DannyMac Posted July 15, 2011 ID:454280 Share Posted July 15, 2011 Google has been behaving strangely of late and i am getting randon redirects which is incredibly annoyinh. MBAW will not update.MBAW Log:Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6705Windows 6.0.6002 Service Pack 2Internet Explorer 8.0.6001.1908815/07/2011 14:46:16mbam-log-2011-07-15 (14-46-16).txtScan type: Quick scanObjects scanned: 171629Time elapsed: 2 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS OUPUTDDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_20Run by Danny at 9:06:38 on 2011-07-15Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.8190.6244 [GMT 1:00].AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files (x86)\AskBarDis\bar\bin\AskService.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exeC:\Program Files (x86)\CDBurnerXP\NMSAccessU.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exeC:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\WindowsMobile\wmdSync.exeC:\Program Files\Folder Guard\FGKey64.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Eraser\Eraser.exeC:\Windows\ehome\ehtray.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Ares\Ares.exeC:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeC:\Program Files (x86)\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\system32\svchost.exe -k WindowsMobileC:\Windows\ehome\ehmsas.exeC:\Windows\ehome\ehsched.exeC:\Windows\ehome\ehRec.exeC:\Windows\ehome\ehRecvr.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Windows\Samsung\PanelMgr\SSMMgr.exeC:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exeC:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Samsung\PanelMgr\caller64.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllTB: rosqxvmn: {6439B80C-3784-4DEB-BB22-7802A6F5E014} - LocalServer32 - <no file>uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgrounduRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -huRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -trayuRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\SideBar.exe /autoRunuRun: [Windows Live Sync] "C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe" /backgrounduRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /backgrounduRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exemRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLLmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorunmRun: [4623 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe"mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startupmRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dllIE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {37309153-EBDD-43BC-9993-0465005041F0} - hxxp://isgplc.mybiw.com/classes/5.5.0.2/BIWViewer_40.cabDPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cabTCP: NameServer = 213.109.65.249 213.109.76.244TCP: Interfaces\{B1E052AF-09AF-4FE3-96E4-BB13944BBB3E} : DHCPNameServer = 213.109.65.249 213.109.76.244Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exex64-Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLx64-Run: [skytel] Skytel.exex64-Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey64.exe /Startx64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestartx64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableLUA = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>Hosts: 127.0.0.1 www.spywareinfo.comHosts: 81.140.3.1 sbserver.stoneguard.co.uk.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\kibh9twf.default\FF - prefs.js: browser.startup.homepage - www.google.co.ukFF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dllFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\kibh9twf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension.---- FIREFOX POLICIES ----============= SERVICES / DRIVERS ===============.R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2008-6-10 173096]R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files (x86)\Cyberlink\PowerDVD8\000.fcl [2008-2-1 32240]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-2-26 108289]R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-2-26 185089]R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2008-10-15 460168]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-2-26 74880]R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-10-22 21480]R2 FGUARD64;FGUARD64;C:\Program Files\Folder Guard\FGUARD64.sys [2010-2-19 71760]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-14 366640]R2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2010-3-11 211968]R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2008-11-11 11576]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2008-10-8 202776]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2008-10-8 1417240]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2008-10-8 94744]R3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;C:\Windows\System32\drivers\hcw99bda.sys [2010-3-18 147968]R3 hcw99rc;Hauppauge Nova-DT IR Driver;C:\Windows\System32\drivers\hcw99rc.sys [2010-3-18 12800]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-7-14 25912]R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2009-11-11 34160]S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2009-4-28 9968]S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-4-28 72944]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 136176]S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]S2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);C:\Program Files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-12 