Jump to content

Recommended Posts

Had this attack a couple of days ago. Downloaded MBAM, removed the threat, checked over with Avira and Spybot Search and Destroy. The problem seemed to have been fixed. Two days later, it installs itself again and again. I can't seem to pinpoint the problem, so I'm hoping you'll be able to find it.

Link to post
Share on other sites

Hello RT0JK! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

  • Staff

Hi RT0JK,

My apologies for the delay; Maniac is currently unavailable so I will be taking over.

Please update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of DDS and double-click it; if it wont run, do this instead:

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

MBAM seems to not let me update. Here's the error it gives me:

An error has occurred. Please report this error code to our support team.

PROGRAM_ERROR_UPDATING (5, 0, CreateFile)

Access is denied.

OTL Log

OTL logfile created on: 16/04/2011 3:43:35 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Guest\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free

6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 172.53 Gb Total Space | 14.60 Gb Free Space | 8.47% Space Free | Partition Type: NTFS

Drive D: | 6.32 Gb Total Space | 6.26 Gb Free Space | 99.07% Space Free | Partition Type: NTFS

Drive E: | 7.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 500.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 424.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 232.83 Gb Total Space | 8.19 Gb Free Space | 3.52% Space Free | Partition Type: FAT32

Computer Name: ADVENT-PC | User Name: Miranda | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 15:43:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe

PRC - [2011/03/18 22:42:59 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/11/16 17:16:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/11/02 10:17:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/02 10:16:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/07/20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2010/06/22 14:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/10/01 17:08:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\afasrv32.exe

PRC - [2009/02/28 12:29:43 | 000,088,728 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcmsvc.exe

PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008/01/29 19:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2008/01/29 19:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2008/01/29 05:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/01/22 16:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

PRC - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/17 18:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

PRC - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007/07/11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

PRC - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

PRC - [2007/03/16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe

PRC - [2007/01/09 01:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe

PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/04/16 15:43:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Desktop\OTL.exe

MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)

SRV - [2011/03/30 14:20:53 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)

SRV - [2011/03/18 22:42:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/11/02 10:17:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010/05/03 16:12:00 | 003,584,240 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2009/10/02 13:52:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/10/01 17:08:55 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Windows\System32\afasrv32.exe -- (AfaService)

SRV - [2009/02/28 12:29:43 | 000,088,728 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc)

SRV - [2008/01/29 19:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/17 18:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2007/10/30 02:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)

SRV - [2007/09/12 20:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/03/18 22:43:00 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/24 11:41:22 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/03/26 14:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)

DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/16 01:34:01 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/05/27 10:07:58 | 000,050,560 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)

DRV - [2008/04/18 02:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/01/21 17:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2007/12/28 06:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/08/31 19:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2007/04/24 11:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)

DRV - [2007/04/24 11:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)

DRV - [2007/04/24 11:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)

DRV - [2007/04/24 11:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)

DRV - [2007/04/24 11:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)

DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/04/16 00:44:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/11 14:21:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/19 21:14:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/09/11 19:52:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/16 17:17:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/16 17:17:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/09/11 19:52:23 | 000,000,000 | ---D | M]

[2008/08/10 10:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miranda\AppData\Roaming\Mozilla\Extensions

[2011/01/02 12:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\86dfui07.default\extensions

[2009/09/16 20:37:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\86dfui07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/11 19:49:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Miranda\AppData\Roaming\Mozilla\Firefox\Profiles\86dfui07.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/11/16 17:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/02/12 00:05:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/01/14 18:08:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

[2010/05/02 11:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/11 19:52:16 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010/07/19 21:14:13 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC

[2011/04/07 09:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\MIRANDA\PROGRAM FILES\DNA

[2008/01/07 19:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

[2010/05/02 11:14:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/07/06 18:13:52 | 000,252,424 | ---- | M] (Space International, Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npEZKeytecPlugin.dll

[2009/01/27 01:02:07 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/06/28 23:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)

O4 - HKLM..\Run: [jswtrayutil] File not found

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [uSBestCR] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [bitTorrent DNA] C:\Users\Miranda\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] File not found

O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)

O4 - HKCU..\Run: [TOSCDSPD] File not found

O4 - Startup: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = File not found

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab (MSN Photo Upload Tool)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Miranda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008/01/04 02:37:15 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006/08/08 09:59:46 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]

