JayBG needs help with malware removal
Hi,
I'm new to the forum but have had a problem for a few months now. I believed it was just adware that would pop up a new IE window, which was annoying but not necessarily malicious. Recently, though my computer will crash whenever video is run (seems to crash all video except WMV files).
Some background:
- Computer is several years old running Windows XP Home with service pack updates
- we've been running AVAST! as our primary protection
- based on some other sites I've tried Malewarebytes' Anti-Malware and Advanced System Care for periodic scans and system optimization (including registry fixes, which I now see is not recommended by this site)
As directed by "before you post" thread, I have:
- run ERUNT and created a registry backup point for this morning
- run DDS with the DDS.txt file following and ATTACH.txt as an attachment
Please let me know what to do next .... THANKS !!!!!!!!!!!!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Run by ZZadmin at 10:41:03 on 2011-11-14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.393 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://file.net/process/_a.html
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} - hxxps://mygmgw.gm.com/http://usabhma20.mail.gm.com/iNotes.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma10.mail.gm.com/iNotes6W.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/12838be1816f2a23e906/netzip/RdxIE601.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mygmgw.gm.com/http://usabhembma10.mail.gm.com/dwa8W.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{00D379ED-BD69-48C0-AC8D-9E38EFC56EEA} : NameServer = 192.168.1.1
Notify: Themes - c:\windows\system32\o6480ghue6480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\zzadmin\application data\mozilla\firefox\profiles\u7mv6nbs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-25 13496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-13 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-6-25 320856]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-25 353168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-24 44768]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-25 821080]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2004-10-14 86098]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
S0 shzu;shzu;c:\windows\system32\drivers\mpfy.sys --> c:\windows\system32\drivers\mpfy.sys [?]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-8-21 24636]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2006-11-7 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-24 136176]
S3 niemrkw;niemrkw;c:\windows\system32\drivers\niemrkw.sys --> c:\windows\system32\drivers\niemrkw.sys [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-9-2 50704]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2005-9-29 131776]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 usb6xxxkw;usb6xxxkw;c:\windows\system32\drivers\usb6xxxkw.sys --> c:\windows\system32\drivers\usb6xxxkw.sys [?]
S3 usb9162k;NI-USB 9162 Carrier Loader Driver;c:\windows\system32\drivers\usb9162k.sys --> c:\windows\system32\drivers\usb9162k.sys [?]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 NiRioRpc;National Instruments RIO Server;c:\windows\system32\niriorpc.exe --> c:\windows\system32\NiRioRpc.exe [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2020-08-11 14:37:27 3991 ----a-w- c:\windows\system32\kbdcache.dll
.
==================== Find3M ====================
.
2011-11-06 19:03:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160021A rev.3.04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BEAEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85952872; SUB DWORD [EBP-0x4], 0x8595212e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86FCCAB8]
3 CLASSPNP[0xF759005B] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000070[0x86EC59E8]
5 ACPI[0xF73CE620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F25940]
[0x86DE6A78] -> IRP_MJ_CREATE -> 0x86BEAEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST3160021A______________________________3.04____#4a35325348354748202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86BEAAEA
\Driver\atapi -> 0x86fd71f8
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 10:48:28.20 ===============
Another symptom I forgot to mention was that Google searches get hijacked ... the search seems successful, but the links in the search results are all redirected to somewhere unintended by the user or Google.
Thanks once again and let me know the next steps, PLEASE!!