79360]S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2008-10-8 202776]S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2008-10-8 1417240]S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2008-10-8 94744]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" --> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [?]S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-11 48488]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 136176]S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2010-2-26 25088]S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2010-2-26 12288]S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-2-26 173056]S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-2-26 19456]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-4-28 7408]S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-8-26 116224]S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-8-26 18944]S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-8-26 157696]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2011-07-14 02:00:44 50867144 ----a-w- C:\Windows\System32\mrt.exe2011-06-26 15:47:09 303115 ----a-w- C:\Windows\DUMP41c0.tmp2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys2011-06-01 01:57:50 0 ----a-w- C:\DFRDC43.tmp2011-05-29 08:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys2011-05-29 08:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys2011-05-28 06:28:00 1147904 ----a-w- C:\Windows\System32\wininet.dll2011-05-28 06:27:50 1488384 ----a-w- C:\Windows\System32\urlmon.dll2011-05-28 06:26:33 243712 ----a-w- C:\Windows\System32\occache.dll2011-05-28 06:25:04 1062912 ----a-w- C:\Windows\System32\mstime.dll2011-05-28 06:24:36 96768 ----a-w- C:\Windows\System32\mshtmled.dll2011-05-28 06:24:36 9272320 ----a-w- C:\Windows\System32\mshtml.dll2011-05-28 06:24:33 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll2011-05-28 06:24:33 710656 ----a-w- C:\Windows\System32\msfeeds.dll2011-05-28 06:24:04 56832 ----a-w- C:\Windows\System32\licmgr10.dll2011-05-28 06:23:54 31744 ----a-w- C:\Windows\System32\jsproxy.dll2011-05-28 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl2011-05-28 06:23:30 219136 ----a-w- C:\Windows\System32\ieui.dll2011-05-28 06:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll2011-05-28 06:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll2011-05-28 06:23:29 72192 ----a-w- C:\Windows\System32\iernonce.dll2011-05-28 06:23:29 2339840 ----a-w- C:\Windows\System32\iertutil.dll2011-05-28 06:23:28 252416 ----a-w- C:\Windows\System32\iepeers.dll2011-05-28 06:23:28 12477440 ----a-w- C:\Windows\System32\ieframe.dll2011-05-28 06:23:22 459776 ----a-w- C:\Windows\System32\iedkcs32.dll2011-05-28 06:08:58 916480 ----a-w- C:\Windows\SysWow64\wininet.dll2011-05-28 06:08:44 1211904 ----a-w- C:\Windows\SysWow64\urlmon.dll2011-05-28 06:07:19 206848 ----a-w- C:\Windows\SysWow64\occache.dll2011-05-28 06:05:27 611840 ----a-w- C:\Windows\SysWow64\mstime.dll2011-05-28 06:03:58 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll2011-05-28 05:33:37 479232 ----a-w- C:\Windows\System32\html.iec2011-05-28 05:10:26 385024 ----a-w- C:\Windows\SysWow64\html.iec2011-05-28 04:53:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe2011-05-28 04:53:19 70656 ----a-w- C:\Windows\System32\ie4uinit.exe2011-05-28 04:52:45 12288 ----a-w- C:\Windows\System32\msfeedssync.exe2011-05-28 04:52:18 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2011-05-28 04:33:03 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2011-05-28 04:32:51 173568 ----a-w- C:\Windows\SysWow64\ie4uinit.exe2011-05-28 04:32:15 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe2011-05-28 04:31:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll2011-04-29 16:15:56 344576 ----a-w- C:\Windows\System32\schannel.dll2011-04-29 15:59:36 276992 ----a-w- C:\Windows\SysWow64\schannel.dll2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys2011-04-20 16:03:39 451072 ----a-w- C:\Windows\System32\winsrv.dll2011-04-20 15:58:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll2011-04-16 10:15:44 303115 ----a-w- C:\Windows\DUMPcb59.tmp2010-03-30 07:42:38 5160448 ----a-w- C:\Program Files (x86)\mb_warband.exe2008-09-19 16:08:54 4407296 ----a-w- C:\Program Files (x86)\mount&blade.exe2007-09-07 02:03:54 11010048 ----a-w- C:\Program Files\Race07.exe.============= FINISH: 9:08:57.21 ===============GMER OUTPUTGMER 1.0.15.15640 - http://www.gmer.netRootkit scan 2011-07-15 14:37:53Windows 6.0.6002 Service Pack 2 Running: u8kejex4.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0x0B 0x55 0xF3 ...Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x93 0x64 0x72 ...Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x50 0xA1 0xAA ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0x0B 0x55 0xF3 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x93 0x64 0x72 ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD6 0x50 0xA1 0xAA ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0x0B 0x55 0xF3 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2A 0x93 0x64 0x72 ...Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x61 0x05 0x6E 0x41 ...---- Files - GMER 1.0.15 ----File C:\Users\Danny\AppData\Roaming\systemfl.$dk 990 bytesFile C:\Windows\SysWOW64\sys_drv_2.dat 5020 bytesFile C:\Windows\SysWOW64\WinFLdrv.sys 21888 bytes executable <-- ROOTKIT !!!---- Services - GMER 1.0.15 ----Service C:\Windows\SysWOW64\WinFLdrv.sys [AUTO] WinFLdrv <-- ROOTKIT !!!---- EOF - GMER 1.0.15 ----Any help appreciated!! Link to post Share on other sites More sharing options...
