[TR/crypt.xdr.gen] and [WORM/yahoos.zv.1] Found by Avira. [Archive]

View Full Version : [TR/crypt.xdr.gen] and [WORM/yahoos.zv.1] Found by Avira.

Nicolas01

2011-02-25, 12:38

I everyone,

I currently have a lot of trouble because of a malware since last Sunday. Generally I succeed in finding a solution by myself but this time nothing worked and I require your help.

First of all I have read the “before posting” topic and I also found the nearest solved problem on your website: http://forums.spybot.info/showthread.php?t=47579

My problem seems similar to the topic above:
I have been getting alerts by avira antivir saying that it has detected "TR/crypt.xdr.gen” trojan and that it has also detected “WORM/yahoos.zv.1”. Even if I choose the option “delete” or “put into quarantine” the virus is still on my computer.
The main trouble I have at the beginning with these Trojan is that my computer was slow and I was constantly redirected to undesirable internet pages. But Sunday night I had a blue screen saying “your computer has to shut down to avoid damages” and I couldn’t put it on again (I even tried to format and reinstall Vista but because of a “hal.dll” missing I couldn’t). Fortunately, thanks to the Vista CD Recovery (available freely on internet) I succeeded in booting correctly but now I still have the initial problems (messages from avira, slow computer, redirection on internet).

My attempts:

Through my researches concerning my problem I found a lot of “solutions”. I tried:
- Ad Aware scan : after 7 hours of scan my laptop crashed
- Avira Scan : Nothing detected
- Dr web cureit scan : Nothing detected
- Evalutation of my Hijackthis log on the HJT web site (hijackthis.de): nothing detected as anormal
- Spybot S&D scan: Nothing detected
- Malwarebyte : nothing detected
- Conbofix utilisation (following the instruction on this topic http://forums.spybot.info/showthread.php?t=47579) : The worst, after 5 seconds my laptop crashed on a blue screen saying: IRQL_NOT_LESS_OR_EQUAL.

==== Hijackthis Log====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:58, on 24/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Join Air\UIExec.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMService - Lsdcdlgdm Software - C:\Windows\TEMP\rmek\setup.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe

--
End of file - 5835 bytes

==== Spybot S&D log: ====

Félicitations!: Aucun mouchard n'a été trouvé. (Status)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-02-24 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-02-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-02-24 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-02-24 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-02-24 Includes\KeyloggersC.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-02-24 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-02-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-02-24 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-02-24 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-02-24 Includes\TrojansC-02.sbi (*)
2011-02-24 Includes\TrojansC-03.sbi (*)
2011-02-24 Includes\TrojansC-04.sbi (*)
2011-02-24 Includes\TrojansC-05.sbi (*)
2011-02-24 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

==== DDS log: ====

DDS (Ver_10-12-12.02) - NTFSx86
Run by Nicolas at 18:37:12,46 on 24/02/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1720 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Join Air\UIExec.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\TEMP\rmek\setup.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicolas\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
uDefault_Page_URL = hxxp://www.msi.com.tw
mDefault_Page_URL = hxxp://www.msi.com.tw
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Skytel] Skytel.exe
mRun: [UIExec] "c:\program files\join air\UIExec.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\nicolas\appdata\roaming\mozilla\firefox\profiles\3zph7eyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\nicolas\appdata\roaming\mozilla\firefox\profiles\3zph7eyo.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com
FF - Ext: Diccionario de EspaÃ±ol/EspaÃ±a: es-es@dictionaries.addons.mozilla.org - %profile%\extensions\es-es@dictionaries.addons.mozilla.org

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-2-22 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-22 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-10-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-22 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-22 56816]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-2-18 159744]
R2 UI Assistant Service;UI Assistant Service;c:\program files\join air\AssistantServices.exe [2010-5-3 246272]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-25 97536]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-12-25 436224]
S2 AMService;AMService;c:\windows\temp\rmek\setup.exe run --> c:\windows\temp\rmek\setup.exe run [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-2-22 1405384]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-2-22 15232]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-5-3 9216]

=============== Created Last 30 ================

2011-02-23 20:42:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-02-22 18:09:34 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-02-22 18:09:15 -------- dc-h--w- c:\progra~2\{05D7E05D-9BCE-4F9F-8206-9129E8EAAF25}
2011-02-22 18:09:00 -------- d-----w- c:\program files\Lavasoft
2011-02-22 16:48:22 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-22 15:44:09 -------- d-----w- c:\users\nicolas\DoctorWeb
2011-02-22 15:39:48 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-02-22 15:01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-22 15:01:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-22 12:41:11 -------- d-----w- c:\users\nicolas\appdata\local\Innovative Solutions
2011-02-22 12:41:11 -------- d-----w- c:\progra~2\Innovative Solutions
2011-02-16 18:18:13 -------- d-----w- c:\program files\Audacity
2011-02-10 22:41:18 -------- d-----w- c:\users\nicolas\appdata\local\Apple
2011-02-08 20:34:42 -------- d-----w- c:\users\nicolas\appdata\local\TurnTool
2011-02-08 20:34:42 -------- d-----w- c:\program files\TurnTool
2011-02-08 17:21:02 -------- d-----w- c:\users\nicolas\appdata\roaming\Moyea
2011-02-08 17:18:09 -------- d-----w- c:\users\nicolas\appdata\roaming\GetRightToGo
2011-02-08 11:18:03 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4000b7fd-20cb-404d-891c-473069f59a76}\mpengine.dll
2011-02-06 21:57:44 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-02-05 10:27:11 165376 ----a-w- c:\windows\system32\unrar.dll
2011-01-28 11:44:45 -------- d-----w- c:\program files\Auralog
2011-01-27 14:52:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-01-27 14:49:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-01-27 14:49:12 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-01-27 14:49:12 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-28 11:45:12 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-01-28 11:45:12 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-01-13 14:18:31 20992 ----a-w- c:\windows\jestertb.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86BB4439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86bba7b8]; MOV EAX, [0x86bba834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8228B962] -> \Device\Harddisk0\DR0[0x8661AAC8]
3 CLASSPNP[0x8A9B28B3] -> ntkrnlpa!IofCallDriver[0x8228B962] -> [0x84BF45F8]
5 acpi[0x807346BC] -> ntkrnlpa!IofCallDriver[0x8228B962] -> [0x84BF4030]
\Driver\nvstor32[0x86BA0AF8] -> IRP_MJ_CREATE -> 0x86BB4439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE , 0x0; }
detected disk devices:
\Device\00000068 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00BEVT-22ZCT#4&30e40ed3&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x859241f8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 18:37:46,78 ===============

[B]
==== Attached DDS Log: ====

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/10/2009 08:01:03
System Uptime: 24/02/2011 17:56:40 (1 hours ago)

Motherboard: MSI | | MS-1672
Processor: AMD Athlon(tm) X2 Dual-Core QL-62 | CPU 1 | 2000/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 44 GiB total, 13,242 GiB free.
D: is FIXED (NTFS) - 246 GiB total, 50,821 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft 6to4
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: isatap.{401D31AD-5110-4FBE-B0A2-AEB2519D6AE2}
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Carte Microsoft ISATAP #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: isatap.{B42EFB06-EF37-4733-891A-6249F27F668E}
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: isatap.{B42EFB06-EF37-4733-891A-6249F27F668E}
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.{EDA373D5-5E79-40FB-9B6B-76615E746B3F}
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS4
Adobe Setup
Agere Systems HDA Modem
Assistant de connexion Windows Live
Auslogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
BurnRecovery
CCleaner
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
JMicron JMB38X Flash Media Controller
Join Air
Logiciel d'archivage WinRAR
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ Run Time Lib Setup
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Mozilla Firefox (3.6.13)
MSI Software Install
NVIDIA Display Control Panel
NVIDIA Drivers
PDF-Viewer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 5.1
SplitCam
System Control Manager
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB 2.0 Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
Windows Media Player Firefox Plugin

==== End Of File ===========================

I thank you for your time and I hope a solution may be found.

Nico.

shelf life

2011-03-02, 23:47

hi Nicolas01,

Based on the log you shouldn't be using the computer until its cleaned up. Make sure it has no connectivity. If your not sure how to do this then I would power it off.

Your post is a few days old, if you still need help simply post back.

My rootkit disclaimer;

You have a possible rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. In my opinion you should consider a reformat/reinstall of Windows.
The best source for information on how to do this would be the computer manufacturers website.

