click.GiftLoad [Archive] - Safer-Networking Forums

emGre

2011-03-31, 21:51

Here is my DDS,

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 17:27:14.72 on Wed 03/30/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.1917 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Fraps\fraps.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Audacity\audacity.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~2\SEARCH~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~2\toolbar\grabber.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: UACDisableNotify = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\xgjyuxwc.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3af2dfa1;MpKsl3af2dfa1;c:\programdata\microsoft\microsoft antimalware\definition updates\{a4a66da7-a6d3-4a5f-816b-98eb3cfd2b8a}\MpKsl3af2dfa1.sys [2011-3-30 28752]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-15 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [2011-2-19 468096]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-15 1343400]
.
=============== Created Last 30 ================
.
2011-03-30 21:14:00 -------- d-----w- c:\program files\Audacity
2011-03-30 21:06:46 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-03-30 20:19:19 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a4a66da7-a6d3-4a5f-816b-98eb3cfd2b8a}\MpKsl3af2dfa1.sys
2011-03-30 01:41:55 -------- d-----w- c:\users\michael\appdata\local\QuakeLiveConfigGenerator
2011-03-29 00:20:40 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-29 00:20:39 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{656c848e-1a18-453a-bc83-366613f2ac02}\gapaengine.dll
2011-03-29 00:20:20 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a4a66da7-a6d3-4a5f-816b-98eb3cfd2b8a}\mpengine.dll
2011-03-29 00:02:26 -------- d-----w- c:\users\michael\appdata\roaming\wolfcamql
2011-03-29 00:01:01 -------- d-----w- c:\users\michael\wolfcam
2011-03-27 23:26:36 -------- d-----w- c:\users\michael\appdata\roaming\Warsow 0.6
2011-03-27 23:26:36 -------- d-----w- c:\program files\Warsow 0.6
2011-03-27 22:31:47 -------- d-----w- c:\progra~2\id Software
2011-03-27 22:03:45 -------- d-----w- c:\program files\iPod
2011-03-27 22:03:44 -------- d-----w- c:\program files\iTunes
2011-03-27 21:55:25 -------- d-----w- c:\users\michael\appdata\local\ManyCam
2011-03-27 21:14:37 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-03-27 04:10:28 -------- d-----w- c:\users\michael\appdata\local\Desura
2011-03-27 04:07:09 -------- d-----w- c:\progra~2\Desura
2011-03-27 04:07:06 -------- d-----w- c:\program files\Desura
2011-03-24 21:00:28 -------- d-----w- c:\users\michael\appdata\local\LAG
2011-03-24 21:00:28 -------- d-----w- c:\progra~2\LAG
2011-03-24 21:00:02 -------- d-----w- c:\windows\system32\AGEIA
2011-03-24 20:59:53 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-03-22 20:07:13 -------- d-----w- c:\users\michael\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-20 22:41:17 160560 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-03-20 22:40:36 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-03-20 22:40:28 -------- d-----w- c:\program files\Oracle
2011-03-18 20:53:47 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-03-17 23:45:53 -------- d-----w- c:\program files\Window Title Changer
2011-03-17 23:34:34 -------- d-----w- c:\program files\common files\Akamai
2011-03-17 22:09:53 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-03-13 07:37:21 -------- d-----w- c:\program files\YouTube Downloader
2011-03-11 07:14:50 -------- d-----w- c:\users\michael\appdata\local\CrashRpt
2011-03-11 05:44:58 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2011-03-11 04:44:50 -------- d-----w- c:\program files\PowerISO
2011-03-08 23:35:20 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2011-03-08 23:33:45 -------- d-----w- c:\program files\VirtualDub-1.9.11
2011-03-08 20:43:45 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-08 20:43:45 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-08 20:43:45 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-08 20:43:44 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-08 20:43:44 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-08 20:43:43 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-08 20:43:43 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 20:43:43 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 20:43:42 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 20:31:47 -------- d-----w- C:\SauerbratenPortable
2011-03-06 20:19:16 -------- d-----w- c:\program files\common files\Pinnacle
2011-03-06 20:18:54 -------- d-----w- c:\users\michael\appdata\local\Downloaded Installations
2011-03-06 20:18:47 -------- d-----w- c:\progra~2\Pinnacle Studio Ultimate
2011-03-06 20:17:55 69632 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\Studio.exe
2011-03-06 20:17:55 69632 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\SC_ContentTransfer.exe
2011-03-06 20:17:55 65536 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\SC_ReadMe.exe
2011-03-06 20:17:55 49152 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\SC_Check3D.exe
2011-03-06 20:17:55 45056 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\SC_Help_HH.exe
2011-03-06 20:17:55 434176 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\SC_GuidedTour.exe
2011-03-06 20:17:55 40960 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{d041eb9e-890a-4098-8f94-51da194ac72a}\SC_AMCap.exe
2011-03-06 20:14:55 -------- d-----w- c:\program files\common files\Yahoo!
2011-03-06 20:14:54 -------- d-----w- c:\program files\Pinnacle
2011-03-06 04:00:11 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2011-03-06 04:00:11 479298 ----a-w- c:\windows\system32\wbocx.ocx
2011-03-06 03:59:46 -------- d-----w- c:\program files\DAP
2011-03-06 02:42:40 709456 ----a-w- c:\windows\isRS-000.tmp
2011-03-01 21:51:55 -------- d-----w- c:\progra~2\AVS4YOU
2011-03-01 21:51:49 -------- d-----w- c:\users\michael\appdata\roaming\AVS4YOU
2011-03-01 21:46:38 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-03-01 21:46:37 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-03-01 21:46:31 -------- d-----w- c:\program files\common files\AVSMedia
2011-03-01 21:46:28 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-03-01 21:46:28 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-03-01 21:46:28 -------- d-----w- c:\program files\AVS4YOU
.
==================== Find3M ====================
.
2011-03-28 01:42:02 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-28 01:42:02 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-28 01:41:22 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-26 01:19:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-02-17 22:06:08 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-02-03 06:54:36 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 23:53:48 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-20 21:31:17 22328 ----a-w- c:\users\michael\appdata\roaming\PnkBstrK.sys
2011-01-20 01:48:08 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-01-20 01:48:08 2755072 ----a-w- c:\windows\system32\themeui.dll
2011-01-20 01:48:07 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-01-15 22:26:16 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST3160815AS rev.4.ADA -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8674F439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867557d0]; MOV EAX, [0x8675584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82C74448] -> \Device\Harddisk0\DR0[0x8672B4B0]
3 CLASSPNP[0x8BD8759E] -> ntkrnlpa!IofCallDriver[0x82C74448] -> [0x859AAF08]
\Driver\atapi[0x8672D030] -> IRP_MJ_CREATE -> 0x8674F439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-2 -> \??\IDE#DiskST3160815AS_____________________________4.ADA___#5&118455e0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312499998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 17:28:12.40 ===============

Please Help! I always have click.GiftLoad and others in my S&D scans, even if I remove them.

shelf life

2011-04-02, 15:42

hi emGre,

Based on the log you shouldnt be using the computer until its clean and it shouldnt have any connectivity. If your not sure how to stop connectivity you can just power it off.

