PDA

View Full Version : Google Redirect



TitanX
2011-06-26, 19:50
lately everytime i use google to search, it redirects me to a new browser. my windows died once already and i fixed it but it still does the redirect.

TitanX
2011-06-26, 20:02
it wont let me edit so...

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Kenan at 10:58:42 on 2011-06-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2637 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
StartupFolder: C:\Users\Kenan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62} : DhcpNameServer = 209.18.47.61 209.18.47.62
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-13 13336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
.
=============== Created Last 30 ================
.
2011-06-26 09:42:42 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-06-25 16:35:48 -------- d-----w- C:\Program Files (x86)\AhnLab
2011-06-25 06:31:43 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-06-25 06:16:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-25 06:16:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-25 06:16:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-25 06:16:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-25 06:16:23 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16:23 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-25 06:16:23 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-25 06:16:23 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-25 06:16:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-25 06:16:23 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-25 06:08:36 -------- d-----w- C:\Games
2011-06-25 05:01:39 -------- d-----w- C:\Windows\System32\catroot2
2011-06-25 04:41:00 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16B96430-4423-4DD0-B5FF-DFCB5A2E7CD3}\mpengine.dll
2011-06-25 04:40:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-25 04:29:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Google
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Deployment
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Apps
2011-06-25 04:03:59 -------- d-sh--w- C:\Recovery
2011-06-25 04:03:58 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 10:59:03.70 ===============

Blottedisk
2011-06-26, 21:18
Hi TitanX,

Welcome to Safer Networking. My name is Blottedisk and I will be helping you with your malware issues.


Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools box to the top right of your topic title and then choosing Suscribe to this Thread (then choose Instant Notification by email). If the button says Unsuscribe from this Thread, then you are already subscribed.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


Please follow these steps in order:


Step 1 | Please download GMER from one of the following locations and save it to your desktop:

Main Mirror (http://gmer.net/download.php ) - This version will download a randomly named file (Recommended)
Zipped Mirror (http://gmer.net/gmer.zip ) - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection (http://forums.whatthetech.com/index.php?showtopic=96260 ) so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.


Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif


GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Make sure all options are checked except:

IAT/EAT
Drives/Partition other than Systemdrive, which is typically C:\
Show All (This is important, so do not miss it.)

http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_th.gif (http://i582.photobucket.com/albums/ss269/Cat_Byte/GMER/gmer_screen2-1.gif )
Click the image to enlarge it

Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode (http://www.computerhope.com/issues/chsafe.htm ).

Step 2 | Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe ) to your desktop.

Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it


Step 3 | Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe ) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

TitanX
2011-06-28, 01:15
GMER said it didnt find anything so it was just blank.

everytime i ran the aswmbr and pressed scan i got the blue screen.