Nicolas01

2011-03-03, 00:10

Thank you for your awnser shelf life,

As i was victim of reccurent blue screens (saying driver_not_less_or_equal) I actually decided to format my laptop.

Actually I didn't had the recovery DVD (I'm abroad) so I used a tool proposed on my manufacturer website : MSI Burn Recovery, to create a DVD of my laptop with original settings.

http://support.msi-computer.fr/index.php?_m=downloads&_a=viewdownload&downloaditemid=25&nav=0

Then I burnt it, and I proceeded to a limited recovery (my hard drive is splitted into 2 parts and I only formated the C:/ part).

Now, most of problems has gone (no blue screen, no messages from avira) but I still get redirected to annoying websites (like "stopzilla", "euro.dell.com", "asktofriend.com", "allgive.com").

The only scan that found something was the one of Super Anti Spyware concerning infected cookies in C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\cookies.

Have you got any other mean to find the rootkit?

Thanks again !

shelf life

2011-03-03, 01:11

If I understand it right; if you created a restore/recovery disk from the files on any of your partitions then used that disk after reformatting to reinstall Windows-- then you just reinstalled the malware to your machine.

We will get a download to use;

Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop
Double click to launch the utility. Vista/W7 right click and "run as admin" After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report

Nicolas01

2011-03-04, 13:01

Thank you again for your time.

Effectively, it seems that I burnt a DVD of an infected version of my laptop.

Here is the TDSSKiller Log :

2011/03/04 11:51:44.0394 3836 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/04 11:51:46.0297 3836 ================================================================================
2011/03/04 11:51:46.0297 3836 SystemInfo:
2011/03/04 11:51:46.0297 3836
2011/03/04 11:51:46.0297 3836 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/04 11:51:46.0297 3836 Product type: Workstation
2011/03/04 11:51:46.0297 3836 ComputerName: PC-DE-NICOLAS
2011/03/04 11:51:46.0297 3836 UserName: Nicolas
2011/03/04 11:51:46.0297 3836 Windows directory: C:\Windows
2011/03/04 11:51:46.0297 3836 System windows directory: C:\Windows
2011/03/04 11:51:46.0297 3836 Processor architecture: Intel x86
2011/03/04 11:51:46.0297 3836 Number of processors: 2
2011/03/04 11:51:46.0297 3836 Page size: 0x1000
2011/03/04 11:51:46.0297 3836 Boot type: Normal boot
2011/03/04 11:51:46.0297 3836 ================================================================================
2011/03/04 11:51:49.0105 3836 Initialize success
2011/03/04 11:52:15.0547 0584 ================================================================================
2011/03/04 11:52:15.0547 0584 Scan started
2011/03/04 11:52:15.0547 0584 Mode: Manual;
2011/03/04 11:52:15.0547 0584 ================================================================================
2011/03/04 11:52:15.0953 0584 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/04 11:52:16.0015 0584 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/04 11:52:16.0062 0584 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/04 11:52:16.0093 0584 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/04 11:52:16.0124 0584 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/04 11:52:16.0187 0584 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/04 11:52:16.0280 0584 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/04 11:52:16.0374 0584 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/04 11:52:16.0452 0584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/04 11:52:16.0514 0584 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/04 11:52:16.0561 0584 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/04 11:52:16.0608 0584 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/04 11:52:16.0655 0584 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/04 11:52:16.0686 0584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/04 11:52:16.0748 0584 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/04 11:52:16.0795 0584 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/04 11:52:16.0842 0584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/04 11:52:16.0873 0584 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/04 11:52:16.0936 0584 athr (567e669b3b252e0c07850ef3c3e12254) C:\Windows\system32\DRIVERS\athr.sys
2011/03/04 11:52:17.0045 0584 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/04 11:52:17.0123 0584 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/04 11:52:17.0170 0584 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/04 11:52:17.0232 0584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/04 11:52:17.0326 0584 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/04 11:52:17.0357 0584 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/04 11:52:17.0404 0584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/04 11:52:17.0435 0584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/04 11:52:17.0482 0584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/04 11:52:17.0513 0584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/04 11:52:17.0544 0584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/04 11:52:17.0575 0584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/04 11:52:17.0606 0584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/04 11:52:17.0653 0584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/04 11:52:17.0684 0584 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/04 11:52:17.0716 0584 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/04 11:52:17.0762 0584 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/04 11:52:17.0809 0584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/04 11:52:17.0856 0584 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/04 11:52:17.0872 0584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/04 11:52:17.0903 0584 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/04 11:52:17.0934 0584 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/04 11:52:17.0981 0584 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/04 11:52:18.0043 0584 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/04 11:52:18.0106 0584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/04 11:52:18.0152 0584 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/04 11:52:18.0215 0584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/04 11:52:18.0277 0584 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/04 11:52:18.0355 0584 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/04 11:52:18.0402 0584 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/04 11:52:18.0480 0584 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/04 11:52:18.0511 0584 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/04 11:52:18.0542 0584 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/04 11:52:18.0589 0584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/04 11:52:18.0620 0584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/04 11:52:18.0652 0584 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/04 11:52:18.0683 0584 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/04 11:52:18.0730 0584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/04 11:52:18.0761 0584 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/04 11:52:18.0839 0584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/04 11:52:18.0870 0584 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/04 11:52:18.0917 0584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/04 11:52:18.0948 0584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/04 11:52:18.0995 0584 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/04 11:52:19.0042 0584 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/04 11:52:19.0073 0584 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/03/04 11:52:19.0104 0584 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/04 11:52:19.0135 0584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/04 11:52:19.0166 0584 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/04 11:52:19.0213 0584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/04 11:52:19.0354 0584 IntcAzAudAddService (f4ec36c333ac09011ab1931ce9582c56) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/04 11:52:19.0494 0584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/04 11:52:19.0541 0584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/04 11:52:19.0603 0584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/04 11:52:19.0650 0584 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/04 11:52:19.0681 0584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/04 11:52:19.0728 0584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/04 11:52:19.0759 0584 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/04 11:52:19.0790 0584 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/04 11:52:19.0868 0584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/04 11:52:19.0915 0584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/04 11:52:19.0962 0584 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
2011/03/04 11:52:19.0978 0584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/04 11:52:20.0009 0584 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/04 11:52:20.0071 0584 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/04 11:52:20.0149 0584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/04 11:52:20.0196 0584 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/04 11:52:20.0212 0584 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/04 11:52:20.0258 0584 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/04 11:52:20.0290 0584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/04 11:52:20.0368 0584 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/04 11:52:20.0446 0584 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/04 11:52:20.0524 0584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/04 11:52:20.0555 0584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/04 11:52:20.0586 0584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/04 11:52:20.0602 0584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/04 11:52:20.0633 0584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/04 11:52:20.0664 0584 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/04 11:52:20.0695 0584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/04 11:52:20.0742 0584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/04 11:52:20.0758 0584 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/04 11:52:20.0789 0584 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/04 11:52:20.0804 0584 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/04 11:52:20.0836 0584 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/04 11:52:20.0882 0584 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/04 11:52:20.0914 0584 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/04 11:52:20.0945 0584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/04 11:52:20.0976 0584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/04 11:52:21.0023 0584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/04 11:52:21.0070 0584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/04 11:52:21.0116 0584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/04 11:52:21.0148 0584 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/04 11:52:21.0179 0584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/04 11:52:21.0210 0584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/04 11:52:21.0257 0584 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/04 11:52:21.0319 0584 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/04 11:52:21.0382 0584 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/04 11:52:21.0428 0584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/04 11:52:21.0460 0584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/04 11:52:21.0506 0584 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/04 11:52:21.0538 0584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/04 11:52:21.0569 0584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/04 11:52:21.0616 0584 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/04 11:52:21.0678 0584 netr28 (a0eabf18be01b173648959eba042c7f1) C:\Windows\system32\DRIVERS\netr28.sys
2011/03/04 11:52:21.0725 0584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/04 11:52:21.0740 0584 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/04 11:52:21.0772 0584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/04 11:52:21.0850 0584 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/04 11:52:21.0912 0584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/04 11:52:21.0943 0584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/04 11:52:22.0193 0584 nvlddmkm (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/04 11:52:22.0427 0584 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/04 11:52:22.0489 0584 nvsmu (995da6e252e06a41a6117dd5833429bb) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/03/04 11:52:22.0520 0584 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/04 11:52:22.0552 0584 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/03/04 11:52:22.0598 0584 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/04 11:52:22.0708 0584 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/04 11:52:22.0786 0584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/04 11:52:22.0817 0584 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/04 11:52:22.0848 0584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/04 11:52:22.0879 0584 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/04 11:52:22.0910 0584 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/04 11:52:22.0942 0584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/04 11:52:23.0020 0584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/04 11:52:23.0144 0584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/04 11:52:23.0176 0584 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/03/04 11:52:23.0238 0584 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/04 11:52:23.0300 0584 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/04 11:52:23.0378 0584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/04 11:52:23.0410 0584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/04 11:52:23.0441 0584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/04 11:52:23.0472 0584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/04 11:52:23.0519 0584 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/04 11:52:23.0550 0584 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/04 11:52:23.0581 0584 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/04 11:52:23.0597 0584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/04 11:52:23.0644 0584 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/04 11:52:23.0659 0584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/04 11:52:23.0706 0584 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/04 11:52:23.0768 0584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/04 11:52:23.0846 0584 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/04 11:52:23.0893 0584 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\Windows\system32\DRIVERS\RTL8187Se.sys
2011/03/04 11:52:23.0940 0584 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/04 11:52:23.0971 0584 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/04 11:52:24.0002 0584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/04 11:52:24.0065 0584 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/04 11:52:24.0112 0584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/04 11:52:24.0158 0584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/04 11:52:24.0174 0584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/04 11:52:24.0205 0584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/04 11:52:24.0268 0584 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/04 11:52:24.0346 0584 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/04 11:52:24.0377 0584 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/04 11:52:24.0392 0584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/04 11:52:24.0439 0584 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/04 11:52:24.0455 0584 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/04 11:52:24.0486 0584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/04 11:52:24.0533 0584 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/04 11:52:24.0673 0584 SNP2UVC (8f6838aeebc79e8898c2065d969c47cc) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/04 11:52:24.0782 0584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/04 11:52:24.0876 0584 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/04 11:52:24.0876 0584 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/04 11:52:24.0876 0584 sptd - detected Locked file (1)
2011/03/04 11:52:24.0907 0584 srv (ce5e5d07bcda842d3f417a8333f91440) C:\Windows\system32\DRIVERS\srv.sys
2011/03/04 11:52:24.0938 0584 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/04 11:52:24.0954 0584 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/04 11:52:25.0016 0584 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/04 11:52:25.0063 0584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/04 11:52:25.0110 0584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/04 11:52:25.0219 0584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/04 11:52:25.0250 0584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/04 11:52:25.0360 0584 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/03/04 11:52:25.0438 0584 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/04 11:52:25.0469 0584 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/04 11:52:25.0500 0584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/04 11:52:25.0531 0584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/04 11:52:25.0562 0584 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/04 11:52:25.0578 0584 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/04 11:52:25.0656 0584 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
2011/03/04 11:52:25.0687 0584 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/03/04 11:52:25.0718 0584 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/03/04 11:52:25.0750 0584 Tosrfcom (4579b035ae3ac8044df72621af734894) C:\Windows\system32\Drivers\tosrfcom.sys
2011/03/04 11:52:25.0781 0584 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/03/04 11:52:25.0812 0584 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/03/04 11:52:25.0828 0584 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
2011/03/04 11:52:25.0859 0584 Tosrfusb (f6680c77be134c81cc67f91986022701) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/03/04 11:52:25.0921 0584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/04 11:52:25.0937 0584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/04 11:52:25.0968 0584 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/04 11:52:26.0015 0584 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/04 11:52:26.0046 0584 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/04 11:52:26.0093 0584 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/04 11:52:26.0140 0584 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/04 11:52:26.0171 0584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/04 11:52:26.0218 0584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/04 11:52:26.0249 0584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/04 11:52:26.0311 0584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/04 11:52:26.0342 0584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/04 11:52:26.0374 0584 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/04 11:52:26.0405 0584 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/04 11:52:26.0436 0584 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/04 11:52:26.0483 0584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/04 11:52:26.0530 0584 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/04 11:52:26.0576 0584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/04 11:52:26.0623 0584 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/04 11:52:26.0670 0584 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/04 11:52:26.0701 0584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/04 11:52:26.0732 0584 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/04 11:52:26.0764 0584 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/04 11:52:26.0795 0584 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/04 11:52:26.0826 0584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/04 11:52:26.0842 0584 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/04 11:52:26.0873 0584 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/04 11:52:26.0904 0584 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/04 11:52:26.0951 0584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/04 11:52:26.0982 0584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/04 11:52:26.0998 0584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/04 11:52:27.0044 0584 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/04 11:52:27.0076 0584 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/04 11:52:27.0216 0584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/04 11:52:27.0278 0584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/04 11:52:27.0372 0584 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/04 11:52:27.0388 0584 ================================================================================
2011/03/04 11:52:27.0388 0584 Scan finished
2011/03/04 11:52:27.0388 0584 ================================================================================
2011/03/04 11:52:27.0403 2752 Detected object count: 2
2011/03/04 11:52:50.0866 2752 Locked file(sptd) - User select action: Skip
2011/03/04 11:52:50.0881 2752 \HardDisk0 - will be cured after reboot
2011/03/04 11:52:50.0881 2752 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/04 11:53:18.0259 3724 Deinitialize success