You have a rootkit on your machine. Rootkits hide malicious files and components from traditional antivirus/antimalware software. They bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

The best source for information on how to do this would be the computer manufacturers website.

To manually clean up the computer with current utilities proceed as follows:

1) Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop

Double click to launch the utility. Vista and Windows 7 right click as "run as admin.." After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)

Please post the log report.

2) Next you can download combofix. this requires you read a guide first which you can do on another computer if needed. Read through the guide then apply the directions on the compromised machine:

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

post the tdsskiller log followed by the combofix log.

emGre

2011-04-06, 22:05

Here is the TDSS log.

2011/04/06 15:55:41.0893 4744 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 15:55:42.0075 4744 ================================================================================
2011/04/06 15:55:42.0075 4744 SystemInfo:
2011/04/06 15:55:42.0075 4744
2011/04/06 15:55:42.0075 4744 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/06 15:55:42.0075 4744 Product type: Workstation
2011/04/06 15:55:42.0075 4744 ComputerName: UPSTAIRS
2011/04/06 15:55:42.0075 4744 UserName: Michael
2011/04/06 15:55:42.0075 4744 Windows directory: C:\Windows
2011/04/06 15:55:42.0075 4744 System windows directory: C:\Windows
2011/04/06 15:55:42.0075 4744 Processor architecture: Intel x86
2011/04/06 15:55:42.0075 4744 Number of processors: 2
2011/04/06 15:55:42.0075 4744 Page size: 0x1000
2011/04/06 15:55:42.0075 4744 Boot type: Normal boot
2011/04/06 15:55:42.0075 4744 ================================================================================
2011/04/06 15:55:42.0632 4744 Initialize success
2011/04/06 15:55:51.0562 5276 ================================================================================
2011/04/06 15:55:51.0562 5276 Scan started
2011/04/06 15:55:51.0562 5276 Mode: Manual;
2011/04/06 15:55:51.0562 5276 ================================================================================
2011/04/06 15:55:53.0207 5276 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/06 15:55:53.0288 5276 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/06 15:55:53.0326 5276 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/06 15:55:53.0401 5276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/06 15:55:53.0442 5276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/06 15:55:53.0482 5276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/06 15:55:53.0552 5276 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/06 15:55:53.0608 5276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/06 15:55:53.0657 5276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/06 15:55:53.0715 5276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/06 15:55:53.0746 5276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/06 15:55:53.0774 5276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/06 15:55:53.0820 5276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/06 15:55:53.0848 5276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/06 15:55:53.0869 5276 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/06 15:55:53.0917 5276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/06 15:55:53.0953 5276 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/06 15:55:54.0007 5276 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/06 15:55:54.0105 5276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/06 15:55:54.0134 5276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/06 15:55:54.0213 5276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 15:55:54.0239 5276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/06 15:55:54.0405 5276 ati2mtag (9a6bfd014090c96a2f3708d98e5a3f40) C:\Windows\system32\DRIVERS\ati2mtag.sys
2011/04/06 15:55:54.0975 5276 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 15:55:55.0349 5276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/06 15:55:55.0438 5276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/06 15:55:55.0535 5276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/06 15:55:55.0800 5276 BHDrvx86 (a28ca9b1e3f425877f0683afde511b52) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20091205.001\BHDrvx86.sys
2011/04/06 15:55:55.0914 5276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/06 15:55:55.0967 5276 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 15:55:56.0006 5276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/06 15:55:56.0053 5276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/06 15:55:56.0137 5276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/06 15:55:56.0199 5276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/06 15:55:56.0242 5276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/06 15:55:56.0279 5276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/06 15:55:56.0349 5276 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/06 15:55:56.0392 5276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/06 15:55:56.0437 5276 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/06 15:55:56.0502 5276 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/06 15:55:56.0571 5276 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/06 15:55:56.0621 5276 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/04/06 15:55:56.0761 5276 ccHP (89197975c624f9c9efe32a8af651eeb0) C:\Windows\system32\drivers\N360\0400000.07F\ccHPx86.sys
2011/04/06 15:55:56.0808 5276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 15:55:56.0865 5276 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 15:55:56.0947 5276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/06 15:55:56.0990 5276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/06 15:55:57.0064 5276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 15:55:57.0107 5276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/06 15:55:57.0167 5276 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/06 15:55:57.0206 5276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 15:55:57.0249 5276 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/06 15:55:57.0293 5276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/06 15:55:57.0365 5276 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 15:55:57.0404 5276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/06 15:55:57.0461 5276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/06 15:55:57.0527 5276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 15:55:57.0580 5276 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 15:55:57.0694 5276 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
2011/04/06 15:55:57.0831 5276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/06 15:55:57.0990 5276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/06 15:55:58.0057 5276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/06 15:55:58.0301 5276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/06 15:55:58.0330 5276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 15:55:58.0369 5276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 15:55:58.0404 5276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 15:55:58.0424 5276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 15:55:58.0465 5276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 15:55:58.0501 5276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 15:55:58.0539 5276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/06 15:55:58.0561 5276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 15:55:58.0602 5276 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/06 15:55:58.0653 5276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/06 15:55:58.0703 5276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 15:55:58.0739 5276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/06 15:55:58.0788 5276 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/06 15:55:58.0837 5276 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 15:55:58.0880 5276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/06 15:55:58.0953 5276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/06 15:55:59.0013 5276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/06 15:55:59.0068 5276 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 15:55:59.0219 5276 HPKBCCID (1ffda46b645473d56c72aae6e1002825) C:\Windows\system32\DRIVERS\HPKBCCID.sys
2011/04/06 15:55:59.0256 5276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/06 15:55:59.0306 5276 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 15:55:59.0342 5276 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/06 15:55:59.0382 5276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 15:55:59.0436 5276 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/06 15:55:59.0495 5276 ICAM5USB (0a8a464d0dfd3257b72792248b44fc93) C:\Windows\system32\Drivers\Icam5USB.sys
2011/04/06 15:55:59.0743 5276 IDSVix86 (785b0ab77d977445d58b02ea63c11fb2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20091105.001\IDSVix86.sys
2011/04/06 15:55:59.0835 5276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/06 15:55:59.0882 5276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/06 15:55:59.0926 5276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 15:55:59.0961 5276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 15:56:00.0016 5276 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/06 15:56:00.0072 5276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/06 15:56:00.0146 5276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/06 15:56:00.0189 5276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/06 15:56:00.0234 5276 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 15:56:00.0280 5276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 15:56:00.0318 5276 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 15:56:00.0344 5276 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 15:56:00.0384 5276 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/06 15:56:00.0463 5276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 15:56:00.0528 5276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/06 15:56:00.0553 5276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/06 15:56:00.0604 5276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/06 15:56:00.0633 5276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/06 15:56:00.0687 5276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/06 15:56:00.0746 5276 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/04/06 15:56:00.0781 5276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/06 15:56:00.0835 5276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/06 15:56:00.0897 5276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/06 15:56:00.0936 5276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 15:56:00.0994 5276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 15:56:01.0035 5276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 15:56:01.0069 5276 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 15:56:01.0134 5276 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/06 15:56:01.0189 5276 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/06 15:56:01.0375 5276 MpKsl95d3d7c8 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\MpKsl95d3d7c8.sys