and the last one gave me this.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Si
System Product Name: SYX-P55-CD53
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 187):
0x02C09000 \SystemRoot\system32\ntoskrnl.exe
0x031E5000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00C71000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB5000 \SystemRoot\system32\PSHED.dll
0x00CC9000 \SystemRoot\system32\CLFS.SYS
0x00D27000 \SystemRoot\system32\CI.dll
0x00E0F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F19000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F22000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F2C000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F5F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6C000 \SystemRoot\System32\drivers\partmgr.sys
0x00F81000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F96000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys
0x00C20000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x00C4F000 \SystemRoot\System32\drivers\mountmgr.sys
0x0106B000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0125A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01464000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0146D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01497000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x014A2000 \SystemRoot\system32\drivers\fltmgr.sys
0x014EE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01502000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0160D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0150E000 \SystemRoot\System32\Drivers\msrpc.sys
0x017B0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0156C000 \SystemRoot\System32\Drivers\cng.sys
0x017CA000 \SystemRoot\System32\drivers\pcw.sys
0x017DB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x018B8000 \SystemRoot\system32\drivers\ndis.sys
0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A01000 \SystemRoot\System32\drivers\tcpip.sys
0x019AA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01200000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x019F4000 \SystemRoot\System32\Drivers\spldr.sys
0x01189000 \SystemRoot\System32\drivers\rdyboost.sys
0x0188B000 \SystemRoot\System32\Drivers\mup.sys
0x0189D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C3000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E5000 \SystemRoot\system32\DRIVERS\disk.sys
0x01000000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01030000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02EEB000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x02F83000 \SystemRoot\System32\Drivers\Null.SYS
0x02F8C000 \SystemRoot\System32\Drivers\Beep.SYS
0x02F93000 \SystemRoot\System32\drivers\vga.sys
0x02FA1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FC6000 \SystemRoot\System32\drivers\watchdog.sys
0x02FD6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02FDF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02FE8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02FF1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02E00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02E11000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02E2F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E3C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02E4C000 \SystemRoot\system32\drivers\afd.sys
0x02ED6000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03ED5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03F1A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F23000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F49000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F58000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F90000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03FA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E0C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E17000 \SystemRoot\System32\drivers\discache.sys
0x03E26000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E44000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E55000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03EA2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04044000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x10084000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10D16000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0405A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10D18000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10D5E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x10D6F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10DC5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x10000000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x10057000 \SystemRoot\system32\DRIVERS\serenum.sys
0x10063000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x10DE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0414E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x10073000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04172000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x041A1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0400F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x1007F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0460E000 \SystemRoot\system32\DRIVERS\ks.sys
0x04651000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04663000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x046BD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05823000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05A7F000 \SystemRoot\system32\drivers\portcls.sys
0x05ABC000 \SystemRoot\system32\drivers\drmk.sys
0x05ADE000 \SystemRoot\system32\drivers\ksthunk.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05AE4000 \SystemRoot\System32\drivers\Dxapi.sys
0x05AF0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05AFE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05B0A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05B13000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05B26000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05B43000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05B45000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05B53000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05B6C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05B75000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05B83000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05B90000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05BAB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x05BB9000 \SystemRoot\system32\drivers\luafv.sys
0x046D2000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x05BDC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05800000 \SystemRoot\system32\drivers\WudfPf.sys
0x05BE5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0470C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04724000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x0472B000 \SystemRoot\system32\drivers\HTTP.sys
0x0401E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x015DF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06079000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x060A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x060F4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06117000 \SystemRoot\system32\drivers\peauth.sys
0x061BD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x061C8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06000000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06830000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06898000 \SystemRoot\System32\DRIVERS\srv.sys
0x0692E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77A10000 \Windows\System32\ntdll.dll
0x47E70000 \Windows\System32\smss.exe
0xFFD30000 \Windows\System32\apisetschema.dll
0xFFD30000 \Windows\System32\apisetschema.dll
0x77910000 \Windows\System32\user32.dll
0xFFCF0000 \Windows\System32\imm32.dll
0xFFC10000 \Windows\System32\oleaut32.dll
0xFFC00000 \Windows\System32\nsi.dll
0xFFBF0000 \Windows\System32\lpk.dll
0xFFB10000 \Windows\System32\advapi32.dll
0x77BE0000 \Windows\System32\normaliz.dll
0xFF8B0000 \Windows\System32\iertutil.dll
0x77BD0000 \Windows\System32\psapi.dll
0xFF6A0000 \Windows\System32\ole32.dll
0xFF600000 \Windows\System32\msvcrt.dll
0xFF480000 \Windows\System32\urlmon.dll
0x777F0000 \Windows\System32\kernel32.dll
0xFF460000 \Windows\System32\sechost.dll
0xFF330000 \Windows\System32\rpcrt4.dll
0xFF220000 \Windows\System32\msctf.dll
0xFF040000 \Windows\System32\setupapi.dll
0xFF020000 \Windows\System32\imagehlp.dll
0xFEFA0000 \Windows\System32\shlwapi.dll
0xFEF00000 \Windows\System32\comdlg32.dll
0xFEEB0000 \Windows\System32\Wldap32.dll
0xFEE10000 \Windows\System32\clbcatq.dll
0xFE080000 \Windows\System32\shell32.dll
0xFE030000 \Windows\System32\ws2_32.dll
0xFDF00000 \Windows\System32\wininet.dll
0xFDE90000 \Windows\System32\gdi32.dll
0xFDE10000 \Windows\System32\difxapi.dll
0xFDD40000 \Windows\System32\usp10.dll
0xFDBD0000 \Windows\System32\crypt32.dll
0xFDB60000 \Windows\System32\KernelBase.dll
0xFDB20000 \Windows\System32\cfgmgr32.dll
0xFDA80000 \Windows\System32\comctl32.dll
0xFDA60000 \Windows\System32\devobj.dll
0xFDA20000 \Windows\System32\wintrust.dll
0xFDA10000 \Windows\System32\msasn1.dll
0x776F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 56):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
496 csrss.exe
580 csrss.exe
588 C:\Windows\System32\wininit.exe
664 C:\Windows\System32\services.exe
688 C:\Windows\System32\winlogon.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\nvvsvc.exe
1000 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\svchost.exe
700 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\nvvsvc.exe
1340 C:\Windows\System32\svchost.exe
1424 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1684 C:\Windows\System32\dwm.exe
1720 C:\Windows\explorer.exe
1988 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\taskhost.exe
1048 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\taskeng.exe
1240 C:\Windows\System32\svchost.exe
1568 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2228 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2280 C:\Windows\System32\svchost.exe
2328 C:\Program Files\Intel\TurboBoost\TurboBoost.exe
2488 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2776 WmiPrvSE.exe
2984 WUDFHost.exe
3084 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3108 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3148 C:\Program Files\Windows Sidebar\sidebar.exe
3412 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3420 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3608 WmiPrvSE.exe
3792 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
3824 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3844 C:\Windows\System32\svchost.exe
2196 C:\Windows\System32\SearchIndexer.exe
3320 C:\Windows\System32\SearchProtocolHost.exe
3476 C:\Program Files\Windows Media Player\wmpnetwk.exe
2752 C:\Windows\System32\SearchFilterHost.exe
3936 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4012 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3716 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3600 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4460 C:\Windows\SysWOW64\ctfmon.exe
4924 C:\Users\Kenan\Desktop\MBRCheck.exe
4932 C:\Windows\System32\conhost.exe
4964 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x0000000a`1f500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`1f600000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721010SLA360, Rev: ST6OA3AA