TDSSKiller has found a rootkit on one of my drivers in windows/system32 and cured it. However, as soon as I rebooted my laptop, Windows informed me of the "reinstallation" of a driver for a western digital device.
As I have an external hard drive from WD, do you think it could be infected too?

Have a nice day,

Nico

shelf life

2011-03-05, 01:03

Windows informed me of the "reinstallation" of a driver for a western digital device

This could be because you connected the external drive for the first time? after you reformatted/reinstalled Windows.

do you think it could be infected too?
Its possible.

for now, don't connect the external drive to your laptop.

Please run tdsskiller one more time and post the new log. Are the re-directs gone?

Nicolas01

2011-03-05, 22:17

Second scan done, apparently there is one object found but no infection any more (no reboot required):

2011/03/05 21:14:16.0169 1108 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/05 21:14:16.0824 1108 ================================================================================
2011/03/05 21:14:16.0824 1108 SystemInfo:
2011/03/05 21:14:16.0824 1108
2011/03/05 21:14:16.0824 1108 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/05 21:14:16.0824 1108 Product type: Workstation
2011/03/05 21:14:16.0824 1108 ComputerName: PC-DE-NICOLAS
2011/03/05 21:14:16.0824 1108 UserName: Nicolas
2011/03/05 21:14:16.0824 1108 Windows directory: C:\Windows
2011/03/05 21:14:16.0824 1108 System windows directory: C:\Windows
2011/03/05 21:14:16.0824 1108 Processor architecture: Intel x86
2011/03/05 21:14:16.0824 1108 Number of processors: 2
2011/03/05 21:14:16.0824 1108 Page size: 0x1000
2011/03/05 21:14:16.0824 1108 Boot type: Normal boot
2011/03/05 21:14:16.0824 1108 ================================================================================
2011/03/05 21:14:19.0460 1108 Initialize success
2011/03/05 21:14:30.0412 2732 ================================================================================
2011/03/05 21:14:30.0412 2732 Scan started
2011/03/05 21:14:30.0412 2732 Mode: Manual;
2011/03/05 21:14:30.0412 2732 ================================================================================
2011/03/05 21:14:30.0911 2732 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/05 21:14:31.0051 2732 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/05 21:14:31.0114 2732 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/05 21:14:31.0160 2732 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/05 21:14:31.0348 2732 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/05 21:14:31.0535 2732 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/05 21:14:31.0675 2732 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/05 21:14:31.0722 2732 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/05 21:14:31.0769 2732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/05 21:14:31.0816 2732 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/05 21:14:31.0862 2732 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/05 21:14:31.0894 2732 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/05 21:14:31.0940 2732 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/05 21:14:31.0972 2732 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/05 21:14:32.0034 2732 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/05 21:14:32.0065 2732 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/05 21:14:32.0128 2732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/05 21:14:32.0159 2732 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/05 21:14:32.0237 2732 athr (567e669b3b252e0c07850ef3c3e12254) C:\Windows\system32\DRIVERS\athr.sys
2011/03/05 21:14:32.0299 2732 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/05 21:14:32.0377 2732 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/05 21:14:32.0424 2732 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/05 21:14:32.0518 2732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/05 21:14:32.0580 2732 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/05 21:14:32.0596 2732 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/05 21:14:32.0658 2732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/05 21:14:32.0705 2732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/05 21:14:32.0736 2732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/05 21:14:32.0783 2732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/05 21:14:32.0814 2732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/05 21:14:32.0845 2732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/05 21:14:32.0876 2732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/05 21:14:32.0923 2732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/05 21:14:32.0954 2732 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/05 21:14:32.0986 2732 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/05 21:14:33.0032 2732 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/05 21:14:33.0095 2732 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/05 21:14:33.0110 2732 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/05 21:14:33.0142 2732 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/05 21:14:33.0173 2732 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/05 21:14:33.0204 2732 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/05 21:14:33.0266 2732 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/05 21:14:33.0329 2732 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/05 21:14:33.0391 2732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/05 21:14:33.0438 2732 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/05 21:14:33.0500 2732 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/05 21:14:33.0563 2732 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/05 21:14:33.0641 2732 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/05 21:14:33.0688 2732 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/05 21:14:33.0750 2732 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/05 21:14:33.0766 2732 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/05 21:14:33.0797 2732 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/05 21:14:33.0859 2732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/05 21:14:33.0890 2732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/05 21:14:33.0922 2732 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/05 21:14:33.0968 2732 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/05 21:14:34.0015 2732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/05 21:14:34.0046 2732 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/05 21:14:34.0109 2732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/05 21:14:34.0156 2732 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/05 21:14:34.0187 2732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/05 21:14:34.0202 2732 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/05 21:14:34.0249 2732 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/05 21:14:34.0280 2732 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/05 21:14:34.0312 2732 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/03/05 21:14:34.0343 2732 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/05 21:14:34.0374 2732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/05 21:14:34.0421 2732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/05 21:14:34.0452 2732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/05 21:14:34.0561 2732 IntcAzAudAddService (f4ec36c333ac09011ab1931ce9582c56) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/05 21:14:34.0624 2732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/05 21:14:34.0639 2732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/05 21:14:34.0702 2732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/05 21:14:34.0748 2732 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/05 21:14:34.0780 2732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/05 21:14:34.0826 2732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/05 21:14:34.0858 2732 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/05 21:14:34.0889 2732 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/05 21:14:34.0936 2732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/05 21:14:34.0967 2732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/05 21:14:35.0014 2732 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
2011/03/05 21:14:35.0060 2732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/05 21:14:35.0107 2732 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/05 21:14:35.0154 2732 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/05 21:14:35.0201 2732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/05 21:14:35.0263 2732 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/05 21:14:35.0279 2732 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/05 21:14:35.0310 2732 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/05 21:14:35.0341 2732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/05 21:14:35.0388 2732 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/05 21:14:35.0419 2732 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/05 21:14:35.0497 2732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/05 21:14:35.0528 2732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/05 21:14:35.0560 2732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/05 21:14:35.0591 2732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/05 21:14:35.0622 2732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/05 21:14:35.0653 2732 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/05 21:14:35.0700 2732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/05 21:14:35.0747 2732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/05 21:14:35.0762 2732 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/05 21:14:35.0794 2732 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/05 21:14:35.0809 2732 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/05 21:14:35.0840 2732 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/05 21:14:35.0872 2732 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/05 21:14:35.0903 2732 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/05 21:14:35.0950 2732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/05 21:14:35.0981 2732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/05 21:14:36.0043 2732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/05 21:14:36.0074 2732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/05 21:14:36.0121 2732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/05 21:14:36.0152 2732 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/05 21:14:36.0199 2732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/05 21:14:36.0340 2732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/05 21:14:36.0464 2732 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/05 21:14:36.0542 2732 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/05 21:14:36.0620 2732 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/05 21:14:36.0667 2732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/05 21:14:36.0698 2732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/05 21:14:36.0761 2732 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/05 21:14:36.0792 2732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/05 21:14:36.0839 2732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/05 21:14:36.0964 2732 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/05 21:14:37.0057 2732 netr28 (a0eabf18be01b173648959eba042c7f1) C:\Windows\system32\DRIVERS\netr28.sys
2011/03/05 21:14:37.0104 2732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/05 21:14:37.0135 2732 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/05 21:14:37.0166 2732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/05 21:14:37.0229 2732 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/05 21:14:37.0276 2732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/05 21:14:37.0307 2732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/05 21:14:37.0666 2732 nvlddmkm (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/05 21:14:37.0978 2732 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/05 21:14:38.0040 2732 nvsmu (995da6e252e06a41a6117dd5833429bb) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/03/05 21:14:38.0087 2732 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/05 21:14:38.0165 2732 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/03/05 21:14:38.0305 2732 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/05 21:14:38.0524 2732 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/05 21:14:38.0602 2732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/05 21:14:38.0648 2732 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/05 21:14:38.0695 2732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/05 21:14:38.0726 2732 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/05 21:14:38.0867 2732 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/05 21:14:38.0945 2732 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/05 21:14:39.0023 2732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/05 21:14:39.0288 2732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/05 21:14:39.0475 2732 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/03/05 21:14:39.0631 2732 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/05 21:14:39.0725 2732 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/05 21:14:39.0803 2732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/05 21:14:39.0865 2732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/05 21:14:40.0021 2732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/05 21:14:40.0255 2732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/05 21:14:40.0318 2732 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/05 21:14:40.0364 2732 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/05 21:14:40.0458 2732 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/05 21:14:40.0489 2732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/05 21:14:40.0567 2732 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/05 21:14:40.0630 2732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/05 21:14:40.0723 2732 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/05 21:14:40.0817 2732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/05 21:14:40.0864 2732 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/05 21:14:40.0926 2732 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\Windows\system32\DRIVERS\RTL8187Se.sys