SpyBot S&D results:
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $5E6E3641] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BED3930-2E9E-76D8-BACC-80DF2188D455}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $8222F1A1] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}
CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\TTB000001
CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\TTB000001
CouponBar: [SBI $0508B240] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\TTB000001
SearchPixieBar: [SBI $B4D617E4] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\BestToolbars\IEToolbar
Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\wnxmal
Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\wnxmal
Fraud.Sysguard: [SBI $3BC81493] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-18\Software\wnxmal
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, fixing failed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes
SpyOnThis: [SBI $6CD506DA] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{2A1E37A4-04F1-5535-0715-F2C7C83EB4EE}
SpyOnThis: [SBI $440C9E27] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{041B0275E8944912A}
SpyOnThis: [SBI $E281A2CC] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses\{I41B0275E8944912A}
SpyOnThis: [SBI $2517715A] Program directory (Directory, fixed)
C:\Program Files\SpyOnThis\
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
Fraud.Codec.x3: [SBI $7DC4C6ED] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1019\Software\Microsoft\Internet Explorer\DOMStorage\grooveshark.com
GameVance: [SBI $E776375B] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\gvtl
GameVance: [SBI $E776375B] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\gvtl
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\FBSearch
FastBrowserSearchToolbar: [SBI $0ECF0F00] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1012\Software\FBSearch
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1006\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1007\Software\TBSB07183
FastBrowserSearchToolbar: [SBI $278DF143] Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1011\Software\TBSB07183
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-1094779051-1531272271-1340405700-1005\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
DSSAgent: [SBI $BF58EA32] Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Broderbund software\dss
Smitfraud-C.MSVPS: [SBI $6FE8300C] Text file (File, fixed)
C:\WINDOWS\dat.txt
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Right Media: Tracking cookie (Internet Explorer: ZZadmin) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Guest (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: Kyle (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Right Media: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
BlueStreak: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
BurstMedia: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
HitsLink: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
CoreMetrics: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
LinkSynergy: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
LinkSynergy: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
AdRevolver: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
AdRevolver: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
CoreMetrics: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Olivia (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
FastClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: ZZadmin (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-11-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-10-31 Includes\Malware.sbi (*)
2011-11-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-09 Includes\TrojansC-02.sbi (*)
2011-11-09 Includes\TrojansC-03.sbi (*)
2011-10-28 Includes\TrojansC-04.sbi (*)
2011-11-03 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
TDSSkiller and SSD results
FIRST, let me say THANKS a MILLION !! Your time and effort are greatly appreciated.
TDSSKiller.2.6.18.0_15.11.2011_23.42.07_log
----------------------------------------------
23:42:07.0968 4084 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
23:42:08.0468 4084 ============================================================
23:42:08.0468 4084 Current date / time: 2011/11/15 23:42:08.0468
23:42:08.0468 4084 SystemInfo:
23:42:08.0468 4084
23:42:08.0468 4084 OS Version: 5.1.2600 ServicePack: 2.0
23:42:08.0468 4084 Product type: Workstation
23:42:08.0468 4084 ComputerName: CINDIE
23:42:08.0468 4084 UserName: ZZadmin
23:42:08.0468 4084 Windows directory: C:\WINDOWS
23:42:08.0468 4084 System windows directory: C:\WINDOWS
23:42:08.0468 4084 Processor architecture: Intel x86
23:42:08.0468 4084 Number of processors: 2
23:42:08.0468 4084 Page size: 0x1000
23:42:08.0468 4084 Boot type: Normal boot
23:42:08.0484 4084 ============================================================
23:42:08.0484 4084 SetPrivileges failed!