O32 - Unable to obtain root file information for disk H:\

O33 - MountPoints2\{0e582ebe-e399-11dd-bc33-001e3345bd68}\Shell - "" = AutoRun

O33 - MountPoints2\{0e582ebe-e399-11dd-bc33-001e3345bd68}\Shell\AutoRun\command - "" = G:\autoplay.exe

O33 - MountPoints2\{7127d72b-6733-11dd-9c7e-001e3345bd68}\Shell - "" = AutoRun

O33 - MountPoints2\{7127d72b-6733-11dd-9c7e-001e3345bd68}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{f42be3ee-d30c-11dd-a2d3-001e3345bd68}\Shell - "" = AutoRun

O33 - MountPoints2\{f42be3ee-d30c-11dd-a2d3-001e3345bd68}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 09:46:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/04/15 09:41:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011/04/15 09:41:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011/04/15 09:41:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011/04/15 09:41:36 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011/04/15 09:41:36 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011/04/15 09:41:27 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011/04/15 09:41:25 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011/04/15 09:41:24 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011/04/15 09:41:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011/04/15 09:41:23 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/04/15 09:41:23 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011/04/15 09:41:23 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011/04/15 09:41:23 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011/04/15 09:41:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2011/04/15 09:41:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/04/15 09:41:16 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/04/15 09:41:12 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011/04/15 09:41:12 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011/04/06 23:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/03/30 21:46:18 | 000,000,000 | ---D | C] -- C:\Users\Miranda\AppData\Roaming\Malwarebytes

[2011/03/30 21:46:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/03/30 21:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/03/30 21:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/03/30 21:46:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/03/30 21:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/03/30 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\Miranda\AppData\Roaming\vlc

[2011/03/20 02:58:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/03/20 02:56:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2011/03/20 02:55:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2011/03/20 02:55:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2011/03/20 02:55:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2011/03/20 02:55:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2011/03/20 02:55:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2011/03/20 02:55:53 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2011/03/20 02:55:53 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2011/03/20 02:55:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2011/03/20 02:55:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2011/03/20 02:55:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2011/03/20 02:55:47 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2011/03/20 02:55:46 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2011/03/20 02:55:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2011/03/20 02:55:46 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2011/03/20 02:55:46 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Miranda\Documents\*.tmp files -> C:\Users\Miranda\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/16 15:34:22 | 000,669,638 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/04/16 15:34:22 | 000,132,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/04/16 14:18:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/04/16 14:18:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/04/16 10:18:27 | 002,350,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/04/16 10:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/04/16 10:16:03 | 3210,702,848 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/15 17:59:59 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Miranda.job

[2011/04/06 21:24:55 | 000,011,868 | -HS- | M] () -- C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84

[2011/04/03 16:14:38 | 000,011,480 | -HS- | M] () -- C:\ProgramData\08a4u2o670p0ms3ur18g20l873t74n

[2011/03/30 21:46:13 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/30 21:38:29 | 000,000,354 | ---- | M] () -- C:\Users\Miranda\Desktop\fix.reg

[2011/03/30 21:13:07 | 000,001,356 | ---- | M] () -- C:\Users\Miranda\AppData\Local\d3d9caps.dat

[2011/03/30 20:58:13 | 000,009,584 | -HS- | M] () -- C:\ProgramData\k3gf5y4w6865444l7cxg0ohs8015opk8482f

[2011/03/18 22:43:00 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Miranda\Documents\*.tmp files -> C:\Users\Miranda\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/06 21:44:04 | 3210,702,848 | -HS- | C] () -- C:\hiberfil.sys

[2011/04/06 21:20:00 | 000,011,868 | -HS- | C] () -- C:\ProgramData\d370ib50k8d5s35bk41t72fyy28xc84

[2011/04/03 16:10:59 | 000,011,480 | -HS- | C] () -- C:\ProgramData\08a4u2o670p0ms3ur18g20l873t74n

[2011/03/30 21:46:13 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/30 21:38:29 | 000,000,354 | ---- | C] () -- C:\Users\Miranda\Desktop\fix.reg

[2011/03/30 20:56:03 | 000,009,584 | -HS- | C] () -- C:\ProgramData\k3gf5y4w6865444l7cxg0ohs8015opk8482f

[2011/03/20 02:55:48 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011/03/20 02:55:48 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011/03/20 02:55:48 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2010/02/12 00:12:36 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/11 14:20:32 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010/01/04 13:30:02 | 000,077,353 | ---- | C] () -- C:\Windows\hpqins05.dat

[2009/10/23 15:32:53 | 000,233,472 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2009/10/01 17:08:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe

[2009/05/23 17:56:05 | 000,170,454 | ---- | C] () -- C:\Windows\hpqins00.dat

[2009/04/26 12:25:29 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009/02/10 19:29:38 | 000,002,946 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2009/01/06 17:23:52 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008/08/28 20:02:40 | 000,157,558 | ---- | C] () -- C:\Windows\hpoins28.dat

[2008/08/22 18:10:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2008/08/22 18:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/08/11 01:46:05 | 000,049,664 | ---- | C] () -- C:\Users\Miranda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/08/10 01:44:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2008/08/10 01:44:03 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2008/08/10 01:44:03 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2008/08/10 01:44:03 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2008/08/10 01:44:03 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2008/08/10 01:44:03 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2008/08/10 01:21:08 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2008/08/10 01:21:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2008/08/10 01:21:08 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2008/08/10 01:21:08 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2008/08/10 01:17:03 | 000,001,356 | ---- | C] () -- C:\Users\Miranda\AppData\Local\d3d9caps.dat

[2008/02/11 19:10:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2008/02/11 18:16:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008/02/11 18:05:13 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2008/02/11 18:05:13 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2008/02/11 18:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll

[2008/02/11 18:05:13 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/01/28 20:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll

[2008/01/28 20:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll

[2008/01/28 19:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll

[2008/01/28 19:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll

[2008/01/28 19:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll

[2008/01/28 19:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll

[2007/12/12 19:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat

[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll

[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 002,350,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 000,669,638 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,132,794 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 22528 bytes -> C:\Windows\System32\autochk.exe:BAK

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B

< End of report >

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6392

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

18/04/2011 2:49:18 PM

mbam-log-2011-04-18 (14-49-18).txt

Scan type: Quick scan

Objects scanned: 148027

Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Are you running as an Administrator account or a Limited account?

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

See if MBAM can update now.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi,

My apologies for the delay.

Are you running as an Administrator account or a Limited account?

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

See if MBAM can update now.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

When I start DDS, I seem to get a PEV.DAT file. What am I supposed to do with that?

Link to post
Share on other sites

  • Staff

Did you run MBAM-clean as instructed???

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

DDS is still not showing the text files. The PEV.DAT file pops up but it doesn't recognize what program to open with

2011/04/22 11:34:27.0129 5600 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/22 11:34:27.0714 5600 ================================================================================

2011/04/22 11:34:27.0714 5600 SystemInfo:

2011/04/22 11:34:27.0714 5600

2011/04/22 11:34:27.0714 5600 OS Version: 6.0.6001 ServicePack: 1.0

2011/04/22 11:34:27.0714 5600 Product type: Workstation

2011/04/22 11:34:27.0714 5600 ComputerName: ADVENT-PC

2011/04/22 11:34:27.0715 5600 UserName: Miranda

2011/04/22 11:34:27.0715 5600 Windows directory: C:\Windows

2011/04/22 11:34:27.0715 5600 System windows directory: C:\Windows

2011/04/22 11:34:27.0715 5600 Processor architecture: Intel x86

2011/04/22 11:34:27.0715 5600 Number of processors: 2

2011/04/22 11:34:27.0715 5600 Page size: 0x1000

2011/04/22 11:34:27.0715 5600 Boot type: Normal boot

2011/04/22 11:34:27.0715 5600 ================================================================================

2011/04/22 11:34:28.0655 5600 Initialize success

2011/04/22 11:34:29.0966 1188 ================================================================================

2011/04/22 11:34:29.0966 1188 Scan started

2011/04/22 11:34:29.0966 1188 Mode: Manual;

2011/04/22 11:34:29.0966 1188 ================================================================================

2011/04/22 11:34:33.0499 1188 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2011/04/22 11:34:34.0110 1188 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys

2011/04/22 11:34:34.0646 1188 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/04/22 11:34:34.0916 1188 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/04/22 11:34:35.0616 1188 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/04/22 11:34:36.0004 1188 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/04/22 11:34:36.0445 1188 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2011/04/22 11:34:37.0537 1188 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/04/22 11:34:38.0322 1188 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/04/22 11:34:38.0768 1188 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/22 11:34:39.0456 1188 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/04/22 11:34:40.0733 1188 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/04/22 11:34:41.0701 1188 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/04/22 11:34:41.0982 1188 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/04/22 11:34:42.0027 1188 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/04/22 11:34:42.0887 1188 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/04/22 11:34:43.0415 1188 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/04/22 11:34:43.0862 1188 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys

2011/04/22 11:34:44.0336 1188 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/22 11:34:44.0470 1188 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2011/04/22 11:34:45.0406 1188 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys

2011/04/22 11:34:46.0174 1188 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/04/22 11:34:46.0639 1188 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/04/22 11:34:46.0960 1188 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/04/22 11:34:47.0554 1188 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/04/22 11:34:48.0173 1188 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/04/22 11:34:48.0906 1188 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/22 11:34:49.0546 1188 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/22 11:34:50.0129 1188 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/22 11:34:50.0829 1188 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/22 11:34:51.0186 1188 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/22 11:34:51.0360 1188 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/22 11:34:51.0504 1188 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/22 11:34:51.0920 1188 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/04/22 11:34:52.0633 1188 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/22 11:34:53.0085 1188 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/22 11:34:53.0370 1188 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/04/22 11:34:54.0109 1188 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2011/04/22 11:34:55.0079 1188 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/22 11:34:55.0617 1188 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/04/22 11:34:56.0254 1188 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/22 11:34:56.0557 1188 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/04/22 11:34:56.0608 1188 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/04/22 11:34:56.0888 1188 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2011/04/22 11:34:57.0341 1188 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2011/04/22 11:34:57.0775 1188 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/04/22 11:34:58.0266 1188 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/04/22 11:34:58.0601 1188 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/04/22 11:34:58.0809 1188 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/04/22 11:34:59.0293 1188 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/22 11:34:59.0691 1188 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/22 11:35:00.0193 1188 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2011/04/22 11:35:00.0441 1188 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/04/22 11:35:00.0881 1188 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/04/22 11:35:01.0401 1188 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2011/04/22 11:35:02.0072 1188 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2011/04/22 11:35:02.0169 1188 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/22 11:35:02.0469 1188 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/04/22 11:35:02.0600 1188 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/04/22 11:35:03.0148 1188 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/22 11:35:03.0643 1188 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2011/04/22 11:35:04.0287 1188 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/22 11:35:04.0917 1188 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

2011/04/22 11:35:05.0067 1188 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/22 11:35:05.0314 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/04/22 11:35:06.0206 1188 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/04/22 11:35:06.0856 1188 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/22 11:35:07.0382 1188 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/04/22 11:35:07.0649 1188 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/22 11:35:07.0931 1188 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/22 11:35:08.0430 1188 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/04/22 11:35:08.0946 1188 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

2011/04/22 11:35:09.0488 1188 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/04/22 11:35:09.0973 1188 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/22 11:35:10.0433 1188 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys

2011/04/22 11:35:10.0837 1188 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/04/22 11:35:10.0994 1188 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/04/22 11:35:11.0652 1188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/22 11:35:12.0348 1188 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys

2011/04/22 11:35:12.0741 1188 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/04/22 11:35:12.0812 1188 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/22 11:35:13.0113 1188 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/22 11:35:13.0205 1188 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/22 11:35:14.0286 1188 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/22 11:35:14.0502 1188 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/04/22 11:35:14.0581 1188 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/04/22 11:35:14.0707 1188 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/22 11:35:15.0178 1188 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/22 11:35:15.0403 1188 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/22 11:35:15.0705 1188 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys

2011/04/22 11:35:16.0302 1188 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/22 11:35:16.0745 1188 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

2011/04/22 11:35:17.0244 1188 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/22 11:35:17.0645 1188 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/22 11:35:17.0724 1188 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/22 11:35:17.0774 1188 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/22 11:35:18.0110 1188 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/22 11:35:18.0735 1188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/04/22 11:35:19.0241 1188 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/04/22 11:35:19.0611 1188 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/04/22 11:35:20.0015 1188 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/04/22 11:35:20.0372 1188 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys

2011/04/22 11:35:20.0670 1188 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys

2011/04/22 11:35:21.0172 1188 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys

2011/04/22 11:35:21.0563 1188 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

2011/04/22 11:35:21.0795 1188 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

2011/04/22 11:35:21.0999 1188 MHIKEY10 (3412a454fdf9f68341ab80f3ee79edab) C:\Windows\system32\Drivers\MHIKEY10.sys

2011/04/22 11:35:22.0374 1188 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/04/22 11:35:22.0693 1188 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/22 11:35:22.0910 1188 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/22 11:35:23.0356 1188 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/22 11:35:24.0310 1188 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/04/22 11:35:24.0759 1188 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/04/22 11:35:25.0605 1188 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/22 11:35:26.0099 1188 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/22 11:35:26.0745 1188 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2011/04/22 11:35:27.0707 1188 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/22 11:35:28.0756 1188 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/22 11:35:29.0195 1188 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/22 11:35:29.0728 1188 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/04/22 11:35:30.0655 1188 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/04/22 11:35:31.0605 1188 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/04/22 11:35:32.0137 1188 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/04/22 11:35:32.0846 1188 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/22 11:35:33.0744 1188 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/22 11:35:34.0550 1188 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/04/22 11:35:35.0089 1188 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2011/04/22 11:35:35.0596 1188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/22 11:35:36.0275 1188 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/04/22 11:35:36.0961 1188 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2011/04/22 11:35:37.0372 1188 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/22 11:35:37.0487 1188 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2011/04/22 11:35:37.0941 1188 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/22 11:35:38.0355 1188 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/22 11:35:38.0672 1188 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/22 11:35:38.0970 1188 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/04/22 11:35:39.0341 1188 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/22 11:35:39.0451 1188 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/22 11:35:39.0696 1188 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/22 11:35:39.0952 1188 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys

2011/04/22 11:35:40.0518 1188 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys

2011/04/22 11:35:40.0978 1188 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys

2011/04/22 11:35:41.0301 1188 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys

2011/04/22 11:35:41.0850 1188 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2011/04/22 11:35:42.0243 1188 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/22 11:35:42.0585 1188 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2011/04/22 11:35:42.0955 1188 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/22 11:35:43.0268 1188 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/04/22 11:35:43.0428 1188 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/04/22 11:35:44.0124 1188 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/04/22 11:35:44.0700 1188 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/04/22 11:35:45.0197 1188 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/04/22 11:35:45.0598 1188 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/04/22 11:35:45.0850 1188 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2011/04/22 11:35:46.0059 1188 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/04/22 11:35:46.0856 1188 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

2011/04/22 11:35:47.0175 1188 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2011/04/22 11:35:47.0354 1188 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/04/22 11:35:47.0889 1188 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/04/22 11:35:48.0404 1188 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/22 11:35:48.0881 1188 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/22 11:35:48.0974 1188 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/04/22 11:35:49.0414 1188 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/22 11:35:50.0616 1188 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/04/22 11:35:51.0416 1188 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/22 11:35:51.0796 1188 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/22 11:35:51.0902 1188 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/22 11:35:52.0100 1188 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/22 11:35:52.0366 1188 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/22 11:35:52.0579 1188 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2011/04/22 11:35:52.0718 1188 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/22 11:35:52.0911 1188 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/22 11:35:53.0071 1188 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/04/22 11:35:53.0384 1188 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/22 11:35:53.0626 1188 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2011/04/22 11:35:53.0764 1188 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/22 11:35:54.0052 1188 RTL8169 (8cca591019216e9523e3cb385ce643e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/04/22 11:35:54.0439 1188 RTSTOR (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS

2011/04/22 11:35:55.0403 1188 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows\system32\DRIVERS\s125bus.sys

2011/04/22 11:35:55.0763 1188 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows\system32\DRIVERS\s125mdfl.sys

2011/04/22 11:35:55.0938 1188 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows\system32\DRIVERS\s125mdm.sys

2011/04/22 11:35:56.0304 1188 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows\system32\DRIVERS\s125mgmt.sys

2011/04/22 11:35:56.0831 1188 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows\system32\DRIVERS\s125obex.sys

2011/04/22 11:35:57.0041 1188 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/22 11:35:57.0218 1188 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/22 11:35:57.0537 1188 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/04/22 11:35:57.0679 1188 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/04/22 11:35:57.0901 1188 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/04/22 11:35:58.0283 1188 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/04/22 11:35:58.0341 1188 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/22 11:35:58.0394 1188 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/22 11:35:58.0735 1188 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/22 11:35:58.0887 1188 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/04/22 11:35:59.0201 1188 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/04/22 11:35:59.0569 1188 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/04/22 11:36:00.0178 1188 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2011/04/22 11:36:00.0618 1188 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/04/22 11:36:01.0338 1188 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

2011/04/22 11:36:01.0338 1188 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

2011/04/22 11:36:01.0341 1188 sptd - detected Locked file (1)

2011/04/22 11:36:02.0038 1188 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

2011/04/22 11:36:02.0497 1188 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/22 11:36:03.0012 1188 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/22 11:36:03.0337 1188 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/04/22 11:36:03.0794 1188 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/22 11:36:04.0060 1188 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/22 11:36:04.0370 1188 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/22 11:36:04.0804 1188 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/22 11:36:05.0020 1188 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

2011/04/22 11:36:05.0690 1188 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys

2011/04/22 11:36:06.0356 1188 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

2011/04/22 11:36:07.0843 1188 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/22 11:36:08.0204 1188 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/22 11:36:08.0407 1188 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

2011/04/22 11:36:08.0933 1188 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/04/22 11:36:09.0772 1188 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/04/22 11:36:10.0177 1188 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/22 11:36:11.0008 1188 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/22 11:36:11.0573 1188 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

2011/04/22 11:36:12.0187 1188 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/22 11:36:12.0588 1188 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/22 11:36:12.0692 1188 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/22 11:36:13.0135 1188 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2011/04/22 11:36:13.0412 1188 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/04/22 11:36:13.0533 1188 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/22 11:36:13.0874 1188 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/22 11:36:14.0142 1188 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/04/22 11:36:14.0449 1188 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/22 11:36:15.0173 1188 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/22 11:36:15.0510 1188 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/22 11:36:16.0156 1188 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

2011/04/22 11:36:16.0432 1188 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys

2011/04/22 11:36:17.0047 1188 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

2011/04/22 11:36:17.0189 1188 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/22 11:36:17.0444 1188 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/22 11:36:17.0621 1188 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/22 11:36:17.0808 1188 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/22 11:36:17.0864 1188 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/04/22 11:36:18.0090 1188 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/22 11:36:18.0186 1188 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/22 11:36:18.0455 1188 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys

2011/04/22 11:36:18.0759 1188 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

2011/04/22 11:36:19.0058 1188 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/22 11:36:19.0511 1188 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/22 11:36:19.0918 1188 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/04/22 11:36:20.0243 1188 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS

2011/04/22 11:36:20.0426 1188 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/22 11:36:21.0191 1188 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/04/22 11:36:21.0762 1188 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/04/22 11:36:22.0361 1188 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/04/22 11:36:22.0455 1188 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/04/22 11:36:23.0098 1188 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/04/22 11:36:23.0427 1188 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2011/04/22 11:36:23.0958 1188 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2011/04/22 11:36:24.0173 1188 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/04/22 11:36:24.0422 1188 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/22 11:36:24.0577 1188 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/22 11:36:24.0645 1188 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/22 11:36:24.0829 1188 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/04/22 11:36:25.0240 1188 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/22 11:36:25.0671 1188 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2011/04/22 11:36:26.0080 1188 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/04/22 11:36:26.0201 1188 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/22 11:36:26.0657 1188 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/22 11:36:26.0788 1188 ================================================================================

2011/04/22 11:36:26.0788 1188 Scan finished

2011/04/22 11:36:26.0788 1188 ================================================================================

2011/04/22 11:36:26.0792 4184 Detected object count: 1

2011/04/22 11:36:35.0166 4184 Locked file(sptd) - User select action: Skip

Link to post
Share on other sites

  • Staff

Hi,

Just noticed this:

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for BitTorrent and anything else you may have installed.

Link to post
Share on other sites

What should I do after uninstalling it?

Hi,

Just noticed this:

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

This goes for BitTorrent and anything else you may have installed.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6475

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

01/05/2011 8:32:33 PM

mbam-log-2011-05-01 (20-32-33).txt

Scan type: Quick scan

Objects scanned: 144443

Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PFmPbJoHGu

T (Rogue.Agent.SA) -> Value: PFmPbJoHGuT -> Quarantined and deleted

successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Please try and be as specific as possible when referring to these issues. It's hard for me to interpret since I can't really see what is going on in front of you. Take screen shots and describe the issues you are currently experiencing in as much depth as possible.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.