2011/03/05 21:14:40.0988 2732 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/05 21:14:41.0035 2732 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/05 21:14:41.0191 2732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/05 21:14:41.0332 2732 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/05 21:14:41.0425 2732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/05 21:14:41.0612 2732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/05 21:14:41.0675 2732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/05 21:14:41.0737 2732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/05 21:14:41.0893 2732 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/05 21:14:42.0034 2732 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/05 21:14:42.0080 2732 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/05 21:14:42.0112 2732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/05 21:14:42.0174 2732 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/05 21:14:42.0205 2732 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/05 21:14:42.0236 2732 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/05 21:14:42.0283 2732 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/05 21:14:42.0424 2732 SNP2UVC (8f6838aeebc79e8898c2065d969c47cc) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/05 21:14:42.0502 2732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/05 21:14:42.0580 2732 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/05 21:14:42.0580 2732 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/05 21:14:42.0595 2732 sptd - detected Locked file (1)
2011/03/05 21:14:42.0611 2732 srv (ce5e5d07bcda842d3f417a8333f91440) C:\Windows\system32\DRIVERS\srv.sys
2011/03/05 21:14:42.0642 2732 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/05 21:14:42.0673 2732 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/05 21:14:42.0704 2732 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/05 21:14:42.0767 2732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/05 21:14:42.0798 2732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/05 21:14:42.0892 2732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/05 21:14:42.0907 2732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/05 21:14:43.0001 2732 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/03/05 21:14:43.0048 2732 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/05 21:14:43.0079 2732 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/05 21:14:43.0110 2732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/05 21:14:43.0141 2732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/05 21:14:43.0172 2732 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/05 21:14:43.0204 2732 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/05 21:14:43.0266 2732 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
2011/03/05 21:14:43.0297 2732 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/03/05 21:14:43.0328 2732 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/03/05 21:14:43.0360 2732 Tosrfcom (4579b035ae3ac8044df72621af734894) C:\Windows\system32\Drivers\tosrfcom.sys
2011/03/05 21:14:43.0391 2732 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/03/05 21:14:43.0422 2732 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/03/05 21:14:43.0438 2732 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
2011/03/05 21:14:43.0469 2732 Tosrfusb (f6680c77be134c81cc67f91986022701) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/03/05 21:14:43.0531 2732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/05 21:14:43.0562 2732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/05 21:14:43.0578 2732 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/05 21:14:43.0609 2732 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/05 21:14:43.0656 2732 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/05 21:14:43.0703 2732 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/05 21:14:43.0750 2732 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/05 21:14:43.0781 2732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/05 21:14:43.0812 2732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/05 21:14:43.0843 2732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/05 21:14:43.0890 2732 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/05 21:14:43.0906 2732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/05 21:14:43.0952 2732 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/05 21:14:43.0968 2732 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/05 21:14:43.0999 2732 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/05 21:14:44.0030 2732 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/05 21:14:44.0062 2732 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/05 21:14:44.0093 2732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/05 21:14:44.0124 2732 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/05 21:14:44.0171 2732 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/05 21:14:44.0202 2732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/05 21:14:44.0249 2732 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/05 21:14:44.0264 2732 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/05 21:14:44.0296 2732 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/05 21:14:44.0327 2732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/05 21:14:44.0358 2732 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/05 21:14:44.0374 2732 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/05 21:14:44.0420 2732 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/05 21:14:44.0467 2732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/05 21:14:44.0498 2732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 21:14:44.0514 2732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 21:14:44.0561 2732 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/05 21:14:44.0592 2732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/05 21:14:44.0717 2732 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/05 21:14:44.0779 2732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/05 21:14:44.0873 2732 ================================================================================
2011/03/05 21:14:44.0873 2732 Scan finished
2011/03/05 21:14:44.0873 2732 ================================================================================
2011/03/05 21:14:44.0888 2848 Detected object count: 1
2011/03/05 21:14:56.0510 2848 Locked file(sptd) - User select action: Skip
2011/03/05 21:15:06.0588 0676 ================================================================================
2011/03/05 21:15:06.0588 0676 Scan started
2011/03/05 21:15:06.0588 0676 Mode: Manual;
2011/03/05 21:15:06.0588 0676 ================================================================================
2011/03/05 21:15:07.0040 0676 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/05 21:15:07.0118 0676 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/05 21:15:07.0165 0676 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/05 21:15:07.0196 0676 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/05 21:15:07.0228 0676 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/05 21:15:07.0306 0676 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/05 21:15:07.0384 0676 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/05 21:15:07.0415 0676 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/05 21:15:07.0446 0676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/05 21:15:07.0493 0676 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/05 21:15:07.0524 0676 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/05 21:15:07.0555 0676 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/05 21:15:07.0586 0676 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/05 21:15:07.0618 0676 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/05 21:15:07.0680 0676 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/05 21:15:07.0711 0676 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/05 21:15:07.0742 0676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/05 21:15:07.0774 0676 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/05 21:15:07.0820 0676 athr (567e669b3b252e0c07850ef3c3e12254) C:\Windows\system32\DRIVERS\athr.sys
2011/03/05 21:15:07.0883 0676 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/05 21:15:07.0898 0676 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/03/05 21:15:07.0930 0676 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/03/05 21:15:07.0961 0676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/05 21:15:08.0008 0676 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/05 21:15:08.0023 0676 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/05 21:15:08.0054 0676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/05 21:15:08.0086 0676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/05 21:15:08.0132 0676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/05 21:15:08.0164 0676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/05 21:15:08.0179 0676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/05 21:15:08.0210 0676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/05 21:15:08.0242 0676 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/05 21:15:08.0273 0676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/05 21:15:08.0304 0676 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/05 21:15:08.0351 0676 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/05 21:15:08.0413 0676 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/05 21:15:08.0460 0676 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/05 21:15:08.0491 0676 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/05 21:15:08.0538 0676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/05 21:15:08.0554 0676 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/05 21:15:08.0585 0676 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/05 21:15:08.0632 0676 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/05 21:15:08.0678 0676 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/05 21:15:08.0741 0676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/05 21:15:08.0772 0676 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/05 21:15:08.0819 0676 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/05 21:15:08.0850 0676 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/05 21:15:08.0912 0676 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/05 21:15:08.0959 0676 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/05 21:15:09.0022 0676 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/05 21:15:09.0037 0676 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/05 21:15:09.0084 0676 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/05 21:15:09.0131 0676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/05 21:15:09.0162 0676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/05 21:15:09.0193 0676 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/05 21:15:09.0224 0676 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/05 21:15:09.0256 0676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/05 21:15:09.0287 0676 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/05 21:15:09.0334 0676 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/05 21:15:09.0380 0676 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/05 21:15:09.0412 0676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/05 21:15:09.0427 0676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/05 21:15:09.0474 0676 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/05 21:15:09.0505 0676 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/05 21:15:09.0552 0676 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/03/05 21:15:09.0583 0676 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/05 21:15:09.0599 0676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/05 21:15:09.0646 0676 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/05 21:15:09.0677 0676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/05 21:15:09.0786 0676 IntcAzAudAddService (f4ec36c333ac09011ab1931ce9582c56) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/05 21:15:09.0833 0676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/05 21:15:09.0864 0676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/05 21:15:09.0895 0676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/05 21:15:09.0958 0676 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/05 21:15:09.0973 0676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/05 21:15:10.0004 0676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/05 21:15:10.0020 0676 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/05 21:15:10.0067 0676 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/05 21:15:10.0098 0676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/05 21:15:10.0145 0676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/05 21:15:10.0176 0676 JMCR (a69a1b991824b98f744913555f665893) C:\Windows\system32\DRIVERS\jmcr.sys