LDTate Posted July 17, 2011 ID:454973 Share Posted July 17, 2011 Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs from these scans, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download ATF Cleaner by Atribune.Download - ATF Cleaner»Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.Next:Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.It doesn't take long to run, once it is finished move onto the next stepNext:Note: if the Cure option is not there, please select 'Skip'. Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.please post the contents of that log TDSSKiller log.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
DannyMac Posted July 20, 2011 Author ID:456196 Share Posted July 20, 2011 Apologies for the delayed responce. Been very busy with work.Google still behaving strangely. Re-directing to ad site sometimes when i click a link and opening up tabs in different Firefox windows.TDSSKiller Log:2011/07/20 16:16:06.0672 3684 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:562011/07/20 16:16:07.0873 3684 ================================================================================2011/07/20 16:16:07.0873 3684 SystemInfo:2011/07/20 16:16:07.0873 3684 2011/07/20 16:16:07.0873 3684 OS Version: 6.0.6002 ServicePack: 2.02011/07/20 16:16:07.0873 3684 Product type: Workstation2011/07/20 16:16:07.0873 3684 ComputerName: DANNY-PC2011/07/20 16:16:07.0873 3684 UserName: Danny2011/07/20 16:16:07.0873 3684 Windows directory: C:\Windows2011/07/20 16:16:07.0873 3684 System windows directory: C:\Windows2011/07/20 16:16:07.0873 3684 Running under WOW642011/07/20 16:16:07.0873 3684 Processor architecture: Intel x642011/07/20 16:16:07.0873 3684 Number of processors: 42011/07/20 16:16:07.0873 3684 Page size: 0x10002011/07/20 16:16:07.0873 3684 Boot type: Normal boot2011/07/20 16:16:07.0873 3684 ================================================================================2011/07/20 16:16:08.0185 3684 Initialize success2011/07/20 16:16:18.0871 3856 ================================================================================2011/07/20 16:16:18.0871 3856 Scan started2011/07/20 16:16:18.0871 3856 Mode: Manual; 2011/07/20 16:16:18.0871 3856 ================================================================================2011/07/20 16:16:19.0199 3856 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys2011/07/20 16:16:19.0230 3856 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys2011/07/20 16:16:19.0293 3856 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys2011/07/20 16:16:19.0339 3856 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys2011/07/20 16:16:19.0371 3856 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys2011/07/20 16:16:19.0402 3856 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys2011/07/20 16:16:19.0433 3856 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys2011/07/20 16:16:19.0480 3856 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys2011/07/20 16:16:19.0511 3856 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys2011/07/20 16:16:19.0527 3856 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys2011/07/20 16:16:19.0558 3856 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys2011/07/20 16:16:19.0589 3856 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys2011/07/20 16:16:19.0636 3856 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys2011/07/20 16:16:19.0683 3856 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys2011/07/20 16:16:19.0745 3856 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys2011/07/20 16:16:19.0776 3856 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys2011/07/20 16:16:19.0807 3856 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys2011/07/20 16:16:19.0870 3856 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys2011/07/20 16:16:19.0917 3856 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys2011/07/20 16:16:19.0963 3856 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys2011/07/20 16:16:19.0995 3856 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys2011/07/20 16:16:20.0041 3856 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys2011/07/20 16:16:20.0073 3856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys2011/07/20 16:16:20.0088 3856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys2011/07/20 16:16:20.0135 3856 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys2011/07/20 16:16:20.0182 3856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys2011/07/20 16:16:20.0213 3856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys2011/07/20 16:16:20.0244 3856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys2011/07/20 16:16:20.0260 3856 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys2011/07/20 16:16:20.0291 3856 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys2011/07/20 16:16:20.0322 3856 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys2011/07/20 16:16:20.0353 3856 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys2011/07/20 16:16:20.0400 3856 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys2011/07/20 16:16:20.0478 3856 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys2011/07/20 16:16:20.0525 3856 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys2011/07/20 16:16:20.0587 3856 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys2011/07/20 16:16:20.0619 3856 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys2011/07/20 16:16:20.0697 3856 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys2011/07/20 16:16:20.0743 3856 CT20XUT (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\system32\drivers\CT20XUT.SYS2011/07/20 16:16:20.0775 3856 CT20XUT.SYS (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\System32\drivers\CT20XUT.SYS2011/07/20 16:16:20.0821 3856 ctac32k (3295516329ea2aecadde7a33872d3816) C:\Windows\system32\drivers\ctac32k.sys2011/07/20 16:16:20.0853 3856 ctaud2k (a2dda894e68b746c83153428107ad8a7) C:\Windows\system32\drivers\ctaud2k.sys2011/07/20 16:16:20.0915 3856 CTEXFIFX (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\system32\drivers\CTEXFIFX.SYS2011/07/20 16:16:20.0993 3856 CTEXFIFX.SYS (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\System32\drivers\CTEXFIFX.SYS2011/07/20 16:16:21.0024 3856 CTHWIUT (37f04666c5c325d1864d36b260a7248b) C:\Windows\system32\drivers\CTHWIUT.SYS2011/07/20 16:16:21.0055 3856 CTHWIUT.SYS (37f04666c5c325d1864d36b260a7248b) C:\Windows\System32\drivers\CTHWIUT.SYS2011/07/20 16:16:21.0087 3856 ctprxy2k (24d416647168617bb19dbd1a3624be4d) C:\Windows\system32\drivers\ctprxy2k.sys2011/07/20 16:16:21.0133 3856 ctsfm2k (3e7177437bfa1ba61ca1a85bacf442a0) C:\Windows\system32\drivers\ctsfm2k.sys2011/07/20 