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 92953A81AD1CC9184F426D1342D3BB6F9C82196A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Blottedisk
2011-06-28, 03:54
Please download Combofix from either of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html )
--------------------------------------------------------------------

Right-click and choose "Run as administrator" on Combofix.exe & follow the prompts. When finished, it will produce a report for you.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix )

TitanX
2011-06-28, 06:37
i didnt know windows defender was up, but it still worked.



ComboFix 11-06-27.03 - Kenan 06/27/2011 21:28:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2673 [GMT -6:00]
Running from: c:\users\Kenan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenan\AppData\Local\Temp\D5E4.tmp
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 03:30 . 2011-06-28 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-28 03:27 . 2011-06-28 03:27 -------- d-----w- C:\32788R22FWJFW
2011-06-27 09:31 . 2011-06-27 11:36 -------- d-----w- c:\windows\system32\Wat
2011-06-27 09:31 . 2011-06-27 11:36 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-26 17:20 . 2011-06-28 00:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-26 17:20 . 2011-06-26 17:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-26 17:14 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-26 17:14 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-26 17:14 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-26 17:14 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-26 17:14 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-26 17:14 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-26 17:14 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 17:13 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-26 17:13 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\programdata\AVAST Software
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\program files\AVAST Software
2011-06-26 17:12 . 2011-06-26 17:12 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-06-26 17:12 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-06-26 16:57 . 2011-06-26 16:57 -------- d-----w- c:\program files (x86)\ERUNT
2011-06-26 09:42 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-25 16:35 . 2011-06-25 16:35 -------- d-----w- c:\program files (x86)\AhnLab
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2011-06-25 06:17 . 2011-06-25 06:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-25 06:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-25 06:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-25 06:08 . 2011-06-25 06:08 -------- d-----w- C:\Games
2011-06-25 05:01 . 2011-06-28 00:22 -------- d-----w- c:\windows\system32\catroot2
2011-06-25 04:42 . 2011-06-25 04:42 -------- d-----w- c:\program files\Google
2011-06-25 04:41 . 2011-06-25 04:42 -------- d-----w- c:\program files (x86)\Google
2011-06-25 04:41 . 2011-06-20 14:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16B96430-4423-4DD0-B5FF-DFCB5A2E7CD3}\mpengine.dll
2011-06-25 04:40 . 2011-05-25 01:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-25 04:04 . 2011-06-27 22:29 -------- d-----w- c:\users\Kenan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-25 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002Core.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002UA.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-06-27 21:35:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 03:35
.
Pre-Run: 925,125,455,872 bytes free
Post-Run: 924,344,553,472 bytes free
.
- - End Of File - - 1A0F551E6DE3A7A9B2B2915C73B18266

Blottedisk
2011-06-28, 15:35
Apparently Combofix didn't catch everithing it should.