2011/03/05 21:15:10.0207 0676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/05 21:15:10.0238 0676 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/05 21:15:10.0285 0676 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/05 21:15:10.0348 0676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/05 21:15:10.0394 0676 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/05 21:15:10.0410 0676 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/05 21:15:10.0457 0676 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/05 21:15:10.0488 0676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/05 21:15:10.0519 0676 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/05 21:15:10.0550 0676 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/05 21:15:10.0597 0676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/05 21:15:10.0628 0676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/05 21:15:10.0660 0676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/05 21:15:10.0675 0676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/05 21:15:10.0706 0676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/05 21:15:10.0738 0676 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/05 21:15:10.0769 0676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/05 21:15:10.0816 0676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/05 21:15:10.0831 0676 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/05 21:15:10.0878 0676 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/05 21:15:10.0894 0676 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/05 21:15:10.0925 0676 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/05 21:15:10.0972 0676 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/05 21:15:11.0003 0676 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/05 21:15:11.0050 0676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/05 21:15:11.0081 0676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/05 21:15:11.0143 0676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/05 21:15:11.0174 0676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/05 21:15:11.0221 0676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/05 21:15:11.0252 0676 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/05 21:15:11.0284 0676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/05 21:15:11.0299 0676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/05 21:15:11.0330 0676 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/05 21:15:11.0377 0676 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/05 21:15:11.0424 0676 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/05 21:15:11.0455 0676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/05 21:15:11.0471 0676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/05 21:15:11.0502 0676 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/05 21:15:11.0518 0676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/05 21:15:11.0533 0676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/05 21:15:11.0580 0676 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/05 21:15:11.0642 0676 netr28 (a0eabf18be01b173648959eba042c7f1) C:\Windows\system32\DRIVERS\netr28.sys
2011/03/05 21:15:11.0689 0676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/05 21:15:11.0705 0676 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/05 21:15:11.0752 0676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/05 21:15:11.0830 0676 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/05 21:15:11.0861 0676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/05 21:15:11.0876 0676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/05 21:15:12.0110 0676 nvlddmkm (cb0d6f8f65b8766ff2aaaa78881fd9f8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/05 21:15:12.0204 0676 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/05 21:15:12.0251 0676 nvsmu (995da6e252e06a41a6117dd5833429bb) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/03/05 21:15:12.0282 0676 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/05 21:15:12.0329 0676 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/03/05 21:15:12.0360 0676 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/05 21:15:12.0454 0676 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/05 21:15:12.0516 0676 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/05 21:15:12.0532 0676 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/05 21:15:12.0563 0676 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/05 21:15:12.0594 0676 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/05 21:15:12.0625 0676 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/05 21:15:12.0656 0676 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/05 21:15:12.0719 0676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/05 21:15:12.0828 0676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/05 21:15:12.0859 0676 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/03/05 21:15:12.0906 0676 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/05 21:15:12.0953 0676 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/05 21:15:13.0000 0676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/05 21:15:13.0031 0676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/05 21:15:13.0062 0676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/05 21:15:13.0109 0676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/05 21:15:13.0140 0676 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/05 21:15:13.0156 0676 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/05 21:15:13.0202 0676 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/05 21:15:13.0234 0676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/05 21:15:13.0296 0676 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/05 21:15:13.0312 0676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/05 21:15:13.0358 0676 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/05 21:15:13.0421 0676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/05 21:15:13.0468 0676 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/05 21:15:13.0514 0676 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\Windows\system32\DRIVERS\RTL8187Se.sys
2011/03/05 21:15:13.0561 0676 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/05 21:15:13.0592 0676 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/05 21:15:13.0624 0676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/05 21:15:13.0670 0676 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/05 21:15:13.0717 0676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/05 21:15:13.0780 0676 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/05 21:15:13.0795 0676 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/05 21:15:13.0826 0676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/05 21:15:13.0873 0676 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/05 21:15:13.0904 0676 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/05 21:15:13.0936 0676 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/05 21:15:13.0967 0676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/05 21:15:14.0014 0676 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/05 21:15:14.0060 0676 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/05 21:15:14.0092 0676 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/05 21:15:14.0138 0676 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/05 21:15:14.0248 0676 SNP2UVC (8f6838aeebc79e8898c2065d969c47cc) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/05 21:15:14.0294 0676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/05 21:15:14.0372 0676 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/03/05 21:15:14.0372 0676 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/03/05 21:15:14.0372 0676 sptd - detected Locked file (1)
2011/03/05 21:15:14.0404 0676 srv (ce5e5d07bcda842d3f417a8333f91440) C:\Windows\system32\DRIVERS\srv.sys
2011/03/05 21:15:14.0419 0676 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/05 21:15:14.0450 0676 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/05 21:15:14.0482 0676 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/03/05 21:15:14.0528 0676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/05 21:15:14.0560 0676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/05 21:15:14.0638 0676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/05 21:15:14.0653 0676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/05 21:15:14.0731 0676 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/03/05 21:15:14.0794 0676 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/05 21:15:14.0825 0676 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/05 21:15:14.0856 0676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/05 21:15:14.0887 0676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/05 21:15:14.0918 0676 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/05 21:15:14.0965 0676 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/05 21:15:15.0028 0676 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
2011/03/05 21:15:15.0059 0676 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/03/05 21:15:15.0090 0676 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/03/05 21:15:15.0121 0676 Tosrfcom (4579b035ae3ac8044df72621af734894) C:\Windows\system32\Drivers\tosrfcom.sys
2011/03/05 21:15:15.0152 0676 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/03/05 21:15:15.0168 0676 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/03/05 21:15:15.0215 0676 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
2011/03/05 21:15:15.0230 0676 Tosrfusb (f6680c77be134c81cc67f91986022701) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/03/05 21:15:15.0277 0676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/05 21:15:15.0324 0676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/05 21:15:15.0340 0676 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/05 21:15:15.0386 0676 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/05 21:15:15.0418 0676 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/05 21:15:15.0464 0676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/05 21:15:15.0496 0676 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/05 21:15:15.0527 0676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/05 21:15:15.0558 0676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/05 21:15:15.0589 0676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/05 21:15:15.0652 0676 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/05 21:15:15.0683 0676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/05 21:15:15.0714 0676 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/05 21:15:15.0745 0676 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/05 21:15:15.0776 0676 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/05 21:15:15.0808 0676 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/05 21:15:15.0854 0676 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/05 21:15:15.0886 0676 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/05 21:15:15.0917 0676 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/05 21:15:15.0948 0676 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/05 21:15:15.0979 0676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/05 21:15:16.0010 0676 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/05 21:15:16.0042 0676 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/05 21:15:16.0073 0676 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/05 21:15:16.0104 0676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/05 21:15:16.0135 0676 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/05 21:15:16.0151 0676 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/05 21:15:16.0182 0676 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/05 21:15:16.0229 0676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/05 21:15:16.0260 0676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 21:15:16.0276 0676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/05 21:15:16.0322 0676 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/05 21:15:16.0354 0676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/05 21:15:16.0572 0676 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/05 21:15:16.0619 0676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/05 21:15:16.0759 0676 ================================================================================
2011/03/05 21:15:16.0759 0676 Scan finished
2011/03/05 21:15:16.0759 0676 ================================================================================
2011/03/05 21:15:16.0775 3696 Detected object count: 1
2011/03/05 21:15:19.0630 3696 Locked file(sptd) - User select action: Skip

thank you !

shelf life

2011-03-06, 03:50

ok good. We will get one more download to use. Its called combofix. There is a guide to read first before you use it. Read through the guide then apply the directions on your own machine. Post the combofix log in your reply:

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Nicolas01

2011-03-08, 00:24

Hi Shelf Life,

The combo fix analysis done perfectly, here is the log:

ComboFix 11-03-07.02 - Nicolas 07/03/2011 23:02:02.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2085 [GMT 1:00]
Lancé depuis: c:\users\Nicolas\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nicolas\Documents\cc_20110306_170138.reg
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-07 au 2011-03-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-07 21:54 . 2011-03-07 21:54 -------- d-----w- c:\program files\Alex Feinman
2011-03-07 21:39 . 2004-03-08 20:00 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-03-07 21:39 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-03-07 21:39 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-03-07 21:39 . 2000-05-22 12:58 115920 ----a-w- c:\windows\system32\msinet.OCX
2011-03-07 21:39 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-03-07 21:39 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2011-03-07 21:39 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-03-07 21:39 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\windows\it-IT
2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\windows\system32\drivers\it-IT
2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\windows\system32\0410
2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\windows\system32\it
2011-03-06 16:02 . 2011-02-23 08:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F73B0877-7293-4E45-99DF-94E6710F6313}\mpengine.dll
2011-03-06 16:02 . 2011-02-02 16:11 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-03-06 13:42 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-05 21:30 . 2011-03-05 21:30 -------- d-----w- c:\program files\Ad-Remover
2011-03-04 19:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-03-04 19:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-03-04 19:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-03-04 19:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-04 19:24 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-03-04 19:24 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-03-04 19:24 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-03-04 19:24 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-04 19:24 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-04 10:32 . 2011-03-04 10:32 -------- d-----w- C:\rsit
2011-03-04 10:32 . 2011-03-04 10:32 -------- d-----w- c:\program files\trend micro
2011-03-03 19:11 . 2011-03-03 19:11 -------- d-----w- c:\program files\Microsoft Works
2011-03-03 19:09 . 2011-03-03 19:09 -------- d-----w- c:\windows\PCHEALTH
2011-03-03 19:09 . 2011-03-03 19:09 -------- d-----w- c:\program files\Microsoft.NET
2011-03-03 19:07 . 2011-03-03 19:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-03 19:05 . 2011-03-03 19:05 -------- d-----r- C:\MSOCache
2011-03-03 18:37 . 2011-03-03 18:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-03 18:37 . 2011-03-03 18:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-03 18:36 . 2011-03-03 18:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-03-03 18:09 . 2011-03-03 18:09 -------- d-----w- c:\program files\Google
2011-03-02 21:12 . 2011-03-02 21:12 -------- d-----w- c:\program files\Common Files\Skype
2011-03-02 21:12 . 2011-03-06 16:02 -------- d-----r- c:\program files\Skype
2011-03-02 21:12 . 2011-03-02 21:12 -------- d-----w- c:\programdata\Skype
2011-03-02 18:47 . 2011-03-02 18:47 222208 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\icyxg.exe
2011-03-01 20:35 . 2011-03-01 20:35 -------- d-----w- c:\program files\Foxit Software
2011-03-01 15:00 . 2011-03-01 15:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-01 14:59 . 2011-03-01 15:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-01 14:46 . 2011-03-01 14:46 -------- d-----w- c:\program files\Auslogics
2011-03-01 14:34 . 2011-03-01 14:34 -------- d-----w- c:\users\Visiteur
2011-03-01 12:55 . 2011-03-01 12:55 -------- d-----w- c:\program files\CCleaner
2011-02-28 23:27 . 2011-03-01 00:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-28 23:26 . 2011-02-28 23:26 -------- d-----w- c:\program files\Lavasoft
2011-02-28 23:11 . 2011-03-01 00:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-28 23:11 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-28 23:11 . 2011-02-28 23:11 -------- d-----w- c:\programdata\Avira
2011-02-28 23:11 . 2011-02-28 23:11 -------- d-----w- c:\program files\Avira
2011-02-28 23:09 . 2011-03-07 21:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-28 23:09 . 2011-03-01 00:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-28 23:09 . 2011-02-28 23:09 -------- d-----w- c:\programdata\Malwarebytes
2011-02-28 23:09 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 23:08 . 2011-02-28 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 23:08 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 22:53 . 2011-02-28 22:53 -------- d-----w- c:\users\Nicolas
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-19 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-11-12 708608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
icyxg.exe [2011-3-2 222208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^restart.cmd]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\restart.cmd
backup=c:\windows\pss\restart.cmd.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-03 691696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-01 108289]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-11-05 159744]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-09-25 436224]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 18:09]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 18:09]
.
.
------- Examen supplémentaire -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\ehg1a77b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-07 23:08
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\windows\TEMP\TMP000000935DF2016BA8D2A4D8 524288 bytes
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2011-03-07 23:10:43
ComboFix-quarantined-files.txt 2011-03-07 22:10
.
Avant-CF: 20*372*656*128 octets libres
Après-CF: 20*442*107*904 octets libres
.
- - End Of File - - 1DF7D9D25EBE12DEE5BD914A2B72BAD1

I notice that it's sometimes in French, I hope it's not a problem for you !

Thank you again !

Nico

shelf life

2011-03-08, 03:15

hi Nico,

Thanks for the info. All looks good. I took French as a foreign language in school, a long time ago. I dont think you can get tdsskiller or combofix to scan a external drive. For now please rerun DDS on your machine and post the new log.

Nicolas01

2011-03-08, 21:49

Hi Shelf Life,

Here is the DDL Log + attach :

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nicolas at 21:43:08,90 on 08/03/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2026 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicolas\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Désactivation du cookie publicitaire: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nicolas\appdata\roaming\mozilla\firefox\profiles\ehg1a77b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-1 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-1 56816]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-2-18 159744]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-25 97536]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-12-25 436224]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]
.
=============== Created Last 30 ================
.
2011-03-07 22:10:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-07 22:10:45 -------- d-----w- c:\users\nicolas\appdata\local\temp
2011-03-07 22:00:54 98816 ----a-w- c:\windows\sed.exe
2011-03-07 22:00:54 89088 ----a-w- c:\windows\MBR.exe
2011-03-07 22:00:54 256512 ----a-w- c:\windows\PEV.exe
2011-03-07 22:00:54 161792 ----a-w- c:\windows\SWREG.exe
2011-03-07 22:00:43 -------- d-----w- C:\ComboFix
2011-03-07 21:54:53 -------- d-----w- c:\program files\Alex Feinman
2011-03-07 21:39:57 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-03-07 21:39:57 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-03-07 21:39:57 15360 ----a-w- c:\windows\system32\inetfr.DLL
2011-03-07 21:39:57 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-03-07 21:39:57 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-03-07 21:39:57 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-03-07 21:39:57 115920 ----a-w- c:\windows\system32\msinet.OCX
2011-03-07 21:39:57 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-03-07 21:39:56 -------- d-----w- c:\users\nicolas\appdata\roaming\FreeBurner
2011-03-06 16:02:05 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-06 16:02:01 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f73b0877-7293-4e45-99df-94e6710f6313}\mpengine.dll
2011-03-06 16:02:01 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-03-06 13:42:15 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-05 21:30:24 -------- d-----w- c:\program files\Ad-Remover
2011-03-04 19:24:59 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-04 19:24:50 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-03-04 19:24:48 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-04 19:24:48 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-04 10:32:26 -------- d-----w- c:\program files\trend micro
2011-03-03 19:09:59 -------- d-----w- c:\windows\PCHEALTH
2011-03-03 19:07:18 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-03 19:06:01 -------- d-----w- c:\users\nicolas\appdata\local\Microsoft Help
2011-03-03 18:37:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-03 18:37:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-03 18:36:49 -------- d-----w- c:\users\nicolas\appdata\roaming\DAEMON Tools Lite
2011-03-03 18:36:33 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2011-03-03 18:09:18 -------- d-----w- c:\users\nicolas\appdata\local\Google
2011-03-02 21:12:54 -------- d-----r- c:\program files\Skype
2011-03-02 18:47:59 -------- d-----w- c:\users\nicolas\appdata\roaming\Imuwta
2011-03-01 20:48:11 -------- d-----w- c:\users\nicolas\appdata\roaming\Foxit Software
2011-03-01 20:35:47 -------- d-----w- c:\program files\Foxit Software
2011-03-01 20:20:22 -------- d-----w- c:\users\nicolas\appdata\roaming\Auslogics
2011-03-01 15:00:31 -------- d-----w- c:\users\nicolas\appdata\roaming\SUPERAntiSpyware.com
2011-03-01 15:00:31 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-01 14:59:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-01 14:47:48 -------- d-----w- c:\users\nicolas\appdata\roaming\Uniblue
2011-03-01 14:46:27 -------- d-----w- c:\program files\Auslogics
2011-03-01 12:59:46 -------- d-----w- c:\users\nicolas\appdata\local\Mozilla
2011-03-01 12:55:47 -------- d-----w- c:\program files\CCleaner
2011-02-28 23:26:33 -------- d-----w- c:\program files\Lavasoft
2011-02-28 23:11:42 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-28 23:11:41 -------- d-----w- c:\program files\Avira
2011-02-28 23:11:41 -------- d-----w- c:\progra~2\Avira
2011-02-28 23:09:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-28 23:09:59 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-28 23:09:06 -------- d-----w- c:\users\nicolas\appdata\roaming\Malwarebytes
2011-02-28 23:09:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 23:09:01 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-28 23:08:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 23:08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 22:58:43 -------- d-----w- c:\windows\pss
2011-02-28 22:54:48 -------- d-----w- c:\users\nicolas\appdata\local\Toshiba
2011-02-28 22:54:18 -------- d-----w- c:\users\nicolas\appdata\local\Adobe
.
==================== Find3M ====================
.
.
============= FINISH: 21:44:00,04 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/03/2011 08:43:28
System Uptime: 08/03/2011 20:23:55 (1 hours ago)
.
Motherboard: MSI | | MS-1672
Processor: AMD Athlon(tm) X2 Dual-Core QL-62 | CPU 1 | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 44 GiB total, 19,637 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0,879 GiB free.
E: is FIXED (NTFS) - 246 GiB total, 45,371 GiB free.
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Ad-Remover par C_XX
Adobe Flash Player 10 Plugin
Agere Systems HDA Modem
Auslogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
BurnRecovery
CCleaner
Foxit Reader
Google Désactivation du cookie publicitaire
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ISO Recorder
JMicron JMB38X Flash Media Controller
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office O MUI (French) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office X MUI (French) 2007
Mozilla Firefox (3.6.14)
MSI Software Install
NVIDIA Drivers
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 5.1
Spybot - Search & Destroy
SUPERAntiSpyware
System Control Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB 2.0 Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinRAR archiver
.
==== End Of File ===========================

Merci beaucoup !

shelf life

2011-03-09, 23:18

hi,

ok good.

Since your machine appears to be malware free, now is the time to make a backup/restore CD like you did before. the first disk you made you may as well use as a coaster for your drinks. When you burn the new disk, chose a slow burn like 4X, if you have that option. I would burn two copies also. A slow burn is much safer for software transfers.

Your external drive we can assume may be infected. The problem with this is:
1) if you attach it via USB the malware may auto run/install to your clean computer. We can fix this. Not all malware will do this though.

2) Some malware tools wont scan a external drive. Iam pretty sure Malwarebytes, Spybot and your AV will scan your external drive

So in order to prevent a auto run you can use this utility:
here. (http://research.pandasecurity.com/panda-usb-and-autorun-vaccine/)
Even though i think that a fix (disable auto-run) for this was pushed out via a Windows update at some point, not sure about that. Use the Panda tool. Wont hurt.
After you run the Panda tool you should be able to attach the external drive and use what you can to scan it. Or you could attach it and then reformat it.
Of course you would lose everything thats on the drive. Up to you what you want to do.

Nicolas01

2011-03-10, 21:03

Hi shelf life,

Sorry I am a little slow to post the awnser, I'm quite busy these days.

Here is the DDS Log :

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nicolas at 19:58:04,85 on 10/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2077 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicolas\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Désactivation du cookie publicitaire: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\nicolas\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nicolas\appdata\roaming\mozilla\firefox\profiles\ehg1a77b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-1 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-1 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-1 61960]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-2-18 159744]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-25 97536]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-12-25 436224]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]
.
=============== Created Last 30 ================
.
2011-03-10 13:52:23 -------- d-----w- C:\UsbFix
2011-03-10 13:30:31 -------- d-----w- c:\progra~2\open-config
2011-03-10 13:22:29 -------- d--h--w- C:\bdtmp
2011-03-09 13:56:52 -------- d-----w- c:\program files\ESET
2011-03-09 13:36:56 -------- d-----w- c:\users\nicolas\appdata\roaming\Avira
2011-03-09 13:30:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-09 13:29:58 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-09 13:29:35 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 21:21:27 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-08 21:21:26 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-08 21:21:26 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-08 20:54:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-08 20:52:53 72704 ----a-w- c:\windows\system32\admparse.dll
2011-03-08 20:50:00 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5eaa7c66-804f-442f-af73-c77fc7ef84cf}\mpengine.dll
2011-03-07 22:10:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-07 22:10:45 -------- d-----w- c:\users\nicolas\appdata\local\temp
2011-03-07 22:00:54 98816 ----a-w- c:\windows\sed.exe
2011-03-07 22:00:54 89088 ----a-w- c:\windows\MBR.exe
2011-03-07 22:00:54 256512 ----a-w- c:\windows\PEV.exe
2011-03-07 22:00:54 161792 ----a-w- c:\windows\SWREG.exe
2011-03-07 22:00:43 -------- d-----w- C:\ComboFix
2011-03-07 21:54:53 -------- d-----w- c:\program files\Alex Feinman
2011-03-07 21:39:57 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2011-03-07 21:39:57 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2011-03-07 21:39:57 15360 ----a-w- c:\windows\system32\inetfr.DLL
2011-03-07 21:39:57 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-03-07 21:39:57 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2011-03-07 21:39:57 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2011-03-07 21:39:57 115920 ----a-w- c:\windows\system32\msinet.OCX
2011-03-07 21:39:57 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2011-03-07 21:39:56 -------- d-----w- c:\users\nicolas\appdata\roaming\FreeBurner
2011-03-06 16:02:05 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-03-06 16:02:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-06 13:44:43 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-03-06 13:44:42 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-06 13:42:55 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-06 13:42:20 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-03-06 13:42:19 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-06 13:42:15 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-06 13:42:02 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-06 13:42:02 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-06 13:42:01 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-06 13:29:14 1645568 ----a-w- c:\windows\system32\connect.dll
2011-03-06 13:29:09 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-03-05 23:23:18 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-05 23:23:17 125952 ----a-w- c:\windows\system32\wersvc.dll
2011-03-05 23:23:10 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-03-05 23:21:43 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-05 23:21:01 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-03-05 23:19:14 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-03-05 23:19:14 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-03-05 23:19:12 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-03-05 23:19:12 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-03-05 23:19:12 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-03-05 23:19:12 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2011-03-05 23:19:12 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2011-03-05 21:30:24 -------- d-----w- c:\program files\Ad-Remover
2011-03-04 19:24:59 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-03-04 19:24:50 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-03-04 19:24:48 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-03-04 19:24:48 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-03-04 10:32:26 -------- d-----w- c:\program files\trend micro
2011-03-03 19:09:59 -------- d-----w- c:\windows\PCHEALTH
2011-03-03 19:07:18 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-03-03 19:06:01 -------- d-----w- c:\users\nicolas\appdata\local\Microsoft Help
2011-03-03 18:37:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-03 18:37:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-03-03 18:36:49 -------- d-----w- c:\users\nicolas\appdata\roaming\DAEMON Tools Lite
2011-03-03 18:36:33 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2011-03-03 18:09:18 -------- d-----w- c:\users\nicolas\appdata\local\Google
2011-03-02 21:12:54 -------- d-----r- c:\program files\Skype
2011-03-02 18:47:59 -------- d-----w- c:\users\nicolas\appdata\roaming\Imuwta
2011-03-01 20:48:11 -------- d-----w- c:\users\nicolas\appdata\roaming\Foxit Software
2011-03-01 20:35:47 -------- d-----w- c:\program files\Foxit Software
2011-03-01 20:20:22 -------- d-----w- c:\users\nicolas\appdata\roaming\Auslogics
2011-03-01 15:00:31 -------- d-----w- c:\users\nicolas\appdata\roaming\SUPERAntiSpyware.com
2011-03-01 15:00:31 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-01 14:59:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-01 14:47:48 -------- d-----w- c:\users\nicolas\appdata\roaming\Uniblue
2011-03-01 14:46:27 -------- d-----w- c:\program files\Auslogics
2011-03-01 12:59:46 -------- d-----w- c:\users\nicolas\appdata\local\Mozilla
2011-03-01 12:55:47 -------- d-----w- c:\program files\CCleaner
2011-02-28 23:26:33 -------- d-----w- c:\program files\Lavasoft
2011-02-28 23:11:42 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-28 23:11:41 -------- d-----w- c:\program files\Avira
2011-02-28 23:11:41 -------- d-----w- c:\progra~2\Avira
2011-02-28 23:09:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-28 23:09:59 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-02-28 23:09:06 -------- d-----w- c:\users\nicolas\appdata\roaming\Malwarebytes
2011-02-28 23:09:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-28 23:09:01 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-28 23:08:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-28 23:08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-28 22:58:43 -------- d-----w- c:\windows\pss
2011-02-28 22:54:48 -------- d-----w- c:\users\nicolas\appdata\local\Toshiba
2011-02-28 22:54:18 -------- d-----w- c:\users\nicolas\appdata\local\Adobe
.
==================== Find3M ====================
.
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
============= FINISH: 19:59:10,14 ===============

And the Attached Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/03/2011 08:43:28
System Uptime: 10/03/2011 17:43:47 (2 hours ago)
.
Motherboard: MSI | | MS-1672
Processor: AMD Athlon(tm) X2 Dual-Core QL-62 | CPU 1 | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 44 GiB total, 18,922 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 0,879 GiB free.
E: is FIXED (NTFS) - 246 GiB total, 45,374 GiB free.
F: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Ad-Remover par C_XX
Adobe Flash Player 10 Plugin
Agere Systems HDA Modem
Auslogics BoostSpeed
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
BurnRecovery
CCleaner
ESET Online Scanner v3
Foxit Reader
Google Désactivation du cookie publicitaire
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ISO Recorder
JMicron JMB38X Flash Media Controller
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (French) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Language Pack 2007 - French/Français
Microsoft Office O MUI (French) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer MUI (French) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office X MUI (French) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
MSI Software Install
NVIDIA Drivers
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype™ 5.1
Spybot - Search & Destroy
SUPERAntiSpyware
System Control Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB 2.0 Camera
UsbFix By TeamXscript
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WinRAR archiver
.
==== End Of File ===========================

Thank you,

Good night,

Nico

shelf life

2011-03-11, 01:00

Sorry I am a little slow to post the awnser, I'm quite busy these days.

no problem. you already posted a new DDS log which looks ok

Nicolas01

2011-03-11, 01:11

Hi again Shelf Life,

I think I may be too tired tonight, I made a mistake for the last post : Actually I red your last advice on the first page of the topic and I just did the DDS Log without thinking... Sorry for this !

Ok concerning the USB and External Hard Drive I already looked on Malekal (http://forum.malekal.com/explications-infections-disques-amovibles-clefs-usb-etc-t5544.html)website (if you know it) and another program called "VaccinUSB was proposed and it successfully created the Autorun.inf and other files in "read only".

Plus, I desactivated the Autorun from windows with a tool called Open-Config (also proposed on Malekal (http://www.malekal.com/2010/11/12/tutorial-usbfix/) website).

Also yes there is an update for windows vista (KB950582 to be precise) which normally disable Autorun but I didn't manage to install it already, I have to check the error.

And finally, I updated Avira to the 10th version and it appear that this version automatically block the Autorun.inf ! Unfortunately it doesn't make the difference between an infected autorun and a vaccinated one so it keeps sending me alerts concerning my devices, I think there is a setting to make.

Well, I also wanted to say a big thank you ! As I looked for help on this forum I realized the huge amount of volunteer experts like you who take a lot of time for helping unconscious (but not any more) web user like me. It's really impressive !

Ok, I hope I won't require any help any more !

Good night,

Nico

shelf life

2011-03-11, 14:06

hi Nico,

Looks like you have the "auto run" issue all under control. Dont forget to scan your external drive with your AV and antimalware, or to be totally safe reformat it. Up to you. Since you reinstalled you should visit Windows update or use the auto-update feature to make sure you are current.
Thanks for the kind words. Your welcome. This is one place i don't want to see people return to.

You can remove combofix like this;
start>run and type in
combofix /uninstall
click ok or enter
note the space after the x and before the /

If all is good you can make a new restore point; Why?

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

Turn system Restore off and reboot computer. (deletes old restore points)
Turn System Restore back on and reboot. (creates a new one)
From then on restore points will be created automatically by Windows

See link here (http://windows.microsoft.com/en-US/windows-vista/System-Restore-frequently-asked-questions) Scroll down to: How do I turn system restore on or off?

And last everybody gets this:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9)A slideshow on how to secure Internet Explorer Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing). How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it. Can you really trust the source of the file?

More info/tips with pictures, links below

Happy Safe Surfing.