16:16:21.0180 3856 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys2011/07/20 16:16:21.0211 3856 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys2011/07/20 16:16:21.0243 3856 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys2011/07/20 16:16:21.0289 3856 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys2011/07/20 16:16:21.0336 3856 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys2011/07/20 16:16:21.0383 3856 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys2011/07/20 16:16:21.0414 3856 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys2011/07/20 16:16:21.0445 3856 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys2011/07/20 16:16:21.0508 3856 emupia (660dedf9ae7c414b74480b484c7ba300) C:\Windows\system32\drivers\emupia2k.sys2011/07/20 16:16:21.0539 3856 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys2011/07/20 16:16:21.0586 3856 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys2011/07/20 16:16:21.0617 3856 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys2011/07/20 16:16:21.0648 3856 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys2011/07/20 16:16:21.0695 3856 FGUARD64 (7f13c4fc030ba661805ff519dc8aeb88) C:\Program Files\Folder Guard\FGUARD64.SYS2011/07/20 16:16:21.0711 3856 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys2011/07/20 16:16:21.0726 3856 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys2011/07/20 16:16:21.0742 3856 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys2011/07/20 16:16:21.0789 3856 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys2011/07/20 16:16:21.0820 3856 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys2011/07/20 16:16:21.0835 3856 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys2011/07/20 16:16:21.0867 3856 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys2011/07/20 16:16:21.0898 3856 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys2011/07/20 16:16:21.0976 3856 ha20x2k (c8df6024abea766f2d735b35d109ee7e) C:\Windows\system32\drivers\ha20x2k.sys2011/07/20 16:16:22.0023 3856 HCW99BDA (034b83c9a1887f2af644d60e1856868e) C:\Windows\system32\Drivers\hcw99bda.sys2011/07/20 16:16:22.0054 3856 hcw99rc (07c7257b6f92e852d6bfe9eb99c11b88) C:\Windows\system32\Drivers\hcw99rc.sys2011/07/20 16:16:22.0101 3856 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys2011/07/20 16:16:22.0147 3856 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys2011/07/20 16:16:22.0179 3856 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys2011/07/20 16:16:22.0210 3856 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys2011/07/20 16:16:22.0257 3856 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys2011/07/20 16:16:22.0303 3856 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys2011/07/20 16:16:22.0350 3856 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys2011/07/20 16:16:22.0366 3856 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys2011/07/20 16:16:22.0397 3856 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys2011/07/20 16:16:22.0413 3856 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys2011/07/20 16:16:22.0444 3856 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys2011/07/20 16:16:22.0522 3856 IntcAzAudAddService (d1bc3c39de5e02708a99aefd6f9be855) C:\Windows\system32\drivers\RTKVHD64.sys2011/07/20 16:16:22.0537 3856 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys2011/07/20 16:16:22.0569 3856 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys2011/07/20 16:16:22.0600 3856 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys2011/07/20 16:16:22.0647 3856 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys2011/07/20 16:16:22.0678 3856 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys2011/07/20 16:16:22.0709 3856 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys2011/07/20 16:16:22.0725 3856 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys2011/07/20 16:16:22.0771 3856 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys2011/07/20 16:16:22.0787 3856 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys2011/07/20 16:16:22.0818 3856 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys2011/07/20 16:16:22.0834 3856 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys2011/07/20 16:16:22.0865 3856 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys2011/07/20 16:16:22.0912 3856 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys2011/07/20 16:16:22.0943 3856 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys2011/07/20 16:16:22.0974 3856 L1E (75a40635ebca9e69d6ebbdaa35e5ee1e) C:\Windows\system32\DRIVERS\L1E60x64.sys2011/07/20 16:16:23.0052 3856 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys2011/07/20 16:16:23.0083 3856 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys2011/07/20 16:16:23.0130 3856 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys2011/07/20 16:16:23.0146 3856 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys2011/07/20 16:16:23.0193 3856 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys2011/07/20 16:16:23.0224 3856 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys2011/07/20 16:16:23.0255 3856 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys2011/07/20 16:16:23.0286 3856 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys2011/07/20 16:16:23.0317 3856 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys2011/07/20 16:16:23.0349 3856 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys2011/07/20 16:16:23.0380 3856 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys2011/07/20 16:16:23.0411 3856 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys2011/07/20 16:16:23.0427 3856 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys2011/07/20 16:16:23.0458 3856 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys2011/07/20 16:16:23.0489 3856 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys2011/07/20 16:16:23.0520 3856 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys2011/07/20 16:16:23.0551 3856 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys2011/07/20 16:16:23.0583 3856 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys2011/07/20 16:16:23.0598 3856 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys2011/07/20 16:16:23.0629 3856 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys2011/07/20 16:16:23.0661 3856 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys2011/07/20 16:16:23.0692 3856 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys2011/07/20 16:16:23.0723 3856 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys2011/07/20 16:16:23.0754 3856 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys2011/07/20 16:16:23.0785 3856 