Please use the instructions on this page to change your DNS servers to use OpenDNS:

OpenDNS Instructions for Win7 (https://store.opendns.com/setup/device/windows-7/print )

After this, flush the DNS cache and web browser cache as recommended.

When finished, please run Combofix again and post the log.

TitanX
2011-06-28, 19:21
ComboFix 11-06-27.04 - Kenan 06/28/2011 10:00:09.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2549 [GMT -6:00]
Running from: c:\users\Kenan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kenan\AppData\Local\Temp\FCD4.tmp
c:\windows\system32\msconfig.exe . . . . Failed to delete
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 12:31 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-06-28 12:30 . 2011-04-22 20:16 696592 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-06-28 09:58 . 2011-06-28 16:46 -------- d-----w- C:\e47ed717fa00f93366d3444833
2011-06-27 17:14 . 2010-03-04 07:57 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-27 17:14 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-06-27 10:00 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-06-27 10:00 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-06-27 10:00 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-06-27 09:59 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-06-27 09:59 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2011-06-27 09:31 . 2011-06-28 16:45 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-27 09:31 . 2011-06-28 16:45 -------- d-----w- c:\windows\system32\Wat
2011-06-26 17:20 . 2011-06-28 11:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-26 17:20 . 2011-06-26 17:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-26 17:14 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-26 17:14 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-26 17:14 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-26 17:14 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-26 17:14 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-26 17:14 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-26 17:14 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 17:13 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-26 17:13 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\programdata\AVAST Software
2011-06-26 17:13 . 2011-06-26 17:13 -------- d-----w- c:\program files\AVAST Software
2011-06-26 17:12 . 2011-06-26 17:12 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-06-26 17:12 . 2010-01-11 01:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-06-26 16:57 . 2011-06-26 16:57 -------- d-----w- c:\program files (x86)\ERUNT
2011-06-26 09:42 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-25 16:35 . 2011-06-25 16:35 -------- d-----w- c:\program files (x86)\AhnLab
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\7-Zip
2011-06-25 06:31 . 2011-06-25 06:31 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2011-06-25 06:17 . 2011-06-25 06:17 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-06-25 06:16 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-25 06:16 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-25 06:16 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-25 06:16 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-25 06:16 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-25 06:16 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-25 06:08 . 2011-06-25 06:08 -------- d-----w- C:\Games
2011-06-25 05:01 . 2011-06-28 14:55 -------- d-----w- c:\windows\system32\catroot2
2011-06-25 04:42 . 2011-06-25 04:42 -------- d-----w- c:\program files\Google
2011-06-25 04:41 . 2011-06-25 04:42 -------- d-----w- c:\program files (x86)\Google
2011-06-25 04:41 . 2011-06-20 14:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16B96430-4423-4DD0-B5FF-DFCB5A2E7CD3}\mpengine.dll
2011-06-25 04:40 . 2011-05-25 01:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-25 04:04 . 2011-06-28 15:48 -------- d-----w- c:\users\Kenan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-25 39408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
c:\users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 04:41]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002Core.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3060185062-2736704051-1977344614-1002UA.job
- c:\users\Kenan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 04:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62}: NameServer = 208.67.222.222,208.67.220.220
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2011-06-28 10:15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 16:15
ComboFix2.txt 2011-06-28 03:35
.
Pre-Run: 922,985,054,208 bytes free
Post-Run: 922,499,575,808 bytes free
.
- - End Of File - - 70876211DE6AC8BCA4A0E8A0FC14798C

Blottedisk
2011-06-29, 04:01
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php ) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


When finished, please also run and post a new DDS log

TitanX
2011-06-29, 05:32
the malwarebytes got nothing....


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6972

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/28/2011 8:27:02 PM
mbam-log-2011-06-28 (20-27-02).txt

Scan type: Quick scan
Objects scanned: 164137
Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



and the DDS

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Kenan at 20:29:18 on 2011-06-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2556 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Kenan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{4A43927A-0255-4F39-B68F-2289E0B5EF62} : DhcpNameServer = 209.18.47.61 209.18.47.62
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-6-26 42184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-13 13336]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-24 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
.
=============== Created Last 30 ================
.
2011-06-29 02:25:25 -------- d-----w- C:\Users\Kenan\AppData\Roaming\Malwarebytes
2011-06-29 02:25:10 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-29 02:25:10 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-29 02:25:07 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-29 02:25:07 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-06-28 16:25:55 6334 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2011-06-28 16:11:18 -------- d-----w- C:\$RECYCLE.BIN
2011-06-28 16:06:45 -------- d-----w- C:\Users\Kenan\AppData\Local\Diagnostics
2011-06-28 16:06:06 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16A9C3C0-26AA-465D-8CEA-654CBD243255}\mpengine.dll
2011-06-28 15:58:32 98816 ----a-w- C:\Windows\sed.exe
2011-06-28 15:58:32 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-28 15:58:32 256512 ----a-w- C:\Windows\PEV.exe
2011-06-28 15:58:32 208896 ----a-w- C:\Windows\MBR.exe
2011-06-28 12:30:59 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-28 09:58:48 -------- d-----w- C:\e47ed717fa00f93366d3444833
2011-06-27 17:14:39 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-27 17:14:38 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
2011-06-27 10:00:04 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-06-27 10:00:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-06-27 10:00:03 214016 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-27 09:59:57 395776 ----a-w- C:\Windows\System32\webio.dll
2011-06-27 09:59:35 112000 ----a-w- C:\Windows\System32\consent.exe
2011-06-27 09:31:43 -------- d-----w- C:\Windows\SysWow64\Wat
2011-06-27 09:31:43 -------- d-----w- C:\Windows\System32\Wat
2011-06-26 17:20:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-26 17:20:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-26 17:14:23 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-06-26 17:14:21 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-06-26 17:13:30 40112 ----a-w- C:\Windows\avastSS.scr
2011-06-26 17:13:25 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-26 17:13:25 -------- d-----w- C:\Program Files\AVAST Software
2011-06-26 17:12:27 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2011-06-26 17:12:27 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-06-26 09:42:42 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-06-25 16:35:48 -------- d-----w- C:\Program Files (x86)\AhnLab
2011-06-25 06:31:43 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2011-06-25 06:16:24 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-06-25 06:16:24 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-06-25 06:16:24 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-06-25 06:16:24 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-06-25 06:16:23 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-06-25 06:16:23 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-25 06:16:23 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-06-25 06:16:23 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-06-25 06:16:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-06-25 06:16:23 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-06-25 06:08:36 -------- d-----w- C:\Games
2011-06-25 05:01:39 -------- d-----w- C:\Windows\System32\catroot2
2011-06-25 04:40:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-25 04:29:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Google
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Deployment
2011-06-25 04:28:37 -------- d-----w- C:\Users\Kenan\AppData\Local\Apps
2011-06-25 04:03:59 -------- d-----w- C:\Recovery
2011-06-25 04:03:58 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 20:31:13.76 ===============

Blottedisk
2011-06-29, 06:02
Good.

Your logs look fine. How's the machine running?

TitanX
2011-06-29, 21:30
its running good right now

TitanX
2011-06-29, 21:32
nvm i just tried a search to check and it still redirected me

Blottedisk
2011-06-29, 23:06
Please download TDSSKiller from one of the following mirrors and save it in your desktop:

This is THE Mirror (http://support.kaspersky.com/downloads/utils/tdsskiller.zip )

Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.


http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png


If a suspicious file is detected, the default action will be Skip, click on Continue.


http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious-1.png


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and
paste the contents of that file here.

TitanX
2011-06-30, 00:52
did it.


2011/06/29 15:47:31.0031 4984 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 15:47:31.0421 4984 ================================================================================
2011/06/29 15:47:31.0421 4984 SystemInfo:
2011/06/29 15:47:31.0421 4984
2011/06/29 15:47:31.0421 4984 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/29 15:47:31.0421 4984 Product type: Workstation
2011/06/29 15:47:31.0421 4984 ComputerName: KENAN-PC
2011/06/29 15:47:31.0421 4984 UserName: Kenan
2011/06/29 15:47:31.0421 4984 Windows directory: C:\Windows
2011/06/29 15:47:31.0421 4984 System windows directory: C:\Windows
2011/06/29 15:47:31.0421 4984 Running under WOW64
2011/06/29 15:47:31.0421 4984 Processor architecture: Intel x64
2011/06/29 15:47:31.0421 4984 Number of processors: 8
2011/06/29 15:47:31.0421 4984 Page size: 0x1000
2011/06/29 15:47:31.0421 4984 Boot type: Normal boot
2011/06/29 15:47:31.0421 4984 ================================================================================
2011/06/29 15:47:32.0450 4984 Initialize success
2011/06/29 15:47:54.0727 4052 ================================================================================
2011/06/29 15:47:54.0727 4052 Scan started
2011/06/29 15:47:54.0727 4052 Mode: Manual;
2011/06/29 15:47:54.0727 4052 ================================================================================
2011/06/29 15:47:55.0601 4052 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/29 15:47:55.0913 4052 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/29 15:47:56.0256 4052 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/29 15:47:56.0568 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/29 15:47:56.0942 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/29 15:47:57.0270 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/29 15:47:57.0597 4052 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/29 15:47:57.0925 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/29 15:47:58.0237 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/29 15:47:58.0565 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/29 15:47:58.0877 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/29 15:47:59.0220 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/29 15:47:59.0532 4052 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/29 15:47:59.0859 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/29 15:48:00.0171 4052 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/29 15:48:00.0483 4052 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/29 15:48:00.0842 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/29 15:48:01.0185 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/29 15:48:01.0544 4052 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/29 15:48:01.0950 4052 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/29 15:48:02.0309 4052 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
2011/06/29 15:48:02.0636 4052 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
2011/06/29 15:48:02.0948 4052 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
2011/06/29 15:48:03.0291 4052 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
2011/06/29 15:48:03.0603 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/29 15:48:03.0884 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/29 15:48:04.0290 4052 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/29 15:48:04.0664 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/29 15:48:04.0992 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/29 15:48:05.0319 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/29 15:48:05.0647 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/29 15:48:05.0943 4052 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/29 15:48:06.0271 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/29 15:48:06.0567 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/29 15:48:06.0895 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/29 15:48:07.0332 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/29 15:48:07.0628 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/29 15:48:07.0940 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/29 15:48:08.0252 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/29 15:48:08.0564 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/29 15:48:08.0923 4052 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/29 15:48:09.0297 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/29 15:48:09.0609 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/29 15:48:09.0968 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/29 15:48:10.0311 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/29 15:48:10.0639 4052 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/29 15:48:10.0935 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/29 15:48:11.0247 4052 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/29 15:48:11.0591 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/29 15:48:11.0918 4052 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/29 15:48:12.0215 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/29 15:48:12.0729 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/29 15:48:13.0057 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/29 15:48:13.0385 4052 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/29 15:48:13.0712 4052 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/06/29 15:48:14.0071 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/29 15:48:14.0430 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/29 15:48:14.0742 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/29 15:48:15.0069 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/29 15:48:15.0381 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/29 15:48:15.0709 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/29 15:48:16.0005 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/29 15:48:16.0302 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/29 15:48:16.0614 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/29 15:48:16.0926 4052 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/29 15:48:17.0269 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/29 15:48:17.0581 4052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/29 15:48:18.0018 4052 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/29 15:48:18.0314 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/29 15:48:18.0642 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/29 15:48:19.0001 4052 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/29 15:48:19.0359 4052 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/29 15:48:19.0687 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/29 15:48:20.0015 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/29 15:48:20.0311 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/29 15:48:20.0654 4052 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/29 15:48:20.0966 4052 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/29 15:48:21.0294 4052 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/29 15:48:21.0606 4052 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/29 15:48:21.0933 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/29 15:48:22.0261 4052 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/29 15:48:22.0620 4052 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/29 15:48:22.0932 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/29 15:48:23.0275 4052 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/29 15:48:23.0634 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/29 15:48:23.0946 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/29 15:48:24.0258 4052 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/29 15:48:24.0585 4052 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/29 15:48:24.0897 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/29 15:48:25.0241 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/29 15:48:25.0584 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/29 15:48:25.0865 4052 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/29 15:48:26.0177 4052 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
2011/06/29 15:48:26.0489 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/29 15:48:26.0816 4052 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/29 15:48:27.0128 4052 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/29 15:48:27.0425 4052 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/29 15:48:27.0783 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/29 15:48:28.0236 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/29 15:48:28.0626 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/29 15:48:28.0953 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/29 15:48:29.0265 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/29 15:48:29.0609 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/29 15:48:29.0936 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/29 15:48:30.0233 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/29 15:48:30.0545 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/29 15:48:30.0841 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/29 15:48:31.0169 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/29 15:48:31.0465 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/29 15:48:31.0793 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/29 15:48:32.0120 4052 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/29 15:48:32.0432 4052 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/29 15:48:32.0775 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/29 15:48:33.0103 4052 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/29 15:48:33.0415 4052 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/29 15:48:33.0711 4052 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/29 15:48:34.0039 4052 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/29 15:48:34.0335 4052 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/29 15:48:34.0632 4052 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/29 15:48:34.0959 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/29 15:48:35.0271 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/29 15:48:35.0568 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/29 15:48:35.0896 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/29 15:48:36.0208 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/29 15:48:36.0520 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/29 15:48:36.0847 4052 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/29 15:48:37.0190 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/29 15:48:37.0518 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/29 15:48:37.0846 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/29 15:48:38.0158 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/29 15:48:38.0501 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/29 15:48:38.0828 4052 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/29 15:48:39.0172 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/29 15:48:39.0484 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/29 15:48:39.0811 4052 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/29 15:48:40.0108 4052 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/29 15:48:40.0420 4052 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/29 15:48:40.0732 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/29 15:48:41.0059 4052 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/29 15:48:41.0387 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/29 15:48:41.0683 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/29 15:48:42.0011 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/29 15:48:42.0323 4052 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/29 15:48:42.0650 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/29 15:48:43.0165 4052 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/29 15:48:43.0633 4052 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/29 15:48:43.0961 4052 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/29 15:48:44.0273 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/29 15:48:44.0585 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/29 15:48:44.0912 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/29 15:48:45.0224 4052 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/29 15:48:45.0568 4052 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/29 15:48:45.0926 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/29 15:48:46.0254 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/29 15:48:46.0582 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/29 15:48:46.0940 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/29 15:48:47.0330 4052 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/29 15:48:47.0627 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/29 15:48:47.0970 4052 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/29 15:48:48.0282 4052 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/29 15:48:48.0594 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/29 15:48:48.0922 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/29 15:48:49.0234 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/29 15:48:49.0546 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/29 15:48:49.0858 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/29 15:48:50.0185 4052 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/29 15:48:50.0497 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/29 15:48:50.0809 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/29 15:48:51.0152 4052 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/29 15:48:51.0464 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/29 15:48:51.0776 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/29 15:48:52.0104 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/29 15:48:52.0416 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/29 15:48:52.0712 4052 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/29 15:48:53.0071 4052 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/29 15:48:53.0430 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/29 15:48:53.0742 4052 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/29 15:48:54.0070 4052 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/29 15:48:54.0397 4052 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/29 15:48:54.0725 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/29 15:48:55.0099 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/29 15:48:55.0411 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/29 15:48:55.0723 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/29 15:48:56.0082 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/29 15:48:56.0378 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/29 15:48:56.0690 4052 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/29 15:48:57.0018 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/29 15:48:57.0330 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/29 15:48:57.0642 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/29 15:48:57.0954 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/29 15:48:58.0266 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/29 15:48:58.0609 4052 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/06/29 15:48:58.0937 4052 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/29 15:48:59.0264 4052 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/29 15:48:59.0608 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/29 15:48:59.0935 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/29 15:49:00.0310 4052 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/29 15:49:00.0653 4052 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/29 15:49:00.0996 4052 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/29 15:49:01.0324 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/29 15:49:01.0636 4052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/29 15:49:01.0963 4052 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/29 15:49:02.0275 4052 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/29 15:49:02.0618 4052 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/29 15:49:02.0946 4052 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/29 15:49:03.0320 4052 TurboB (f37d49111a12a97de4bb5d8ff444bd2c) C:\Windows\system32\DRIVERS\TurboB.sys
2011/06/29 15:49:03.0664 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/29 15:49:03.0991 4052 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/29 15:49:04.0334 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/29 15:49:04.0678 4052 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/29 15:49:05.0021 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/29 15:49:05.0348 4052 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/29 15:49:05.0676 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/29 15:49:05.0988 4052 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/29 15:49:06.0347 4052 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/29 15:49:06.0659 4052 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/29 15:49:06.0971 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/29 15:49:07.0298 4052 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/29 15:49:07.0626 4052 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/29 15:49:07.0938 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/29 15:49:08.0266 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/29 15:49:08.0593 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/29 15:49:08.0952 4052 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/29 15:49:09.0295 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/29 15:49:09.0607 4052 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/29 15:49:09.0919 4052 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/29 15:49:10.0231 4052 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/29 15:49:10.0559 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/29 15:49:10.0871 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/29 15:49:11.0214 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/29 15:49:11.0542 4052 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 15:49:11.0557 4052 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 15:49:11.0869 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/29 15:49:12.0181 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/29 15:49:12.0524 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/29 15:49:12.0868 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/29 15:49:13.0258 4052 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/29 15:49:13.0601 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/29 15:49:13.0960 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/29 15:49:14.0303 4052 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/29 15:49:14.0630 4052 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/29 15:49:14.0662 4052 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/06/29 15:49:14.0662 4052 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/29 15:49:14.0677 4052 Boot (0x1200) (a0f1d095859f224660068e07dda879b3) \Device\Harddisk0\DR0\Partition0
2011/06/29 15:49:14.0677 4052 Boot (0x1200) (f2a067e69ce86c5514f0e4224baa896f) \Device\Harddisk0\DR0\Partition1
2011/06/29 15:49:14.0693 4052 Boot (0x1200) (224ef054fb776c6e3e421cba1425ae8f) \Device\Harddisk0\DR0\Partition2
2011/06/29 15:49:14.0693 4052 ================================================================================
2011/06/29 15:49:14.0693 4052 Scan finished
2011/06/29 15:49:14.0693 4052 ================================================================================
2011/06/29 15:49:14.0708 4908 Detected object count: 1
2011/06/29 15:49:14.0708 4908 Actual detected object count: 1
2011/06/29 15:49:27.0032 4908 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/29 15:49:27.0032 4908 \Device\Harddisk0\DR0 - ok
2011/06/29 15:49:27.0032 4908 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/29 15:49:30.0776 3308 Deinitialize success

Blottedisk
2011-06-30, 04:06
Great. The bootkit is gone.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

TitanX
2011-06-30, 04:25
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6983

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/29/2011 7:24:46 PM
mbam-log-2011-06-29 (19-24-46).txt

Scan type: Quick scan
Objects scanned: 164200
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blottedisk
2011-06-30, 04:59
How's the machine working?

TitanX
2011-06-30, 05:14
it seems to be working fine, no redirect or random blue screens

Blottedisk
2011-06-30, 05:23
Let's perform an ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html ).


Please go here (http://www.eset.com/onlinescan/ ) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif (Selecting Uninstall application on close if you so wish)

TitanX
2011-06-30, 06:02
wow....short log...


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Blottedisk
2011-06-30, 16:26
Congratulations, we are done :)


Please follow this last set of instructions:


Step 1 | Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:

ComboFix /Uninstall

Please advise if this step is missed for any reason as it performs some important actions.

Step 2 | Let's defragment your hard drive. This operation may take several hours, so it would be a good idea to star it just before going to work, school, bed, etc.

Click the Windows Start button.
In the search bar type in “disk defragmenter” and click on the program link to open it.
Click on “Defragment disk” button near the bottom.
The program will begin analyzing your hard drive and begin defraging.


Last Step | Now, in order to avoid future infections, please take time to read the following article:

So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279 )

Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed :)

TitanX
2011-07-01, 19:11
alright i wanted to wait a day to see how it works over time and it seems to be running well. thank you for all your help with this.

Blottedisk
2011-07-01, 20:51
You are welcome ;)

Blottedisk
2011-07-01, 20:51
Since this issue appears to be resolved, this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.