2011/04/06 15:56:01.0459 5276 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/06 15:56:01.0492 5276 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 15:56:01.0528 5276 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 15:56:01.0572 5276 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 15:56:01.0602 5276 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 15:56:01.0630 5276 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 15:56:01.0672 5276 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/06 15:56:01.0702 5276 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/06 15:56:01.0763 5276 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 15:56:01.0799 5276 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/06 15:56:01.0828 5276 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/06 15:56:01.0885 5276 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 15:56:01.0929 5276 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 15:56:01.0956 5276 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 15:56:01.0989 5276 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 15:56:02.0021 5276 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 15:56:02.0059 5276 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 15:56:02.0110 5276 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/06 15:56:02.0168 5276 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/06 15:56:02.0252 5276 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 15:56:02.0521 5276 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/06 15:56:02.0576 5276 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/06 15:56:02.0611 5276 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 15:56:02.0656 5276 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 15:56:02.0698 5276 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 15:56:02.0725 5276 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 15:56:02.0759 5276 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 15:56:02.0784 5276 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 15:56:02.0936 5276 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/06 15:56:02.0976 5276 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/06 15:56:03.0025 5276 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 15:56:03.0051 5276 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 15:56:03.0108 5276 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 15:56:03.0163 5276 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/06 15:56:03.0212 5276 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/06 15:56:03.0272 5276 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/06 15:56:03.0332 5276 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/06 15:56:03.0375 5276 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/06 15:56:03.0462 5276 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/06 15:56:03.0486 5276 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 15:56:03.0511 5276 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/06 15:56:03.0542 5276 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/06 15:56:03.0567 5276 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/06 15:56:03.0612 5276 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/06 15:56:03.0654 5276 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/06 15:56:03.0686 5276 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/06 15:56:03.0861 5276 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 15:56:03.0914 5276 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/06 15:56:03.0965 5276 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 15:56:04.0043 5276 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/06 15:56:04.0100 5276 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/06 15:56:04.0141 5276 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 15:56:04.0186 5276 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 15:56:04.0227 5276 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/06 15:56:04.0281 5276 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 15:56:04.0312 5276 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 15:56:04.0350 5276 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 15:56:04.0380 5276 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 15:56:04.0433 5276 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/06 15:56:04.0474 5276 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 15:56:04.0515 5276 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 15:56:04.0538 5276 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/06 15:56:04.0578 5276 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 15:56:04.0635 5276 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/06 15:56:04.0706 5276 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/06 15:56:04.0792 5276 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/04/06 15:56:04.0826 5276 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/06 15:56:04.0877 5276 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/06 15:56:04.0935 5276 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 15:56:04.0996 5276 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/06 15:56:05.0070 5276 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/06 15:56:05.0144 5276 SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\Windows\system32\drivers\ScreamingBAudio.sys
2011/04/06 15:56:05.0175 5276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 15:56:05.0297 5276 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/06 15:56:05.0316 5276 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/06 15:56:05.0353 5276 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/06 15:56:05.0411 5276 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/06 15:56:05.0451 5276 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/06 15:56:05.0464 5276 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/06 15:56:05.0510 5276 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/06 15:56:05.0584 5276 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/06 15:56:05.0621 5276 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/06 15:56:05.0653 5276 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/06 15:56:05.0693 5276 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 15:56:05.0732 5276 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/06 15:56:05.0843 5276 SRTSP (f68cfec40f2800aacc1d4bf33eb79f9a) C:\Windows\system32\drivers\N360\0400000.07F\SRTSP.SYS
2011/04/06 15:56:05.0911 5276 SRTSPX (c39d9fcf1e3e52990f6b360e51a73fbd) C:\Windows\system32\drivers\N360\0400000.07F\SRTSPX.SYS
2011/04/06 15:56:05.0965 5276 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 15:56:05.0996 5276 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 15:56:06.0024 5276 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 15:56:06.0087 5276 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/06 15:56:06.0142 5276 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\Windows\system32\Drivers\StkAMini.sys
2011/04/06 15:56:06.0200 5276 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\Windows\system32\Drivers\StkScan.sys
2011/04/06 15:56:06.0262 5276 StkTMini (0933717146e8054f133b5bdb874ef9fa) C:\Windows\system32\Drivers\StkTMini.sys
2011/04/06 15:56:06.0354 5276 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 15:56:06.0458 5276 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0400000.07F\SYMDS.SYS
2011/04/06 15:56:06.0520 5276 SymEFA (9efc1085c6bdff31cc6f16401111edd2) C:\Windows\system32\drivers\N360\0400000.07F\SYMEFA.SYS
2011/04/06 15:56:06.0571 5276 SymIRON (cc7f56b1d56003b9225702e4eca6eb72) C:\Windows\system32\drivers\N360\0400000.07F\Ironx86.SYS
2011/04/06 15:56:06.0625 5276 SYMTDIv (f218223234b9f31f88ffc50efb2e55e1) C:\Windows\system32\drivers\N360\0400000.07F\SYMTDIV.SYS
2011/04/06 15:56:06.0725 5276 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 15:56:06.0816 5276 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 15:56:06.0871 5276 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 15:56:06.0903 5276 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 15:56:06.0928 5276 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 15:56:06.0955 5276 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 15:56:06.0975 5276 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 15:56:07.0030 5276 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 15:56:07.0079 5276 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 15:56:07.0124 5276 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/06 15:56:07.0158 5276 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 15:56:07.0253 5276 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/06 15:56:07.0309 5276 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 15:56:07.0341 5276 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/06 15:56:07.0391 5276 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/06 15:56:07.0454 5276 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/06 15:56:07.0506 5276 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 15:56:07.0670 5276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/06 15:56:07.0717 5276 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 15:56:07.0745 5276 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 15:56:07.0821 5276 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/06 15:56:07.0878 5276 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 15:56:07.0978 5276 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/06 15:56:07.0999 5276 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 15:56:08.0043 5276 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 15:56:08.0110 5276 VBoxNetAdp (42934f05ba89f589a34a11e0661c233b) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/04/06 15:56:08.0182 5276 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/06 15:56:08.0230 5276 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 15:56:08.0267 5276 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/06 15:56:08.0335 5276 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/06 15:56:08.0389 5276 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/06 15:56:08.0408 5276 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/06 15:56:08.0436 5276 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/06 15:56:08.0491 5276 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/06 15:56:08.0515 5276 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 15:56:08.0563 5276 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/06 15:56:08.0602 5276 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/06 15:56:08.0663 5276 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/06 15:56:08.0721 5276 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/06 15:56:08.0777 5276 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 15:56:08.0789 5276 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 15:56:08.0874 5276 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/06 15:56:08.0921 5276 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 15:56:08.0988 5276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/06 15:56:09.0015 5276 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/06 15:56:09.0180 5276 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/06 15:56:09.0250 5276 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/06 15:56:09.0316 5276 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 15:56:09.0378 5276 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/06 15:56:09.0425 5276 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 15:56:09.0490 5276 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/06 15:56:09.0494 5276 ================================================================================
2011/04/06 15:56:09.0494 5276 Scan finished
2011/04/06 15:56:09.0494 5276 ================================================================================
2011/04/06 15:56:09.0505 5536 Detected object count: 1

shelf life

2011-04-06, 23:47

Please run tdsskiller once more, then continue with combofix.