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys2011/07/20 16:16:23.0801 3856 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys2011/07/20 16:16:23.0832 3856 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys2011/07/20 16:16:23.0848 3856 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys2011/07/20 16:16:23.0879 3856 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys2011/07/20 16:16:23.0910 3856 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys2011/07/20 16:16:23.0941 3856 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys2011/07/20 16:16:23.0973 3856 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys2011/07/20 16:16:24.0004 3856 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys2011/07/20 16:16:24.0019 3856 mv61xx (a587d7fe4efd3ee5fddfc492944acb15) C:\Windows\system32\DRIVERS\mv61xx.sys2011/07/20 16:16:24.0066 3856 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys2011/07/20 16:16:24.0097 3856 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys2011/07/20 16:16:24.0129 3856 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys2011/07/20 16:16:24.0160 3856 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys2011/07/20 16:16:24.0191 3856 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys2011/07/20 16:16:24.0222 3856 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys2011/07/20 16:16:24.0238 3856 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys2011/07/20 16:16:24.0269 3856 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys2011/07/20 16:16:24.0300 3856 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys2011/07/20 16:16:24.0347 3856 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys2011/07/20 16:16:24.0378 3856 nmwcdnsucx64 (ce90d1dd60db810a45e13fccea47e890) C:\Windows\system32\drivers\nmwcdnsucx64.sys2011/07/20 16:16:24.0409 3856 nmwcdnsux64 (f5a8219ea8a6b67280308fae169b65c0) C:\Windows\system32\drivers\nmwcdnsux64.sys2011/07/20 16:16:24.0456 3856 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys2011/07/20 16:16:24.0487 3856 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys2011/07/20 16:16:24.0503 3856 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys2011/07/20 16:16:24.0565 3856 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys2011/07/20 16:16:24.0612 3856 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys2011/07/20 16:16:24.0628 3856 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys2011/07/20 16:16:24.0893 3856 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys2011/07/20 16:16:24.0971 3856 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys2011/07/20 16:16:25.0002 3856 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys2011/07/20 16:16:25.0033 3856 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys2011/07/20 16:16:25.0111 3856 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys2011/07/20 16:16:25.0189 3856 ossrv (71e4ef433b137256c4810c6f8337680b) C:\Windows\system32\drivers\ctoss2k.sys2011/07/20 16:16:25.0221 3856 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys2011/07/20 16:16:25.0252 3856 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys2011/07/20 16:16:25.0299 3856 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys2011/07/20 16:16:25.0330 3856 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys2011/07/20 16:16:25.0361 3856 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys2011/07/20 16:16:25.0377 3856 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys2011/07/20 16:16:25.0423 3856 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys2011/07/20 16:16:25.0470 3856 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys2011/07/20 16:16:25.0548 3856 Point64 (9abff71ff6f3b9492686d3403fa5dcdb) C:\Windows\system32\DRIVERS\point64k.sys2011/07/20 16:16:25.0595 3856 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys2011/07/20 16:16:25.0611 3856 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys2011/07/20 16:16:25.0657 3856 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys2011/07/20 16:16:25.0720 3856 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys2011/07/20 16:16:25.0751 3856 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys2011/07/20 16:16:25.0767 3856 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys2011/07/20 16:16:25.0798 3856 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys2011/07/20 16:16:25.0813 3856 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys2011/07/20 16:16:25.0860 3856 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys2011/07/20 16:16:25.0891 3856 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys2011/07/20 16:16:25.0923 3856 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys2011/07/20 16:16:25.0938 3856 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys2011/07/20 16:16:25.0969 3856 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys2011/07/20 16:16:25.0985 3856 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys2011/07/20 16:16:26.0016 3856 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys2011/07/20 16:16:26.0047 3856 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys2011/07/20 16:16:26.0110 3856 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys2011/07/20 16:16:26.0188 3856 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS2011/07/20 16:16:26.0203 3856 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS2011/07/20 16:16:26.0235 3856 SASKUTIL (4731a1b8a79b19cad8e2cfdc7b7d82d4) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys2011/07/20 16:16:26.0266 3856 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys2011/07/20 16:16:26.0313 3856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys2011/07/20 16:16:26.0344 3856 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys2011/07/20 16:16:26.0375 3856 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys2011/07/20 16:16:26.0391 3856 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys2011/07/20 16:16:26.0437 3856 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys2011/07/20 16:16:26.0469 3856 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys2011/07/20 16:16:26.0484 3856 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys2011/07/20 16:16:26.0500 3856 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys2011/07/20 16:16:26.0547 3856 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys2011/07/20 16:16:26.0562 3856 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys2011/07/20 16:16:26.0609 3856 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys2011/07/20 16:16:26.0656 3856 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys2011/07/20 16:16:26.0703 3856 sptd (aa90a319bb067e0d149b4c95608c4b05) C:\Windows\system32\Drivers\sptd.sys2011/07/20 