23:42:10.0625 4084 Initialize success
23:42:29.0453 0720 ============================================================
23:42:29.0453 0720 Scan started
23:42:29.0453 0720 Mode: Manual;
23:42:29.0453 0720 ============================================================
23:42:29.0734 0720 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:42:29.0734 0720 Aavmker4 - ok
23:42:29.0812 0720 Abiosdsk - ok
23:42:29.0875 0720 abp480n5 - ok
23:42:29.0968 0720 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:42:29.0984 0720 ACPI - ok
23:42:30.0093 0720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:42:30.0093 0720 ACPIEC - ok
23:42:30.0140 0720 adpu160m - ok
23:42:30.0234 0720 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
23:42:30.0234 0720 aeaudio - ok
23:42:30.0328 0720 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:42:30.0328 0720 aec - ok
23:42:30.0453 0720 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:42:30.0453 0720 AFD - ok
23:42:30.0625 0720 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:42:30.0718 0720 AgereSoftModem - ok
23:42:30.0843 0720 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:42:30.0843 0720 agp440 - ok
23:42:30.0890 0720 Aha154x - ok
23:42:30.0953 0720 aic78u2 - ok
23:42:31.0031 0720 aic78xx - ok
23:42:31.0078 0720 AliIde - ok
23:42:31.0125 0720 amsint - ok
23:42:31.0218 0720 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:42:31.0218 0720 Arp1394 - ok
23:42:31.0250 0720 asc - ok
23:42:31.0296 0720 asc3350p - ok
23:42:31.0328 0720 asc3550 - ok
23:42:31.0421 0720 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:42:31.0421 0720 aswFsBlk - ok
23:42:31.0468 0720 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
23:42:31.0484 0720 aswMon2 - ok
23:42:31.0562 0720 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
23:42:31.0562 0720 aswRdr - ok
23:42:31.0656 0720 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
23:42:31.0718 0720 aswSnx - ok
23:42:31.0875 0720 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
23:42:31.0890 0720 aswSP - ok
23:42:32.0000 0720 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
23:42:32.0015 0720 aswTdi - ok
23:42:32.0078 0720 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:42:32.0078 0720 AsyncMac - ok
23:42:32.0125 0720 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:42:32.0140 0720 atapi - ok
23:42:32.0171 0720 Atdisk - ok
23:42:32.0265 0720 ati2mtag (8a4bb7291606fba4eaafd7b5604255a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:42:32.0296 0720 ati2mtag - ok
23:42:32.0421 0720 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:42:32.0437 0720 Atmarpc - ok
23:42:32.0562 0720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:42:32.0562 0720 audstub - ok
23:42:32.0687 0720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:42:32.0687 0720 Beep - ok
23:42:32.0828 0720 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
23:42:32.0843 0720 Bridge - ok
23:42:32.0859 0720 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
23:42:32.0859 0720 BridgeMP - ok
23:42:32.0968 0720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:42:32.0968 0720 cbidf2k - ok
23:42:33.0046 0720 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:42:33.0046 0720 CCDECODE - ok
23:42:33.0078 0720 cd20xrnt - ok
23:42:33.0171 0720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:42:33.0171 0720 Cdaudio - ok
23:42:33.0234 0720 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:42:33.0234 0720 Cdfs - ok
23:42:33.0281 0720 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:42:33.0296 0720 Cdrom - ok
23:42:33.0328 0720 Changer - ok
23:42:33.0390 0720 CmdIde - ok
23:42:33.0453 0720 Cpqarray - ok
23:42:33.0531 0720 dac2w2k - ok
23:42:33.0593 0720 dac960nt - ok
23:42:33.0718 0720 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:42:33.0718 0720 Disk - ok
23:42:33.0843 0720 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:42:33.0875 0720 dmboot - ok
23:42:34.0000 0720 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
23:42:34.0000 0720 DMICall - ok
23:42:34.0078 0720 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:42:34.0078 0720 dmio - ok
23:42:34.0171 0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:42:34.0171 0720 dmload - ok
23:42:34.0250 0720 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:42:34.0250 0720 DMusic - ok
23:42:34.0312 0720 dpti2o - ok
23:42:34.0375 0720 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:42:34.0375 0720 drmkaud - ok
23:42:34.0515 0720 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:42:34.0515 0720 E100B - ok