emGre

2011-04-07, 23:43

ok thanks, should I post my ComboFix log here?

shelf life

2011-04-07, 23:55

yes post the new scan from tdsskiller and the combofix log.

emGre

2011-04-07, 23:57

Here is the new TDSS log.

2011/04/07 17:20:13.0347 1372 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 17:20:13.0519 1372 ================================================================================
2011/04/07 17:20:13.0519 1372 SystemInfo:
2011/04/07 17:20:13.0519 1372
2011/04/07 17:20:13.0519 1372 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/07 17:20:13.0519 1372 Product type: Workstation
2011/04/07 17:20:13.0519 1372 ComputerName: UPSTAIRS
2011/04/07 17:20:13.0519 1372 UserName: Michael
2011/04/07 17:20:13.0519 1372 Windows directory: C:\Windows
2011/04/07 17:20:13.0519 1372 System windows directory: C:\Windows
2011/04/07 17:20:13.0519 1372 Processor architecture: Intel x86
2011/04/07 17:20:13.0519 1372 Number of processors: 2
2011/04/07 17:20:13.0519 1372 Page size: 0x1000
2011/04/07 17:20:13.0519 1372 Boot type: Safe boot with network
2011/04/07 17:20:13.0519 1372 ================================================================================
2011/04/07 17:20:13.0722 1372 Initialize success
2011/04/07 17:20:15.0079 0800 ================================================================================
2011/04/07 17:20:15.0079 0800 Scan started
2011/04/07 17:20:15.0079 0800 Mode: Manual;
2011/04/07 17:20:15.0079 0800 ================================================================================
2011/04/07 17:20:16.0108 0800 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/07 17:20:16.0155 0800 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/07 17:20:16.0202 0800 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/07 17:20:16.0264 0800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/07 17:20:16.0311 0800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/07 17:20:16.0342 0800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/07 17:20:16.0420 0800 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/07 17:20:16.0467 0800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/07 17:20:16.0514 0800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/07 17:20:16.0576 0800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/07 17:20:16.0608 0800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/07 17:20:16.0623 0800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/07 17:20:16.0701 0800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/07 17:20:16.0732 0800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/07 17:20:16.0795 0800 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/07 17:20:16.0826 0800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/07 17:20:16.0873 0800 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/07 17:20:16.0920 0800 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/07 17:20:17.0029 0800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/07 17:20:17.0076 0800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/07 17:20:17.0200 0800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/07 17:20:17.0232 0800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/07 17:20:17.0388 0800 ati2mtag (9a6bfd014090c96a2f3708d98e5a3f40) C:\Windows\system32\DRIVERS\ati2mtag.sys
2011/04/07 17:20:17.0590 0800 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/07 17:20:17.0793 0800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/07 17:20:17.0840 0800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/07 17:20:17.0902 0800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/07 17:20:17.0996 0800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/07 17:20:18.0058 0800 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/07 17:20:18.0105 0800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/07 17:20:18.0152 0800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/07 17:20:18.0214 0800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/07 17:20:18.0246 0800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/07 17:20:18.0277 0800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/07 17:20:18.0324 0800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/07 17:20:18.0402 0800 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/07 17:20:18.0433 0800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/07 17:20:18.0464 0800 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/07 17:20:18.0495 0800 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/07 17:20:18.0558 0800 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/07 17:20:18.0604 0800 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
2011/04/07 17:20:18.0651 0800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/07 17:20:18.0714 0800 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/07 17:20:18.0776 0800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/07 17:20:18.0807 0800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/07 17:20:18.0870 0800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/07 17:20:18.0901 0800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/07 17:20:18.0932 0800 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/07 17:20:18.0979 0800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/07 17:20:19.0041 0800 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/07 17:20:19.0088 0800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/07 17:20:19.0166 0800 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/07 17:20:19.0197 0800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/07 17:20:19.0275 0800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/07 17:20:19.0353 0800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/07 17:20:19.0416 0800 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/07 17:20:19.0462 0800 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
2011/04/07 17:20:19.0587 0800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/07 17:20:19.0728 0800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/07 17:20:19.0806 0800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/07 17:20:19.0884 0800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/07 17:20:19.0915 0800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/07 17:20:20.0008 0800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/07 17:20:20.0055 0800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/07 17:20:20.0102 0800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/07 17:20:20.0149 0800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/07 17:20:20.0196 0800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/07 17:20:20.0227 0800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/07 17:20:20.0242 0800 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/07 17:20:20.0289 0800 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/07 17:20:20.0336 0800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/07 17:20:20.0383 0800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/07 17:20:20.0430 0800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/07 17:20:20.0476 0800 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/07 17:20:20.0523 0800 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/07 17:20:20.0554 0800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/07 17:20:20.0586 0800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/07 17:20:20.0617 0800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/07 17:20:20.0710 0800 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/07 17:20:20.0835 0800 HPKBCCID (1ffda46b645473d56c72aae6e1002825) C:\Windows\system32\DRIVERS\HPKBCCID.sys
2011/04/07 17:20:20.0898 0800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/07 17:20:20.0991 0800 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/07 17:20:21.0022 0800 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/07 17:20:21.0054 0800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/07 17:20:21.0116 0800 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/07 17:20:21.0163 0800 ICAM5USB (0a8a464d0dfd3257b72792248b44fc93) C:\Windows\system32\Drivers\Icam5USB.sys
2011/04/07 17:20:21.0225 0800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/07 17:20:21.0261 0800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/07 17:20:21.0305 0800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/07 17:20:21.0340 0800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/07 17:20:21.0395 0800 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/07 17:20:21.0409 0800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/07 17:20:21.0451 0800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/07 17:20:21.0494 0800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/07 17:20:21.0523 0800 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/07 17:20:21.0569 0800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/07 17:20:21.0598 0800 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/07 17:20:21.0633 0800 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/07 17:20:21.0664 0800 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/07 17:20:21.0718 0800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/07 17:20:21.0775 0800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/07 17:20:21.0800 0800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/07 17:20:21.0881 0800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/07 17:20:21.0955 0800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/07 17:20:22.0000 0800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/07 17:20:22.0067 0800 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/04/07 17:20:22.0103 0800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/07 17:20:22.0148 0800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/07 17:20:22.0202 0800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/07 17:20:22.0233 0800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/07 17:20:22.0291 0800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/07 17:20:22.0324 0800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/07 17:20:22.0357 0800 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/07 17:20:22.0422 0800 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/07 17:20:22.0452 0800 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/07 17:20:22.0645 0800 MpKsl4d322d46 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\MpKsl4d322d46.sys