16:16:26.0703 3856 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: aa90a319bb067e0d149b4c95608c4b052011/07/20 16:16:26.0703 3856 sptd - detected LockedFile.Multi.Generic (1)2011/07/20 16:16:26.0734 3856 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys2011/07/20 16:16:26.0765 3856 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys2011/07/20 16:16:26.0781 3856 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys2011/07/20 16:16:26.0812 3856 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys2011/07/20 16:16:26.0843 3856 ss_bbus (b13695429e5c0832403f6dfc14e0293f) C:\Windows\system32\DRIVERS\ss_bbus.sys2011/07/20 16:16:26.0890 3856 ss_bmdfl (02aec2e12740ffd5602d52fb074e06d1) C:\Windows\system32\DRIVERS\ss_bmdfl.sys2011/07/20 16:16:26.0937 3856 ss_bmdm (d8a587160188efbeb0cf9e630e7926a6) C:\Windows\system32\DRIVERS\ss_bmdm.sys2011/07/20 16:16:26.0968 3856 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys2011/07/20 16:16:27.0015 3856 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys2011/07/20 16:16:27.0046 3856 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys2011/07/20 16:16:27.0077 3856 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys2011/07/20 16:16:27.0093 3856 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys2011/07/20 16:16:27.0171 3856 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys2011/07/20 16:16:27.0217 3856 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys2011/07/20 16:16:27.0264 3856 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys2011/07/20 16:16:27.0280 3856 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys2011/07/20 16:16:27.0311 3856 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys2011/07/20 16:16:27.0342 3856 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys2011/07/20 16:16:27.0373 3856 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys2011/07/20 16:16:27.0420 3856 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys2011/07/20 16:16:27.0451 3856 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys2011/07/20 16:16:27.0451 3856 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys2011/07/20 16:16:27.0498 3856 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys2011/07/20 16:16:27.0545 3856 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys2011/07/20 16:16:27.0576 3856 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys2011/07/20 16:16:27.0607 3856 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys2011/07/20 16:16:27.0639 3856 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys2011/07/20 16:16:27.0670 3856 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys2011/07/20 16:16:27.0685 3856 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys2011/07/20 16:16:27.0748 3856 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys2011/07/20 16:16:27.0779 3856 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys2011/07/20 16:16:27.0810 3856 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys2011/07/20 16:16:27.0826 3856 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys2011/07/20 16:16:27.0857 3856 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys2011/07/20 16:16:27.0904 3856 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys2011/07/20 16:16:27.0935 3856 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys2011/07/20 16:16:27.0951 3856 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS2011/07/20 16:16:27.0982 3856 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys2011/07/20 16:16:28.0013 3856 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys2011/07/20 16:16:28.0044 3856 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys2011/07/20 16:16:28.0060 3856 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys2011/07/20 16:16:28.0107 3856 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys2011/07/20 16:16:28.0138 3856 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys2011/07/20 16:16:28.0169 3856 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys2011/07/20 16:16:28.0216 3856 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys2011/07/20 16:16:28.0231 3856 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys2011/07/20 16:16:28.0263 3856 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys2011/07/20 16:16:28.0309 3856 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys2011/07/20 16:16:28.0325 3856 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys2011/07/20 16:16:28.0372 3856 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys2011/07/20 16:16:28.0403 3856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys2011/07/20 16:16:28.0497 3856 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys2011/07/20 16:16:28.0528 3856 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys2011/07/20 16:16:28.0575 3856 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys2011/07/20 16:16:28.0590 3856 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys2011/07/20 16:16:28.0621 3856 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys2011/07/20 16:16:28.0668 3856 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys2011/07/20 16:16:28.0731 3856 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys2011/07/20 16:16:28.0762 3856 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys2011/07/20 16:16:28.0855 3856 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl2011/07/20 16:16:28.0887 3856 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR02011/07/20 16:16:28.0902 3856 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR12011/07/20 16:16:28.0933 3856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR22011/07/20 16:16:28.0933 3856 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR32011/07/20 16:16:29.0058 3856 Boot (0x1200) (3e9fc7dd1894ea175570d52d94d7bc55) \Device\Harddisk0\DR0\Partition02011/07/20 16:16:29.0058 3856 Boot (0x1200) (f0bd314f3ab5b3a40137860191c8f9aa) \Device\Harddisk1\DR1\Partition02011/07/20 16:16:29.0074 3856 Boot (0x1200) (ae3ab8e7f3dd292ee34fd0fc5672dd60) \Device\Harddisk2\DR2\Partition02011/07/20 16:16:29.0074 3856 Boot (0x1200) (61c5f70c81f34907ee81360c06abbc75) \Device\Harddisk3\DR3\Partition02011/07/20 16:16:29.0074 3856 ================================================================================2011/07/20 16:16:29.0074 3856 Scan finished2011/07/20 16:16:29.0074 3856 ================================================================================2011/07/20 16:16:29.0089 4748 Detected object count: 12011/07/20 16:16:29.0089 4748 Actual detected object count: 12011/07/20 16:17:02.0255 4748 LockedFile.Multi.Generic(sptd) - User select action: Skip Link to post Share on other sites More sharing options...
LDTate Posted July 20, 2011 ID:456203 Share Posted July 20, 2011 Are you using a router?Are there more computers connected to the internet where you're at?Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
DannyMac Posted July 20, 2011 Author ID:456217 Share Posted July 20, 2011 Yes i am using a router.There is generally a laptop / Desktop connected to my router. Link to post Share on other sites More sharing options...
LDTate Posted July 20, 2011 ID:456218 Share Posted July 20, 2011 Are the other's OK?Go ahead and run Combofix Link to post Share on other sites More sharing options...
DannyMac Posted July 20, 2011 Author ID:456225 Share Posted July 20, 2011 Same symptoms as my Desktop.ComboFix LogComboFix 11-07-20.02 - Danny 20/07/2011 17:41:06.1.4 - x64Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.8190.5661 [GMT 1:00]Running from: c:\users\Danny\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\DFRDC43.tmpC:\hostsc:\users\Danny\AppData\Roaming\.#c:\users\Danny\AppData\Roaming\inst.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_RelevantKnowledge..((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))..2011-07-20 16:47 . 2011-07-20 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp2011-07-20 16:02 . 2011-07-20 16:02 -------- d-----w- c:\users\Danny\AppData\Local\Adobe2011-07-16 14:51 . 2011-07-17 20:56 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys2011-07-14 18:02 . 2011-07-14 18:02 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes2011-07-14 18:01 . 2011-05-29 08:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys2011-07-14 18:01 . 2011-07-14 18:01 -------- d-----w- c:\programdata\Malwarebytes2011-07-14 18:01 . 2011-07-14 18:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2011-07-14 18:01 . 2011-05-29 08:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys2011-07-14 02:00 . 2011-07-14 02:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%2011-07-13 20:12 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys2011-07-13 20:12 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll2011-07-13 20:12 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll2011-07-05 22:21 . 2011-07-05 23:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy2011-07-05 22:21 . 2011-07-05 22:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy2011-06-29 18:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll2011-06-29 18:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-17 20:56 . 2010-02-26 09:44 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys2011-07-15 08:44 . 2009-08-01 06:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll2011-06-26 15:47 . 2008-10-14 01:09 303115 ----a-w- c:\windows\DUMP41c0.tmp2011-05-28 06:28 . 2011-06-14 19:30 1147904 ----a-w- c:\windows\system32\wininet.dll2011-05-28 06:24 . 2011-06-14 19:30 56832 ----a-w- c:\windows\system32\licmgr10.dll2011-05-28 06:23 . 2011-06-14 19:30 1538560 ----a-w- c:\windows\system32\inetcpl.cpl2011-05-28 06:23 . 2011-06-14 19:30 132096 ----a-w- c:\windows\system32\iesysprep.dll2011-05-28 06:23 . 2011-06-14 19:30 77312 ----a-w- c:\windows\system32\iesetup.dll2011-05-28 06:08 . 2011-06-14 19:30 916480 ----a-w- c:\windows\SysWow64\wininet.dll2011-05-28 06:04 . 2011-06-14 19:30 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll2011-05-28 06:04 . 2011-06-14 19:30 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl2011-05-28 06:04 . 2011-06-14 19:30 71680 ----a-w- c:\windows\SysWow64\iesetup.dll2011-05-28 06:04 . 2011-06-14 19:30 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2011-05-28 05:33 . 2011-06-14 19:30 479232 ----a-w- c:\windows\system32\html.iec2011-05-28 05:10 . 2011-06-14 19:30 385024 ----a-w- c:\windows\SysWow64\html.iec2011-05-28 04:53 . 2011-06-14 19:30 162816 ----a-w- c:\windows\system32\ieUnatt.exe2011-05-28 04:52 . 2011-06-14 19:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-05-28 04:33 . 2011-06-14 19:30 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe2011-05-28 04:31 . 2011-06-14 19:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2011-05-02 17:16 . 2011-06-14 19:30 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll2011-05-02 17:13 . 2011-06-14 19:30 975360 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 13:41 . 2011-06-14 19:30 176128 ----a-w- c:\windows\system32\drivers\srv2.sys2011-04-29 13:40 . 2011-06-14 19:30 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys2011-04-29 13:39 . 2011-06-14 19:30 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-04-29 13:39 . 2011-06-14 19:30 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-29 13:39 . 2011-06-14 19:30 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys2010-03-30 07:42 . 2010-04-29 13:43 5160448 ----a-w- c:\program files (x86)\mb_warband.exe2008-09-19 16:08 . 2010-04-29 13:19 4407296 ----a-w- c:\program files (x86)\mount&blade.exe2007-09-07 02:03 . 2010-07-29 08:29 11010048 ----a-w- c:\program files\Race07.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-10-02 15:44 325000 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-10-02 325000].[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AsioThk32Reg"="CTASIO.DLL" [2008-10-07 51712]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 11:05 356352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]"AsioThk32Reg"=REGSVR32.EXE /S CTASIO.DLL.R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 136176]R2 MSSQL$PRIMAVERA;SQL Server (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-12 79360]R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 136176]R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-02-01 32240]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2008-10-02 460168]S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]S2 FGUARD64;FGUARD64;c:\program files\Folder Guard\FGUARD64.SYS [2009-09-25 71760]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]S2 msftesql$PRIMAVERA;SQL Server FullText Search (PRIMAVERA);c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2009-09-11 211968]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-11-11 11576]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]S3 HCW99BDA;Hauppauge Nova-DT Dual DVB-T Tuner;c:\windows\system32\Drivers\hcw99bda.sys [x]S3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\Drivers\hcw99rc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]..[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9107acd3-5778-11de-b9e1-00221546089c}]\shell\AutoRun\command - F:\setup.exe.Contents of the 'Scheduled Tasks' folder.2011-07-15 c:\windows\Tasks\1-Click Maintenance.job- c:\program files (x86)\TuneUp Utilities 2008\OneClick.exe [2008-01-08 12:31].2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:09].2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:09].2011-07-20 c:\windows\Tasks\SDMsgUpdate (TE).job- c:\progra~2\SmartDraw 2010\Messages\SDNotify.exe [2010-09-02 16:21].2011-06-09 c:\windows\Tasks\User_Feed_Synchronization-{0152C480-C491-45B6-81B1-37EB27D687E2}.job- c:\windows\system32\msfeedssync.exe [2011-06-14 04:32]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"combofix"="c:\combofix\CF236.cfxxe" [X]"Skytel"="Skytel.exe" [2008-08-29 1833504]"FG_Monitor"="c:\program files\Folder Guard\FGKey64.exe" [2009-09-25 150344]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 2320752].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x1.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuDefault_Search_URL = hxxp://www.google.com/iemLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Web Capture - c:\program files (x86)\SmarThru Office\WebCapture.dllTrusted Zone: stoneguard.co.uk\hqTrusted Zone: stoneguard.co.uk\sbserverTCP: DhcpNameServer = 213.109.65.249 213.109.76.244DPF: {37309153-EBDD-43BC-9993-0465005041F0} - hxxp://isgplc.mybiw.com/classes/5.5.0.2/BIWViewer_40.cabDPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dllCLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\kibh9twf.default\FF - prefs.js: browser.startup.homepage - www.google.co.ukFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension.- - - - ORPHANS REMOVED - - - -.SafeBoot-WudfPfSafeBoot-WudfRdAddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exeAddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isuAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msftesql$PRIMAVERA]"ImagePath"="\"c:\program files (x86)\MSSQL\Primavera\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:PRIMAVERA".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3614891326-3336556046-865985116-1000\Software\SecuROM\License information*]"datasecu"=hex:94,81,84,15,15,e3,39,90,93,01,ca,77,12,40,9e,ff,da,6a,aa,6a,84, 31,2c,ee,94,b4,e4,68,96,d4,c3,66,5a,45,16,a7,43,cb,3f,5f,cf,55,7e,9e,94,08,\"rkeysecu"=hex:c3,a1,11,14,c7,6c,6f,ff,37,c2,b9,7e,e4,82,61,0c.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]@Denied: (A 2) (Everyone)@="IFlashBroker2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Creative\Shared Files\CTAudSvc.exec:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\program files (x86)\CDBurnerXP\NMSAccessU.exec:\windows\SysWOW64\PnkBstrA.exec:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files (x86)\Windows Live\Contacts\wlcomm.exe.**************************************************************************.Completion time: 2011-07-20 18:02:52 - machine was rebootedComboFix-quarantined-files.txt 2011-07-20 17:02.Pre-Run: 3,852,283,904 bytes freePost-Run: 3,336,560,640 bytes free.- - End Of File - - 34C0927AD19124237F782BF810BC0DF1 Link to post Share on other sites More sharing options...
LDTate Posted July 20, 2011 ID:456253 Share Posted July 20, 2011 If both have the same DNS issues then probubly a router infection.Let’s try to reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). You also need to reconfigure any security settings you had in place prior to the reset. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again. Link to post Share on other sites More sharing options...
LDTate Posted July 25, 2011 ID:458170 Share Posted July 25, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts