.0109 3880 Number of processors: 2

2011/02/10 08:27:44.0109 3880 Page size: 0x1000

2011/02/10 08:27:44.0109 3880 Boot type: Normal boot

2011/02/10 08:27:44.0109 3880 ================================================================================

2011/02/10 08:27:44.0359 3880 Initialize success

2011/02/10 08:27:47.0140 2132 ================================================================================

2011/02/10 08:27:47.0140 2132 Scan started

2011/02/10 08:27:47.0140 2132 Mode: Manual;

2011/02/10 08:27:47.0140 2132 ================================================================================

2011/02/10 08:27:48.0828 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/10 08:27:48.0890 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/10 08:27:48.0968 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/10 08:27:49.0062 2132 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/10 08:27:49.0343 2132 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/02/10 08:27:49.0796 2132 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

2011/02/10 08:27:49.0875 2132 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/02/10 08:27:50.0015 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/10 08:27:50.0046 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/10 08:27:50.0125 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/10 08:27:50.0203 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/10 08:27:50.0343 2132 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/02/10 08:27:50.0375 2132 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/02/10 08:27:50.0421 2132 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/02/10 08:27:50.0484 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/10 08:27:50.0578 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/10 08:27:50.0671 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/10 08:27:50.0734 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/10 08:27:50.0781 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/10 08:27:50.0859 2132 CLBStor (cc82215750723d839dbc5d2d625fc130) C:\WINDOWS\system32\drivers\CLBStor.sys

2011/02/10 08:27:50.0906 2132 CLBUDFR (c002f79e6ee9bdf442514435c3d2bcb6) C:\WINDOWS\system32\drivers\CLBUDFR.sys

2011/02/10 08:27:51.0062 2132 cvintdrv (dbd89bc0dbe00dcd245be8f61dbee291) C:\WINDOWS\system32\drivers\cvintdrv.sys

2011/02/10 08:27:51.0156 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/10 08:27:51.0234 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/10 08:27:51.0328 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/10 08:27:51.0359 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/10 08:27:51.0406 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/10 08:27:51.0468 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/10 08:27:51.0546 2132 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

2011/02/10 08:27:51.0593 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/10 08:27:51.0703 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/02/10 08:27:51.0781 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/10 08:27:51.0812 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/02/10 08:27:51.0875 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/10 08:27:51.0968 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/10 08:27:52.0015 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/10 08:27:52.0062 2132 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys

2011/02/10 08:27:52.0796 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/10 08:27:52.0843 2132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/02/10 08:27:52.0906 2132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/10 08:27:53.0000 2132 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/02/10 08:27:53.0031 2132 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/02/10 08:27:53.0093 2132 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/02/10 08:27:53.0171 2132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/10 08:27:53.0312 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

2011/02/10 08:27:53.0359 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/10 08:27:53.0593 2132 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/02/10 08:27:53.0765 2132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/10 08:27:53.0828 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/10 08:27:53.0906 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/10 08:27:53.0953 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/10 08:27:53.0984 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/10 08:27:54.0031 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/10 08:27:54.0078 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/10 08:27:54.0109 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/10 08:27:54.0140 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/02/10 08:27:54.0187 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/10 08:27:54.0359 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/10 08:27:54.0484 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/10 08:27:54.0546 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/10 08:27:54.0593 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/10 08:27:54.0625 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/10 08:27:54.0671 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/10 08:27:54.0750 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/10 08:27:54.0828 2132 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/10 08:27:54.0921 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/10 08:27:54.0984 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/10 08:27:55.0046 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/10 08:27:55.0093 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/10 08:27:55.0125 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/10 08:27:55.0171 2132 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/10 08:27:55.0250 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/10 08:27:55.0296 2132 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/10 08:27:55.0328 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/10 08:27:55.0359 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/10 08:27:55.0421 2132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/10 08:27:55.0468 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/10 08:27:55.0515 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/10 08:27:55.0625 2132 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/02/10 08:27:55.0703 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/10 08:27:55.0750 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/10 08:27:55.0859 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/10 08:27:56.0156 2132 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/10 08:27:56.0546 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/10 08:27:56.0578 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/10 08:27:56.0625 2132 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/02/10 08:27:56.0656 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/10 08:27:56.0687 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/10 08:27:56.0734 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/10 08:27:56.0781 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/10 08:27:56.0859 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/10 08:27:56.0968 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/02/10 08:27:57.0078 2132 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys

2011/02/10 08:27:57.0125 2132 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys

2011/02/10 08:27:57.0187 2132 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys

2011/02/10 08:27:57.0484 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/10 08:27:57.0531 2132 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/10 08:27:57.0562 2132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/10 08:27:57.0593 2132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/10 08:27:57.0765 2132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/10 08:27:57.0812 2132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/10 08:27:57.0843 2132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/10 08:27:57.0875 2132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/10 08:27:57.0906 2132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/10 08:27:57.0953 2132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/10 08:27:58.0000 2132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/10 08:27:58.0078 2132 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/10 08:27:58.0156 2132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/10 08:27:58.0265 2132 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2011/02/10 08:27:58.0359 2132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/10 08:27:58.0406 2132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/10 08:27:58.0437 2132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/10 08:27:58.0484 2132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/10 08:27:58.0593 2132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/10 08:27:58.0765 2132 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\System32\Drivers\sptd.sys

2011/02/10 08:27:58.0921 2132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/10 08:27:58.0968 2132 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/10 08:27:59.0046 2132 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/02/10 08:27:59.0125 2132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/10 08:27:59.0156 2132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/10 08:27:59.0312 2132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/10 08:27:59.0375 2132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/10 08:27:59.0406 2132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/10 08:27:59.0453 2132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/10 08:27:59.0484 2132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/10 08:27:59.0562 2132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/10 08:27:59.0593 2132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/10 08:27:59.0656 2132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/10 08:27:59.0703 2132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/10 08:27:59.0734 2132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/10 08:27:59.0765 2132 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/02/10 08:27:59.0828 2132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/10 08:27:59.0859 2132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/10 08:27:59.0906 2132 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2011/02/10 08:27:59.0921 2132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/10 08:27:59.0968 2132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/10 08:28:00.0140 2132 vpnva (2fa9fb828d29fed55efc800e267be09d) C:\WINDOWS\system32\DRIVERS\vpnva.sys

2011/02/10 08:28:00.0234 2132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/10 08:28:00.0343 2132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/10 08:28:00.0421 2132 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/02/10 08:28:00.0484 2132 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/02/10 08:28:00.0640 2132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/10 08:28:00.0687 2132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/10 08:28:00.0765 2132 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD\000.fcl

2011/02/10 08:28:00.0890 2132 ================================================================================

2011/02/10 08:28:00.0890 2132 Scan finished

2011/02/10 08:28:00.0890 2132 ================================================================================

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

My computer seems to be loading faster and I'm not having redirect problems with google search results. Also, my audio is working again (I think it was malfunctioning due to the Win32 error). For some reason, ComboFix thinks McAfee is still running even though I uninstalled it from my computer a few days ago.

ComboFix Log:

ComboFix 11-02-09.05 - Alex L 02/10/2011 10:51:12.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2525 [GMT -6:00]

Running from: c:\documents and settings\Alex L\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents

.

((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))

.

2011-02-06 19:25 . 2011-02-06 20:42 -------- d-----w- c:\windows\system32\NtmsData

2011-02-06 19:24 . 2011-02-06 19:24 -------- d-----w- c:\documents and settings\Alex L\Application Data\Avira

2011-02-06 19:21 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-06 19:21 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-02-06 19:21 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-02-06 19:21 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-02-06 19:21 . 2011-02-06 19:21 -------- d-----w- c:\program files\Avira

2011-02-06 19:21 . 2011-02-06 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-02-06 19:13 . 2011-02-06 19:13 -------- d-----w- c:\documents and settings\Alex L\Application Data\Malwarebytes

2011-02-06 19:13 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-06 19:13 . 2011-02-06 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-02-06 19:13 . 2011-02-06 19:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-06 19:13 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-02-05 23:35 . 2010-07-16 20:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-02-05 23:35 . 2010-07-16 20:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-02-05 23:35 . 2010-11-17 16:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-02-05 23:35 . 2010-11-25 16:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-02-05 23:35 . 2010-11-25 16:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-02-05 23:34 . 2010-11-25 16:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-02-05 23:34 . 2011-02-08 22:38 -------- d-----w- c:\program files\PC Tools Security

2011-02-05 23:34 . 2011-02-05 23:36 -------- d-----w- c:\program files\Common Files\PC Tools

2011-02-05 23:34 . 2011-02-05 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2011-02-05 23:34 . 2011-02-05 23:34 -------- d-----w- c:\documents and settings\Alex L\Application Data\PC Tools

2011-02-05 23:31 . 2011-02-05 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2011-02-05 23:31 . 2011-02-05 23:31 -------- d-----w- c:\program files\Google

2011-02-04 18:02 . 2011-02-04 18:02 -------- d-----w- c:\documents and settings\Alex L\Application Data\LolClient

2011-02-04 17:45 . 2011-02-04 17:45 -------- d-----w- C:\Riot Games

2011-02-02 02:52 . 2011-02-02 02:58 -------- d-----w- c:\program files\proeWildfire 4.0

2011-01-31 14:43 . 2011-01-31 14:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-01-30 21:58 . 2011-02-06 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2011-01-30 02:50 . 2011-01-30 02:50 -------- d-----w- c:\documents and settings\Alex L\Application Data\PTC

2011-01-27 23:27 . 2011-01-27 23:27 -------- d-----w- c:\documents and settings\Administrator

2011-01-27 23:09 . 2011-01-27 23:09 -------- d--h--w- c:\windows\PIF

2011-01-27 03:23 . 2011-01-27 03:26 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-01-27 03:23 . 2011-01-27 03:23 -------- d-----w- c:\program files\DAEMON Tools Lite

2011-01-23 21:31 . 2011-02-10 14:41 -------- d-----w- c:\documents and settings\Alex L\Local Settings\Application Data\Temp

2011-01-23 21:31 . 2011-01-23 21:31 -------- d-----w- c:\documents and settings\Alex L\Local Settings\Application Data\Google

2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-10 00:04 . 2006-02-28 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-01-21 14:44 . 2006-02-28 12:00 439296 ------w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2006-02-28 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2006-02-28 12:00 1854976 ------w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:59 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:59 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:59 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:26 . 2006-02-28 12:00 730112 ------w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2010-12-09 15:15 . 2006-02-28 12:00 718336 ------w- c:\windows\system32\ntdll.dll

2010-12-09 14:30 . 2006-02-28 12:00 33280 ------w- c:\windows\system32\csrsrv.dll

2010-12-09 13:42 . 2006-02-28 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe

2010-12-09 13:07 . 2004-08-03 22:59 2027008 ------w- c:\windows\system32\ntkrnlpa.exe

2010-11-18 18:12 . 2009-03-12 01:07 81920 ------w- c:\windows\system32\isign32.dll

2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll

2010-01-09 03:09 . 2010-01-09 03:09 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-02-06_09.41.58 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 06:02 . 2009-07-12 06:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll

+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll

+ 2009-07-12 06:05 . 2009-07-12 06:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll

- 2006-02-28 12:00 . 2011-02-06 08:08 72108 c:\windows\system32\perfc009.dat

+ 2006-02-28 12:00 . 2011-02-10 14:27 72108 c:\windows\system32\perfc009.dat

- 2006-02-28 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 09:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 09:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll

- 2006-02-28 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll

+ 2011-02-06 19:21 . 2010-06-17 20:27 28520 c:\windows\system32\drivers\ssmdrv.sys

- 2010-09-24 00:13 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2010-09-24 00:13 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll

- 2009-03-08 09:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-03-08 09:31 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2010-09-24 00:13 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2010-09-24 00:13 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-03-08 09:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 09:34 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2009-03-08 09:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-03-08 09:33 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll

- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

+ 2009-07-12 06:05 . 2009-07-12 06:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll

- 2006-02-28 12:00 . 2011-02-06 08:08 444358 c:\windows\system32\perfh009.dat

+ 2006-02-28 12:00 . 2011-02-10 14:27 444358 c:\windows\system32\perfh009.dat

+ 2006-02-28 12:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll

- 2006-02-28 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll

- 2006-02-28 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll

- 2009-03-08 09:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll

+ 2009-03-08 09:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll

- 2006-02-28 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll

- 2006-02-28 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll

+ 2006-02-28 12:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe

- 2006-02-28 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe

- 2009-03-11 18:08 . 2010-12-18 15:38 275760 c:\windows\system32\FNTCACHE.DAT

+ 2009-03-11 18:08 . 2011-02-10 04:18 275760 c:\windows\system32\FNTCACHE.DAT

- 2009-03-12 23:49 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-03-12 23:49 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll

+ 2009-03-08 09:34 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll

- 2009-03-08 09:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-04-14 17:24 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll

- 2009-03-08 09:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll

+ 2009-03-08 09:32 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll

- 2010-09-24 00:13 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2010-09-24 00:13 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2009-04-14 17:24 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-04-14 17:24 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll

+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll

- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll

- 2010-09-24 00:13 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2010-09-24 00:13 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll

+ 2010-02-26 05:43 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-02-26 05:43 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-09-24 00:13 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-09-24 00:13 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2009-03-08 19:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 19:09 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-03-08 09:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe

- 2009-03-08 09:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe

+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll

- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll

+ 2011-02-06 19:21 . 2011-02-06 19:21 219648 c:\windows\Installer\4bab6b.msi

+ 2010-11-10 18:49 . 2010-11-10 18:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll

+ 2011-02-10 01:53 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll

+ 2011-02-10 01:53 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe

+ 2011-02-10 01:53 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll

+ 2011-02-10 01:53 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe

+ 2009-07-12 06:02 . 2009-07-12 06:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll

+ 2009-07-12 06:02 . 2009-07-12 06:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll

- 2006-02-28 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll

- 2006-02-28 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll

+ 2006-02-28 12:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll

+ 2006-02-28 12:00 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll

- 2009-03-08 09:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll

+ 2009-03-08 09:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll

+ 2009-02-09 11:13 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys

+ 2009-03-12 23:49 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll

- 2009-03-12 23:49 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll

- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll

+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll

+ 2009-03-12 23:48 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-03-12 23:48 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-03-12 23:48 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-03-12 23:48 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2009-03-12 23:47 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll

+ 2010-09-24 00:13 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll

- 2010-09-24 00:13 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll

+ 2011-02-10 14:40 . 2011-02-10 14:40 2283008 c:\windows\Installer\ffc18.msi

+ 2010-11-10 18:49 . 2010-11-10 18:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll

+ 2010-11-10 18:49 . 2010-11-10 18:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe

+ 2010-11-10 18:49 . 2010-11-10 18:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe

+ 2011-02-10 01:53 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll

+ 2009-03-12 23:48 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-03-12 23:48 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2009-03-12 23:48 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-03-12 23:48 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-03-13 00:17 . 2011-02-10 01:54 37443528 c:\windows\system32\MRT.exe

- 2009-03-08 09:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll

+ 2009-03-08 09:39 . 2010-12-21 11:29 11080704 c:\windows\system32\ieframe.dll

+ 2010-06-24 22:51 . 2010-12-21 11:29 11080704 c:\windows\system32\dllcache\ieframe.dll

- 2010-06-24 22:51 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll

+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\ffc19.msp

+ 2010-11-10 18:49 . 2010-11-10 18:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll

+ 2011-02-10 01:53 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Alex L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-23 136176]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GEST"="m

Link to post
Share on other sites

You're running 2 anti-virus programs.

Use Add/Remove Programs and remove one of them.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :)

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.