2011/04/07 17:20:22.0739 0800 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/07 17:20:22.0797 0800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/07 17:20:22.0841 0800 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/07 17:20:22.0910 0800 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/07 17:20:22.0932 0800 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/07 17:20:22.0960 0800 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/07 17:20:23.0002 0800 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/07 17:20:23.0032 0800 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/07 17:20:23.0102 0800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/07 17:20:23.0129 0800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/07 17:20:23.0142 0800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/07 17:20:23.0199 0800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/07 17:20:23.0251 0800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/07 17:20:23.0269 0800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/07 17:20:23.0294 0800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/07 17:20:23.0313 0800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/07 17:20:23.0344 0800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/07 17:20:23.0375 0800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/07 17:20:23.0406 0800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/07 17:20:23.0453 0800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/07 17:20:23.0609 0800 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/07 17:20:23.0748 0800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/07 17:20:23.0808 0800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/07 17:20:23.0828 0800 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/07 17:20:23.0861 0800 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/07 17:20:23.0888 0800 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/07 17:20:23.0923 0800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/07 17:20:24.0039 0800 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/07 17:20:24.0274 0800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/07 17:20:24.0331 0800 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/07 17:20:24.0471 0800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/07 17:20:24.0523 0800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/07 17:20:24.0596 0800 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/07 17:20:24.0676 0800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/07 17:20:24.0741 0800 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/07 17:20:24.0877 0800 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/07 17:20:24.0912 0800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/07 17:20:25.0063 0800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/07 17:20:25.0292 0800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/07 17:20:25.0441 0800 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/07 17:20:25.0549 0800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/07 17:20:25.0621 0800 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/07 17:20:25.0647 0800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/07 17:20:25.0692 0800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/07 17:20:25.0725 0800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/07 17:20:25.0766 0800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/07 17:20:25.0924 0800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/07 17:20:25.0969 0800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/07 17:20:26.0012 0800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/07 17:20:26.0073 0800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/07 17:20:26.0129 0800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/07 17:20:26.0204 0800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/07 17:20:26.0291 0800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/07 17:20:26.0358 0800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/07 17:20:26.0463 0800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/07 17:20:26.0600 0800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/07 17:20:26.0696 0800 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/07 17:20:26.0780 0800 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/07 17:20:26.0920 0800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/07 17:20:27.0328 0800 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/07 17:20:27.0661 0800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/07 17:20:27.0783 0800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/07 17:20:27.0824 0800 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/07 17:20:27.0872 0800 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/07 17:20:28.0027 0800 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/07 17:20:28.0413 0800 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/04/07 17:20:28.0538 0800 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/07 17:20:28.0656 0800 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/07 17:20:28.0955 0800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/07 17:20:29.0134 0800 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/07 17:20:29.0523 0800 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/07 17:20:29.0805 0800 SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\Windows\system32\drivers\ScreamingBAudio.sys
2011/04/07 17:20:30.0095 0800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/07 17:20:30.0214 0800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/07 17:20:30.0307 0800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/07 17:20:30.0540 0800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/07 17:20:30.0731 0800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/07 17:20:30.0779 0800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/07 17:20:30.0791 0800 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/07 17:20:30.0839 0800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/07 17:20:30.0879 0800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/07 17:20:30.0916 0800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/07 17:20:30.0948 0800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/07 17:20:30.0996 0800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/07 17:20:31.0293 0800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/07 17:20:31.0335 0800 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/07 17:20:31.0374 0800 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/07 17:20:31.0411 0800 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/07 17:20:31.0490 0800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/07 17:20:31.0546 0800 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\Windows\system32\Drivers\StkAMini.sys
2011/04/07 17:20:31.0620 0800 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\Windows\system32\Drivers\StkScan.sys
2011/04/07 17:20:31.0681 0800 StkTMini (0933717146e8054f133b5bdb874ef9fa) C:\Windows\system32\Drivers\StkTMini.sys
2011/04/07 17:20:31.0714 0800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/07 17:20:31.0802 0800 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/07 17:20:31.0885 0800 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/07 17:20:31.0932 0800 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/07 17:20:31.0955 0800 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/07 17:20:31.0970 0800 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/07 17:20:31.0999 0800 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/07 17:20:32.0019 0800 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/07 17:20:32.0065 0800 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/07 17:20:32.0148 0800 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/07 17:20:32.0201 0800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/07 17:20:32.0277 0800 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/07 17:20:32.0372 0800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/07 17:20:32.0453 0800 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/07 17:20:32.0477 0800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/07 17:20:32.0519 0800 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/07 17:20:32.0582 0800 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/07 17:20:32.0625 0800 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/07 17:20:32.0664 0800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/07 17:20:32.0695 0800 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/07 17:20:32.0722 0800 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/07 17:20:32.0756 0800 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/07 17:20:32.0797 0800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/07 17:20:32.0814 0800 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/07 17:20:32.0835 0800 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/07 17:20:32.0870 0800 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/07 17:20:32.0937 0800 VBoxNetAdp (42934f05ba89f589a34a11e0661c233b) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/04/07 17:20:32.0993 0800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/07 17:20:33.0065 0800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/07 17:20:33.0103 0800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/07 17:20:33.0146 0800 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/07 17:20:33.0241 0800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/07 17:20:33.0268 0800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/07 17:20:33.0306 0800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/07 17:20:33.0360 0800 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/07 17:20:33.0384 0800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/07 17:20:33.0446 0800 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/07 17:20:33.0496 0800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/07 17:20:33.0536 0800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/07 17:20:33.0596 0800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/07 17:20:33.0630 0800 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 17:20:33.0640 0800 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/07 17:20:33.0702 0800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/07 17:20:33.0740 0800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/07 17:20:33.0866 0800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/07 17:20:33.0909 0800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/07 17:20:34.0374 0800 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/07 17:20:34.0760 0800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/07 17:20:34.0850 0800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/07 17:20:34.0880 0800 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/07 17:20:34.0910 0800 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/07 17:20:34.0975 0800 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/07 17:20:34.0979 0800 ================================================================================
2011/04/07 17:20:34.0979 0800 Scan finished
2011/04/07 17:20:34.0979 0800 ================================================================================
2011/04/07 17:20:34.0987 1916 Detected object count: 1
2011/04/07 17:20:44.0083 1916 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/07 17:20:44.0083 1916 \HardDisk0 - ok
2011/04/07 17:20:44.0083 1916 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/07 17:20:50.0596 1832 Deinitialize success

emGre

2011-04-07, 23:58

And the ComboFix log.

ComboFix 11-04-06.01 - Michael 04/07/2011 17:29:12.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2353 [GMT -4:00]
Running from: c:\users\Michael\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\sauerbratenportable\SauerbratenPortable.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 21:35 . 2011-04-07 21:36 -------- d-----w- c:\users\Michael\AppData\Local\temp
2011-04-07 21:35 . 2011-04-07 21:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-07 21:35 . 2011-04-07 21:35 -------- d-----w- c:\users\User\AppData\Local\temp
2011-04-07 21:35 . 2011-04-07 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 21:23 . 2011-04-07 21:24 -------- d-----w- C:\32788R22FWJFW
2011-04-07 21:23 . 2011-04-07 21:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\MpKslcb03cf50.sys
2011-04-07 21:14 . 2011-04-07 21:14 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\MpKsl4d322d46.sys
2011-04-07 02:06 . 2011-04-07 02:06 -------- d-----w- c:\program files\Realtek
2011-04-07 02:04 . 2011-04-07 21:09 -------- d--h--w- c:\program files\Temp
2011-04-07 02:04 . 2011-02-09 19:56 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-04-07 02:04 . 2006-02-07 19:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-04-07 02:04 . 2006-02-07 19:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-04-07 02:04 . 2006-02-07 19:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-04-07 02:04 . 2006-02-07 19:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-04-07 02:04 . 2005-11-14 03:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-04-07 02:04 . 2011-04-07 02:04 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-04-07 02:04 . 2011-04-07 02:04 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-04-06 20:14 . 2011-04-06 20:14 -------- d-----w- c:\users\Michael\AppData\Roaming\Tific
2011-04-06 19:56 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-06 19:56 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-05 02:24 . 2011-04-07 21:22 -------- d-----r- c:\users\Michael\Dropbox
2011-04-05 02:23 . 2011-04-07 21:22 -------- d-----w- c:\users\Michael\AppData\Roaming\Dropbox
2011-04-04 21:02 . 2010-11-30 15:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71698777-440B-4FEA-8914-ADB03EE800BE}\gapaengine.dll
2011-04-04 21:01 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\mpengine.dll
2011-04-03 21:11 . 2011-04-03 21:11 -------- d-----w- c:\users\Michael\AppData\Roaming\Sony Creative Software
2011-04-03 00:15 . 2011-04-03 00:15 -------- d-----w- c:\programdata\WeGame
2011-04-03 00:07 . 2009-04-07 23:43 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll
2011-04-03 00:07 . 2009-04-07 23:43 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll
2011-04-03 00:07 . 2009-04-07 23:43 185688 ----a-w- c:\windows\system32\Ltfil15u.dll
2011-04-02 16:41 . 2011-04-02 16:41 -------- d-----w- c:\program files\Coupons
2011-04-01 21:50 . 2011-04-01 21:50 -------- d-----w- c:\programdata\Symantec
2011-04-01 20:13 . 2011-04-01 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Ulead Systems
2011-04-01 20:13 . 2011-04-01 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2011-04-01 20:13 . 2011-04-01 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ATI
2011-04-01 00:08 . 2011-04-01 00:08 -------- d-----w- c:\users\Michael\AppData\Local\Immunet
2011-04-01 00:08 . 2011-04-01 00:08 -------- d-----w- c:\programdata\Immunet
2011-04-01 00:05 . 2011-04-01 00:05 -------- d-----w- c:\users\User\AppData\Local\Adobe
2011-03-31 21:54 . 2011-04-07 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2011-03-31 21:42 . 2011-04-04 01:50 -------- d-----w- c:\users\Michael\AppData\Local\CrashDumps
2011-03-31 21:15 . 2011-04-06 20:28 -------- d-----w- c:\programdata\Norton
2011-03-31 00:04 . 2011-03-31 00:04 -------- d-----w- c:\users\Administrator
2011-03-30 23:56 . 2011-03-30 23:56 -------- d-----w- c:\program files\Sytexis Software
2011-03-30 21:31 . 2011-03-30 21:31 -------- d-----w- c:\users\Michael\AppData\Local\Innovative Solutions
2011-03-30 21:31 . 2011-03-30 21:31 -------- d-----w- c:\programdata\Innovative Solutions
2011-03-30 21:14 . 2011-03-30 21:14 -------- d-----w- c:\program files\Audacity
2011-03-30 21:06 . 2011-03-30 21:19 -------- d-----w- c:\users\Michael\AppData\Roaming\Audacity
2011-03-30 21:06 . 2011-03-30 21:06 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-03-30 01:41 . 2011-03-30 22:54 -------- d-----w- c:\users\Michael\AppData\Local\QuakeLiveConfigGenerator
2011-03-29 00:20 . 2011-01-15 20:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-29 00:02 . 2011-03-29 00:02 -------- d-----w- c:\users\Michael\AppData\Roaming\wolfcamql
2011-03-29 00:01 . 2011-03-29 00:01 -------- d-----w- c:\users\Michael\wolfcam
2011-03-27 23:26 . 2011-03-27 23:27 -------- d-----w- c:\program files\Warsow 0.6
2011-03-27 23:26 . 2011-03-27 23:26 -------- d-----w- c:\users\Michael\AppData\Roaming\Warsow 0.6
2011-03-27 22:31 . 2011-03-27 22:31 -------- d-----w- c:\programdata\id Software
2011-03-27 22:03 . 2011-03-27 22:03 -------- d-----w- c:\program files\iPod
2011-03-27 22:03 . 2011-03-27 22:04 -------- d-----w- c:\program files\iTunes
2011-03-27 21:55 . 2011-03-27 21:55 -------- d-----w- c:\users\Michael\AppData\Local\ManyCam
2011-03-27 21:14 . 2011-03-27 21:14 -------- d-----w- c:\windows\system32\%APPDATA%
2011-03-27 04:10 . 2011-03-27 04:10 -------- d-----w- c:\users\Michael\AppData\Local\Desura
2011-03-27 04:07 . 2011-03-27 04:07 -------- d-----w- c:\programdata\Desura
2011-03-27 04:07 . 2011-03-28 01:41 -------- d-----w- c:\program files\Desura
2011-03-24 21:00 . 2011-03-24 21:00 -------- d-----w- c:\users\Michael\AppData\Local\LAG
2011-03-24 21:00 . 2011-03-24 21:00 -------- d-----w- c:\programdata\LAG
2011-03-24 21:00 . 2011-03-28 01:42 -------- d-----w- c:\windows\system32\AGEIA
2011-03-24 21:00 . 2011-03-28 01:41 -------- d-----w- c:\program files\AGEIA Technologies
2011-03-24 20:59 . 2011-03-28 01:41 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-03-23 22:19 . 2011-04-01 20:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-03-22 20:07 . 2011-03-22 20:07 -------- d-----w- c:\users\Michael\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-20 22:41 . 2011-02-17 22:06 160560 ------w- c:\windows\system32\drivers\VBoxDrv.sys
2011-03-20 22:40 . 2011-02-17 22:06 44784 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-03-18 20:53 . 2011-03-18 20:53 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-03-18 00:46 . 2011-03-18 00:46 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-17 23:45 . 2011-03-17 23:45 -------- d-----w- c:\program files\Window Title Changer
2011-03-17 23:34 . 2011-03-30 21:32 -------- d-----w- c:\program files\Common Files\Akamai
2011-03-17 23:15 . 2011-03-28 01:41 -------- d-----w- c:\programdata\FLEXnet
2011-03-17 22:13 . 2011-03-17 22:13 -------- d-----w- c:\program files\Adobe Media Player
2011-03-17 22:09 . 2011-03-17 22:09 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-03-13 07:37 . 2011-03-13 07:37 -------- d-----w- c:\program files\YouTube Downloader
2011-03-12 23:13 . 2011-03-12 23:13 -------- d-----w- c:\program files\Common Files\Java
2011-03-12 23:11 . 2011-03-12 23:11 -------- d-----w- c:\programdata\McAfee
2011-03-11 07:14 . 2011-03-11 07:14 -------- d-----w- c:\users\Michael\AppData\Local\CrashRpt
2011-03-11 05:44 . 2008-05-30 19:18 238088 ------w- c:\windows\system32\xactengine3_1.dll
2011-03-08 23:35 . 2000-08-23 22:00 33280 ------w- c:\windows\system32\HUFFYUV.DLL
2011-03-08 23:33 . 2011-03-08 23:36 -------- d-----w- c:\program files\VirtualDub-1.9.11
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-04 21:39 . 2011-01-15 23:28 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-04 21:39 . 2011-01-16 01:34 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-04 21:39 . 2011-01-15 23:27 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-03 22:31 . 2011-01-15 23:27 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-18 18:32 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-15 04:05 . 2011-01-15 23:02 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-13 20:53 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-06 04:00 . 2011-03-06 04:00 50688 ------w- c:\windows\system32\wbhelp2.dll
2011-03-06 04:00 . 2011-03-06 04:00 479298 ------w- c:\windows\system32\wbocx.ocx
2011-03-06 02:42 . 2011-03-06 02:42 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-26 01:19 . 2011-02-26 01:19 41872 ------w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33 . 2011-03-08 20:43 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-08 20:43 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-08 20:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-17 22:06 . 2011-02-17 22:06 111152 ------w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-02-16 20:21 . 2011-02-16 20:21 521760 ----a-w- c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-02-03 06:54 . 2011-02-03 06:54 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-03 05:45 . 2011-02-10 04:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-03 02:40 . 2011-01-31 01:20 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-22 16:34 . 2011-01-22 16:34 14336 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{9F185C48-595B-401A-A1D6-AAB324890DC4}\IconCBE855212.exe
2011-01-20 23:53 . 2011-01-15 23:27 75136 ------w- c:\windows\system32\PnkBstrA.exe
2011-01-20 21:31 . 2011-01-15 23:27 22328 ----a-w- c:\users\Michael\AppData\Roaming\PnkBstrK.sys
2011-01-20 01:48 . 2009-07-13 23:39 2755072 ------w- c:\windows\system32\themeui.dll
2011-01-20 01:48 . 2009-07-13 23:39 37376 ------w- c:\windows\system32\themeservice.dll
2011-01-20 01:48 . 2009-07-13 23:40 249856 ------w- c:\windows\system32\uxtheme.dll
2011-01-15 20:43 . 2011-01-15 20:43 40960 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{4807C860-9E40-4D13-96C8-2F00A3E32177}\NewShortcut1_DC5EDBF7D08241849400BC64FF8DD4BE.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-15 136176]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-12-21 1739848]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2011-03-06 2081992]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-30 23360040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"UACDisableNotify"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl406ff861;MpKsl406ff861;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E49B664-6EE9-4ACC-BD23-7A8E7EEBD524}\MpKsl406ff861.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2011-03-06 421064]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [2007-11-16 468096]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-15 1343400]
S1 MpKsl4d322d46;MpKsl4d322d46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\MpKsl4d322d46.sys [2011-04-07 28752]
S1 MpKslcb03cf50;MpKslcb03cf50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CC876D4-006D-48D2-B599-EE84E9B37359}\MpKslcb03cf50.sys [2011-04-07 28752]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\DRIVERS\HPKBCCID.sys [2006-11-07 46976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLCB03CF50
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353778214-3104317736-2708457074-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 20:34]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353778214-3104317736-2708457074-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\xgjyuxwc.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-07 17:37:47
ComboFix-quarantined-files.txt 2011-04-07 21:37
.
Pre-Run: 54,212,149,248 bytes free
Post-Run: 54,430,294,016 bytes free
.
- - End Of File - - F191F7A23C7EDC5A9B30548090F98FE9

shelf life

2011-04-08, 00:24

ok good. We will get one more download which you can keep and use as a antimalware app. Also after you run Malwarebytes please rescan and post a new dds log also, then we can call it quits.

1) Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

2) Rescan and post a new DDS log

emGre

2011-04-08, 01:58

Ok thanks, i'm running MBytes as i'm typing this, and the bot has seemed to go away. I'm running MUCH smoothly, so thanks!:eek:

emGre

2011-04-08, 03:49

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6186

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/7/2011 9:12:06 PM
mbam-log-2011-04-07 (21-12-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 329162
Time elapsed: 1 hour(s), 15 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

shelf life

2011-04-09, 00:23

ok good. Post a final DDS log and we can call it quits.

emGre

2011-04-09, 02:23

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 20:21:23.36 on Fri 04/08/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3326.2178 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\PnkBstrB.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [Google Update] "c:\users\michael\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ManyCam] "c:\program files\manycam\bin\ManyCam.exe" /silent
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\michael\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: UACDisableNotify = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\xgjyuxwc.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://my.daemon-search.com/
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\michael\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl26de2276;MpKsl26de2276;c:\programdata\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\MpKsl26de2276.sys [2011-4-8 28752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-15 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2006-11-7 46976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkTMini.sys [2011-2-19 468096]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-15 1343400]
.
=============== Created Last 30 ================
.
2011-04-08 23:43:19 -------- d-----w- C:\Twixtor4
2011-04-08 22:29:29 -------- d-----w- C:\MirandaPortable
2011-04-08 19:38:39 -------- d-----w- c:\program files\XMapper
2011-04-08 16:11:42 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\MpKsl26de2276.sys
2011-04-07 21:48:09 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{ffab900b-aec3-49fe-93e1-d5fadbd9d238}\mpengine.dll
2011-04-07 21:37:50 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-07 21:37:49 -------- d-----w- c:\users\michael\appdata\local\temp
2011-04-07 21:26:09 98816 ----a-w- c:\windows\sed.exe
2011-04-07 21:26:09 89088 ----a-w- c:\windows\MBR.exe
2011-04-07 21:26:09 256512 ----a-w- c:\windows\PEV.exe
2011-04-07 21:26:09 161792 ----a-w- c:\windows\SWREG.exe
2011-04-07 21:24:55 -------- d-----w- C:\ComboFix
2011-04-07 02:06:13 -------- d-----w- c:\program files\Realtek
2011-04-07 02:04:20 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-04-07 02:04:20 -------- d--h--w- c:\program files\Temp
2011-04-07 02:04:18 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-04-07 02:04:18 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-04-07 02:04:18 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-04-07 02:04:18 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-04-07 02:04:18 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-04-07 02:04:16 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-04-07 02:04:16 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-04-06 20:14:07 -------- d-----w- c:\users\michael\appdata\roaming\Tific
2011-04-06 19:56:22 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-06 19:56:22 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2011-04-05 02:24:33 -------- d-----r- c:\users\michael\Dropbox
2011-04-05 02:23:06 -------- d-----w- c:\users\michael\appdata\roaming\Dropbox
2011-04-04 21:02:15 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{71698777-440b-4fea-8914-adb03ee800be}\gapaengine.dll
2011-04-03 21:11:43 -------- d-----w- c:\users\michael\appdata\roaming\Sony Creative Software
2011-04-03 00:15:41 -------- d-----w- c:\progra~2\WeGame
2011-04-03 00:07:20 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll
2011-04-03 00:07:20 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll
2011-04-03 00:07:20 185688 ----a-w- c:\windows\system32\Ltfil15u.dll
2011-04-02 16:41:08 -------- d-----w- c:\program files\Coupons
2011-04-01 21:50:17 -------- d-----w- c:\progra~2\Symantec
2011-04-01 00:08:43 -------- d-----w- c:\users\michael\appdata\local\Immunet
2011-04-01 00:08:42 -------- d-----w- c:\progra~2\Immunet
2011-03-31 21:42:02 -------- d-----w- c:\users\michael\appdata\local\CrashDumps
2011-03-31 21:17:12 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-31 21:15:22 -------- d-----w- c:\progra~2\Norton
2011-03-30 23:56:19 -------- d-----w- c:\program files\Sytexis Software
2011-03-30 21:31:18 -------- d-----w- c:\users\michael\appdata\local\Innovative Solutions
2011-03-30 21:31:18 -------- d-----w- c:\progra~2\Innovative Solutions
2011-03-30 21:14:00 -------- d-----w- c:\program files\Audacity
2011-03-30 21:06:46 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-03-30 01:41:55 -------- d-----w- c:\users\michael\appdata\local\QuakeLiveConfigGenerator
2011-03-29 00:20:40 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-03-29 00:02:26 -------- d-----w- c:\users\michael\appdata\roaming\wolfcamql
2011-03-29 00:01:01 -------- d-----w- c:\users\michael\wolfcam
2011-03-27 23:26:36 -------- d-----w- c:\users\michael\appdata\roaming\Warsow 0.6
2011-03-27 23:26:36 -------- d-----w- c:\program files\Warsow 0.6
2011-03-27 22:31:47 -------- d-----w- c:\progra~2\id Software
2011-03-27 22:03:45 -------- d-----w- c:\program files\iPod
2011-03-27 22:03:44 -------- d-----w- c:\program files\iTunes
2011-03-27 21:55:25 -------- d-----w- c:\users\michael\appdata\local\ManyCam
2011-03-27 21:14:37 -------- d-----w- c:\windows\system32\%APPDATA%
2011-03-27 04:10:28 -------- d-----w- c:\users\michael\appdata\local\Desura
2011-03-27 04:07:09 -------- d-----w- c:\progra~2\Desura
2011-03-27 04:07:06 -------- d-----w- c:\program files\Desura
2011-03-24 21:00:28 -------- d-----w- c:\users\michael\appdata\local\LAG
2011-03-24 21:00:28 -------- d-----w- c:\progra~2\LAG
2011-03-24 21:00:02 -------- d-----w- c:\windows\system32\AGEIA
2011-03-24 20:59:53 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-03-22 20:07:13 -------- d-----w- c:\users\michael\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-20 22:41:17 160560 ------w- c:\windows\system32\drivers\VBoxDrv.sys
2011-03-20 22:40:36 44784 ------w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-03-18 20:53:47 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
2011-03-17 23:45:53 -------- d-----w- c:\program files\Window Title Changer
2011-03-17 23:34:34 -------- d-----w- c:\program files\common files\Akamai
2011-03-17 22:09:53 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-03-13 07:37:21 -------- d-----w- c:\program files\YouTube Downloader
2011-03-11 07:14:50 -------- d-----w- c:\users\michael\appdata\local\CrashRpt
2011-03-11 05:44:58 238088 ------w- c:\windows\system32\xactengine3_1.dll
.
==================== Find3M ====================
.
2011-04-09 00:07:15 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-09 00:07:15 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-09 00:06:49 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-18 18:32:10 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-06 04:00:11 50688 ------w- c:\windows\system32\wbhelp2.dll
2011-03-06 04:00:11 479298 ------w- c:\windows\system32\wbocx.ocx
2011-03-06 02:42:40 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-26 01:19:32 41872 ------w- c:\windows\system32\xfcodec.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 06:54:36 86016 ------w- c:\windows\system32\frapsvid.dll
2011-02-03 02:40:23 472808 ------w- c:\windows\system32\deployJava1.dll
2011-01-20 23:53:48 75136 ------w- c:\windows\system32\PnkBstrA.exe
2011-01-20 21:31:17 22328 ----a-w- c:\users\michael\appdata\roaming\PnkBstrK.sys
2011-01-20 01:48:08 37376 ------w- c:\windows\system32\themeservice.dll
2011-01-20 01:48:08 2755072 ------w- c:\windows\system32\themeui.dll
2011-01-20 01:48:07 249856 ------w- c:\windows\system32\uxtheme.dll
2011-01-15 22:26:16 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 20:22:19.13 ===============

shelf life

2011-04-09, 14:44

hi,

Ok looks like we are done. Couple things to do; you can delete the tdsskiller icon from your desktop. Combofix can be removed like this:

hold down the Windows icon key and click the R key on your keyboard to bring up the 'run' box. Type in combofix /uninstall
click ok
note the space after the x and before the /

Note that the free version of malwarebytes must be updated manually and a scan started manually.

You can delete all restore points and create a new one. The why:

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

You can read this link for how to delete restore points in W7.

W7 restore points (http://www.sevenforums.com/tutorials/336-system-protection-restore-points-delete.html)

and last; some tip to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) and do it yourself. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?

More info/tips with pictures in links below.

Happy Safe Surfing.