23:42:34.0640 0720 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
23:42:34.0640 0720 FANTOM - ok
23:42:34.0718 0720 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:42:34.0718 0720 Fastfat - ok
23:42:34.0890 0720 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:42:34.0890 0720 Fdc - ok
23:42:35.0125 0720 FileMonitor (f1fc45d2712d0aafee45a728fbe16062) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
23:42:35.0125 0720 FileMonitor - ok
23:42:35.0250 0720 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:42:35.0250 0720 Fips - ok
23:42:35.0312 0720 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:42:35.0312 0720 Flpydisk - ok
23:42:35.0406 0720 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
23:42:35.0406 0720 FltMgr - ok
23:42:35.0484 0720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:42:35.0500 0720 Fs_Rec - ok
23:42:35.0578 0720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:42:35.0593 0720 Ftdisk - ok
23:42:35.0687 0720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:42:35.0703 0720 GEARAspiWDM - ok
23:42:35.0828 0720 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:42:35.0828 0720 Gpc - ok
23:42:35.0968 0720 hcmon (ac6586971883c28c1d9e77f921b6105f) C:\WINDOWS\system32\drivers\hcmon.sys
23:42:35.0968 0720 hcmon - ok
23:42:36.0062 0720 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:42:36.0062 0720 HidUsb - ok
23:42:36.0125 0720 hpn - ok
23:42:36.0203 0720 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:42:36.0218 0720 HPZid412 - ok
23:42:36.0296 0720 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:42:36.0296 0720 HPZipr12 - ok
23:42:36.0375 0720 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:42:36.0375 0720 HPZius12 - ok
23:42:36.0500 0720 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:42:36.0515 0720 HTTP - ok
23:42:36.0593 0720 i2omgmt - ok
23:42:36.0656 0720 i2omp - ok
23:42:36.0781 0720 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:42:36.0781 0720 i8042prt - ok
23:42:36.0875 0720 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:42:36.0890 0720 ialm - ok
23:42:36.0968 0720 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:42:36.0968 0720 Imapi - ok
23:42:37.0031 0720 ini910u - ok
23:42:37.0093 0720 IntelIde - ok
23:42:37.0171 0720 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:42:37.0171 0720 intelppm - ok
23:42:37.0250 0720 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:42:37.0250 0720 ip6fw - ok
23:42:37.0343 0720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:42:37.0343 0720 IpFilterDriver - ok
23:42:37.0421 0720 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:42:37.0421 0720 IpInIp - ok
23:42:37.0468 0720 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:42:37.0484 0720 IpNat - ok
23:42:37.0609 0720 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:42:37.0609 0720 IPSec - ok
23:42:37.0656 0720 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:42:37.0656 0720 IRENUM - ok
23:42:37.0765 0720 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:42:37.0765 0720 isapnp - ok
23:42:37.0890 0720 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:42:37.0890 0720 Kbdclass - ok
23:42:37.0937 0720 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:42:37.0953 0720 kmixer - ok
23:42:38.0046 0720 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:42:38.0046 0720 KSecDD - ok
23:42:38.0109 0720 lbrtfdc - ok
23:42:38.0234 0720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:42:38.0234 0720 mnmdd - ok
23:42:38.0328 0720 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:42:38.0328 0720 Modem - ok
23:42:38.0375 0720 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:42:38.0375 0720 Mouclass - ok
23:42:38.0453 0720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:42:38.0468 0720 mouhid - ok
23:42:38.0578 0720 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:42:38.0578 0720 MountMgr - ok
23:42:38.0640 0720 mraid35x - ok
23:42:38.0734 0720 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:42:38.0734 0720 MRxDAV - ok
23:42:38.0890 0720 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:42:38.0921 0720 MRxSmb - ok
23:42:39.0046 0720 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:42:39.0062 0720 Msfs - ok
23:42:39.0109 0720 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:42:39.0109 0720 MSKSSRV - ok
23:42:39.0187 0720 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:42:39.0187 0720 MSPCLOCK - ok
23:42:39.0281 0720 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:42:39.0281 0720 MSPQM - ok
23:42:39.0359 0720 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:42:39.0359 0720 mssmbios - ok
23:42:39.0437 0720 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:42:39.0437 0720 MSTEE - ok
23:42:39.0500 0720 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:42:39.0500 0720 Mup - ok
23:42:39.0593 0720 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:42:39.0609 0720 NABTSFEC - ok
23:42:39.0718 0720 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:42:39.0718 0720 NDIS - ok
23:42:39.0843 0720 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:42:39.0843 0720 NdisIP - ok
23:42:39.0921 0720 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:42:39.0921 0720 NdisTapi - ok
23:42:40.0015 0720 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:42:40.0015 0720 Ndisuio - ok
23:42:40.0062 0720 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:42:40.0062 0720 NdisWan - ok
23:42:40.0156 0720 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:42:40.0156 0720 NDProxy - ok
23:42:40.0234 0720 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:42:40.0234 0720 NetBIOS - ok
23:42:40.0343 0720 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:42:40.0359 0720 NetBT - ok
23:42:40.0468 0720 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:42:40.0468 0720 NIC1394 - ok
23:42:40.0515 0720 niemrkw - ok
23:42:40.0656 0720 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:42:40.0656 0720 nm - ok
23:42:40.0734 0720 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
23:42:40.0750 0720 NPF - ok
23:42:40.0859 0720 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:42:40.0859 0720 Npfs - ok
23:42:40.0921 0720 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:42:40.0937 0720 Ntfs - ok
23:42:41.0093 0720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:42:41.0093 0720 Null - ok
23:42:41.0171 0720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:42:41.0171 0720 NwlnkFlt - ok
23:42:41.0250 0720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:42:41.0265 0720 NwlnkFwd - ok
23:42:41.0343 0720 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:42:41.0343 0720 ohci1394 - ok
23:42:41.0468 0720 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:42:41.0468 0720 Parport - ok
23:42:41.0609 0720 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:42:41.0609 0720 PartMgr - ok
23:42:41.0718 0720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:42:41.0718 0720 ParVdm - ok
23:42:41.0796 0720 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:42:41.0812 0720 PCI - ok
23:42:41.0890 0720 PCIDump - ok
23:42:42.0015 0720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:42:42.0015 0720 PCIIde - ok
23:42:42.0140 0720 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:42:42.0140 0720 Pcmcia - ok
23:42:42.0187 0720 PDCOMP - ok
23:42:42.0234 0720 PDFRAME - ok
23:42:42.0281 0720 PDRELI - ok
23:42:42.0312 0720 PDRFRAME - ok
23:42:42.0359 0720 perc2 - ok
23:42:42.0406 0720 perc2hib - ok
23:42:42.0562 0720 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:42:42.0578 0720 PptpMiniport - ok
23:42:42.0656 0720 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
23:42:42.0656 0720 Processor - ok
23:42:42.0734 0720 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:42:42.0750 0720 PSched - ok
23:42:42.0828 0720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:42:42.0843 0720 Ptilink - ok
23:42:42.0921 0720 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:42:42.0937 0720 PxHelp20 - ok
23:42:42.0984 0720 ql1080 - ok
23:42:43.0031 0720 Ql10wnt - ok
23:42:43.0062 0720 ql12160 - ok
23:42:43.0109 0720 ql1240 - ok
23:42:43.0156 0720 ql1280 - ok
23:42:43.0234 0720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:42:43.0234 0720 RasAcd - ok
23:42:43.0328 0720 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:42:43.0328 0720 Rasl2tp - ok
23:42:43.0406 0720 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:42:43.0406 0720 RasPppoe - ok
23:42:43.0500 0720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:42:43.0515 0720 Raspti - ok
23:42:43.0640 0720 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:42:43.0640 0720 Rdbss - ok
23:42:43.0796 0720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:42:43.0796 0720 RDPCDD - ok
23:42:43.0906 0720 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:42:43.0906 0720 RDPWD - ok
23:42:44.0031 0720 redbook (86d3afb02bef12949b26e0ba966bd252) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:42:44.0031 0720 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 86d3afb02bef12949b26e0ba966bd252, Fake md5: b31b4588e4086d8d84adbf9845c2402b
23:42:44.0031 0720 redbook ( Rootkit.Win32.TDSS.tdl3 ) - infected
23:42:44.0031 0720 redbook - detected Rootkit.Win32.TDSS.tdl3 (0)
23:42:44.0234 0720 RegFilter (2ca761ce3abb7bbbb9c5519b2fb54f5e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
23:42:44.0234 0720 RegFilter - ok
23:42:44.0343 0720 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
23:42:44.0359 0720 RimVSerPort - ok
23:42:44.0484 0720 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
23:42:44.0500 0720 RsFx0102 - ok
23:42:44.0640 0720 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:42:44.0640 0720 Secdrv - ok
23:42:44.0750 0720 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
23:42:44.0750 0720 Serial - ok
23:42:44.0890 0720 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:42:44.0890 0720 Sfloppy - ok
23:42:44.0968 0720 shzu - ok
23:42:45.0031 0720 Simbad - ok
23:42:45.0125 0720 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:42:45.0140 0720 SLIP - ok
23:42:45.0218 0720 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
23:42:45.0218 0720 SmartDefragDriver - ok
23:42:45.0328 0720 smrt (72d7eb6c2baab40683b4c71920990f7d) C:\WINDOWS\system32\DRIVERS\smrt.sys
23:42:45.0390 0720 smrt - ok
23:42:45.0531 0720 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
23:42:45.0593 0720 smwdm - ok
23:42:45.0687 0720 Sparrow - ok
23:42:45.0796 0720 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:42:45.0812 0720 splitter - ok
23:42:45.0953 0720 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
23:42:45.0968 0720 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
23:42:45.0968 0720 sptd ( LockedFile.Multi.Generic ) - warning
23:42:45.0968 0720 sptd - detected LockedFile.Multi.Generic (1)
23:42:46.0109 0720 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:42:46.0109 0720 sr - ok
23:42:46.0265 0720 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:42:46.0281 0720 Srv - ok
23:42:46.0421 0720 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
23:42:46.0421 0720 StarOpen - ok
23:42:46.0546 0720 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
23:42:46.0546 0720 StillCam - ok
23:42:46.0734 0720 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:42:46.0734 0720 streamip - ok
23:42:46.0843 0720 STVqx3 (65ba7d9daca76f67bb5a62f3570c5fe5) C:\WINDOWS\system32\drivers\STVqx3.sys
23:42:46.0843 0720 STVqx3 - ok
23:42:47.0000 0720 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:42:47.0000 0720 swenum - ok
23:42:47.0078 0720 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:42:47.0093 0720 swmidi - ok
23:42:47.0171 0720 symc810 - ok
23:42:47.0250 0720 symc8xx - ok
23:42:47.0312 0720 sym_hi - ok
23:42:47.0375 0720 sym_u3 - ok
23:42:47.0484 0720 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:42:47.0484 0720 sysaudio - ok
23:42:47.0625 0720 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:42:47.0640 0720 Tcpip - ok
23:42:47.0765 0720 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:42:47.0765 0720 TDPIPE - ok
23:42:47.0875 0720 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:42:47.0875 0720 TDTCP - ok
23:42:48.0031 0720 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
23:42:48.0031 0720 teamviewervpn - ok
23:42:48.0140 0720 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:42:48.0140 0720 TermDD - ok
23:42:48.0234 0720 TMPassthruMP - ok
23:42:48.0296 0720 TosIde - ok
23:42:48.0421 0720 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:42:48.0421 0720 Udfs - ok
23:42:48.0531 0720 ultra - ok
23:42:48.0656 0720 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
23:42:48.0671 0720 Update - ok
23:42:48.0906 0720 UrlFilter (62551ba687f1d0f582810cfa37384bb0) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
23:42:48.0906 0720 UrlFilter - ok
23:42:49.0000 0720 usb6xxxkw - ok
23:42:49.0078 0720 usb9162k - ok
23:42:49.0187 0720 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:42:49.0203 0720 USBAAPL - ok
23:42:49.0265 0720 usbbus - ok
23:42:49.0375 0720 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:42:49.0375 0720 usbccgp - ok
23:42:49.0468 0720 UsbDiag - ok
23:42:49.0578 0720 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:42:49.0578 0720 usbehci - ok
23:42:49.0687 0720 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:42:49.0687 0720 usbhub - ok
23:42:49.0765 0720 USBModem - ok
23:42:49.0875 0720 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:42:49.0875 0720 usbprint - ok
23:42:49.0968 0720 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:42:49.0968 0720 usbscan - ok
23:42:50.0062 0720 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:42:50.0062 0720 usbstor - ok
23:42:50.0140 0720 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:42:50.0140 0720 usbuhci - ok
23:42:50.0328 0720 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:42:50.0328 0720 VgaSave - ok
23:42:50.0359 0720 ViaIde - ok
23:42:50.0453 0720 vmci (eca058fdf9105001b113441f6d420fa4) C:\WINDOWS\system32\Drivers\vmci.sys
23:42:50.0468 0720 vmci - ok
23:42:50.0578 0720 vmkbd (c993e9325c68dd1f6ee4a8151b34f442) C:\WINDOWS\system32\drivers\VMkbd.sys
23:42:50.0593 0720 vmkbd - ok
23:42:50.0687 0720 VMnetAdapter (898706a05d20b706848a440961c52436) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
23:42:50.0687 0720 VMnetAdapter - ok
23:42:50.0765 0720 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
23:42:50.0781 0720 VMnetBridge - ok
23:42:50.0843 0720 VMnetuserif (5f1ba57c5882cedf70b14de331f06ee0) C:\WINDOWS\system32\drivers\vmnetuserif.sys
23:42:50.0843 0720 VMnetuserif - ok
23:42:50.0921 0720 VMparport (c04e55f58d9871da1b153b48889f594f) C:\WINDOWS\system32\Drivers\VMparport.sys
23:42:50.0937 0720 VMparport - ok
23:42:51.0031 0720 vmusb (25017db6451b002158db425961a82b7b) C:\WINDOWS\system32\Drivers\vmusb.sys
23:42:51.0031 0720 vmusb - ok
23:42:51.0171 0720 vmx86 (72defa27db4a31e11740e12d745a70f3) C:\WINDOWS\system32\Drivers\vmx86.sys
23:42:51.0203 0720 vmx86 - ok
23:42:51.0328 0720 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:42:51.0328 0720 VolSnap - ok
23:42:51.0484 0720 vstor2-ws60 (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
23:42:51.0484 0720 vstor2-ws60 - ok
23:42:51.0640 0720 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:42:51.0640 0720 Wanarp - ok
23:42:51.0750 0720 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23:42:51.0750 0720 wanatw - ok
23:42:51.0796 0720 WDICA - ok
23:42:51.0875 0720 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:42:51.0890 0720 wdmaud - ok
23:42:52.0125 0720 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:42:52.0125 0720 WpdUsb - ok
23:42:52.0218 0720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:42:52.0234 0720 WS2IFSL - ok
23:42:52.0328 0720 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:42:52.0328 0720 WSTCODEC - ok
23:42:52.0421 0720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:42:52.0437 0720 WudfPf - ok
23:42:52.0500 0720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:42:52.0500 0720 WudfRd - ok
23:42:52.0671 0720 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
23:42:52.0687 0720 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
23:42:52.0843 0720 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
23:42:52.0843 0720 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
23:42:52.0875 0720 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
23:42:53.0109 0720 \Device\Harddisk0\DR0 - ok
23:42:53.0125 0720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:42:53.0140 0720 \Device\Harddisk1\DR1 - ok
23:42:53.0156 0720 Boot (0x1200) (711c73626a2c51579528f2eb42a25390) \Device\Harddisk0\DR0\Partition0
23:42:53.0156 0720 \Device\Harddisk0\DR0\Partition0 - ok
23:42:53.0171 0720 Boot (0x1200) (44915dd5061ea9ca725b40cb52ee464b) \Device\Harddisk1\DR1\Partition0
23:42:53.0171 0720 \Device\Harddisk1\DR1\Partition0 - ok
23:42:53.0187 0720 ============================================================
23:42:53.0187 0720 Scan finished
23:42:53.0187 0720 ============================================================
23:42:53.0218 0396 Detected object count: 2
23:42:53.0218 0396 Actual detected object count: 2
23:44:42.0531 0396 Backup copy found, using it..
23:44:42.0562 0396 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
23:44:42.0562 0396 redbook ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
23:44:42.0562 0396 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:44:42.0562 0396 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:45:20.0421 3264 Deinitialize success
SSD results:
-------------------------------
DoubleClick: Tracking cookie (Firefox: Emily (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-11-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-10-31 Includes\Malware.sbi (*)
2011-11-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-09 Includes\TrojansC-02.sbi (*)
2011-11-09 Includes\TrojansC-03.sbi (*)
2011-10-28 Includes\TrojansC-04.sbi (*)
2011-11-03 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll