Author Topic: Kept getting blocked/redirected on internet explorer (Read 28951 times)

shag · « **Reply #15 on:** February 20, 2011, 02:03:02 PM »

ok.

2011/02/20 14:41:45.0250 3268   TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/20 14:41:45.0343 3268   ================================================================================
2011/02/20 14:41:45.0343 3268   SystemInfo:
2011/02/20 14:41:45.0343 3268
2011/02/20 14:41:45.0343 3268   OS Version: 5.1.2600 ServicePack: 3.0
2011/02/20 14:41:45.0343 3268   Product type: Workstation
2011/02/20 14:41:45.0343 3268   ComputerName: LEACH
2011/02/20 14:41:45.0343 3268   UserName: Chris
2011/02/20 14:41:45.0343 3268   Windows directory: C:\WINDOWS
2011/02/20 14:41:45.0343 3268   System windows directory: C:\WINDOWS
2011/02/20 14:41:45.0343 3268   Processor architecture: Intel x86
2011/02/20 14:41:45.0343 3268   Number of processors: 2
2011/02/20 14:41:45.0343 3268   Page size: 0x1000
2011/02/20 14:41:45.0343 3268   Boot type: Normal boot
2011/02/20 14:41:45.0343 3268   ================================================================================
2011/02/20 14:41:46.0406 3268   Initialize success
2011/02/20 14:41:56.0406 3688   ================================================================================
2011/02/20 14:41:56.0406 3688   Scan started
2011/02/20 14:41:56.0421 3688   Mode: Manual;
2011/02/20 14:41:56.0421 3688   ================================================================================
2011/02/20 14:41:56.0968 3688   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/20 14:41:57.0031 3688   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/20 14:41:57.0062 3688   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/20 14:41:57.0109 3688   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/20 14:41:57.0156 3688   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/20 14:41:57.0203 3688   AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/20 14:41:57.0281 3688   Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/02/20 14:41:57.0343 3688   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/20 14:41:57.0406 3688   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/20 14:41:57.0437 3688   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/20 14:41:57.0484 3688   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/20 14:41:57.0515 3688   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/20 14:41:57.0546 3688   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/20 14:41:57.0625 3688   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/20 14:41:57.0656 3688   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/20 14:41:57.0734 3688   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/20 14:41:57.0812 3688   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/20 14:41:57.0875 3688   APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/02/20 14:41:57.0937 3688   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/20 14:41:57.0984 3688   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/20 14:41:58.0015 3688   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/20 14:41:58.0046 3688   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/20 14:41:58.0109 3688   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/20 14:41:58.0140 3688   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/20 14:41:58.0187 3688   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/20 14:41:58.0234 3688   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/20 14:41:58.0265 3688   bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/02/20 14:41:58.0359 3688   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/20 14:41:58.0375 3688   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/20 14:41:58.0421 3688   CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/20 14:41:58.0453 3688   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/20 14:41:58.0484 3688   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/20 14:41:58.0515 3688   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/20 14:41:58.0546 3688   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/20 14:41:58.0687 3688   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/20 14:41:58.0765 3688   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/20 14:41:58.0812 3688   Compbatt (0686fd8f51116b50672952d6f26f6f11) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/20 14:41:58.0812 3688   Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 0686fd8f51116b50672952d6f26f6f11, Fake md5: 6e4c9f21f0fae8940661144f41b13203
2011/02/20 14:41:58.0828 3688   Compbatt - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/20 14:41:58.0875 3688   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/20 14:41:58.0953 3688   ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/02/20 14:41:59.0000 3688   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/20 14:41:59.0015 3688   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/20 14:41:59.0062 3688   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/20 14:41:59.0125 3688   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/20 14:41:59.0218 3688   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/20 14:41:59.0265 3688   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/20 14:41:59.0296 3688   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/20 14:41:59.0343 3688   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/20 14:41:59.0406 3688   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/20 14:41:59.0437 3688   drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/02/20 14:41:59.0468 3688   drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/02/20 14:41:59.0625 3688   DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/20 14:41:59.0765 3688   dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/20 14:41:59.0843 3688   E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/20 14:41:59.0921 3688   eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/02/20 14:41:59.0953 3688   ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/02/20 14:42:00.0000 3688   epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/02/20 14:42:00.0062 3688   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/20 14:42:00.0109 3688   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/20 14:42:00.0187 3688   FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/02/20 14:42:00.0218 3688   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/20 14:42:00.0250 3688   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/20 14:42:00.0296 3688   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/20 14:42:00.0343 3688   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/20 14:42:00.0375 3688   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/20 14:42:00.0406 3688   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/20 14:42:00.0468 3688   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/20 14:42:00.0578 3688   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/20 14:42:00.0718 3688   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/20 14:42:00.0812 3688   HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/02/20 14:42:00.0859 3688   HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/02/20 14:42:00.0937 3688   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/20 14:42:01.0000 3688   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/20 14:42:01.0031 3688   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/20 14:42:01.0062 3688   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/20 14:42:01.0156 3688   ialm (93aa9660aacb82f73d854180afd9817e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/20 14:42:01.0234 3688   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/20 14:42:01.0328 3688   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/20 14:42:01.0390 3688   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/20 14:42:01.0437 3688   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/20 14:42:01.0484 3688   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/20 14:42:01.0531 3688   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/20 14:42:01.0578 3688   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/20 14:42:01.0625 3688   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/20 14:42:01.0656 3688   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/20 14:42:01.0671 3688   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/20 14:42:01.0703 3688   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/20 14:42:01.0750 3688   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/20 14:42:01.0812 3688   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/20 14:42:01.0843 3688   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/20 14:42:01.0937 3688   lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/02/20 14:42:02.0000 3688   LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/02/20 14:42:02.0046 3688   LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/20 14:42:02.0390 3688   LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/02/20 14:42:02.0765 3688   mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/20 14:42:02.0843 3688   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/20 14:42:02.0906 3688   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/20 14:42:02.0953 3688   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/20 14:42:03.0015 3688   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/20 14:42:03.0062 3688   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/20 14:42:03.0109 3688   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/20 14:42:03.0328 3688   MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/02/20 14:42:03.0390 3688   MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/02/20 14:42:03.0406 3688   MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/02/20 14:42:03.0578 3688   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/20 14:42:03.0625 3688   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/20 14:42:03.0656 3688   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/20 14:42:03.0718 3688   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/20 14:42:03.0734 3688   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/20 14:42:03.0765 3688   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/20 14:42:03.0828 3688   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/20 14:42:03.0875 3688   MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/20 14:42:03.0937 3688   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/20 14:42:04.0000 3688   NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/20 14:42:04.0031 3688   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/20 14:42:04.0093 3688   NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/20 14:42:04.0140 3688   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/20 14:42:04.0171 3688   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/20 14:42:04.0187 3688   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/20 14:42:04.0265 3688   NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/20 14:42:04.0296 3688   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/20 14:42:04.0328 3688   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/20 14:42:04.0484 3688   NETw3x32 (71371ed9086a3d65f43967c89634e9a9) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
2011/02/20 14:42:04.0640 3688   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/20 14:42:04.0671 3688   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/20 14:42:04.0718 3688   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/20 14:42:04.0781 3688   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/20 14:42:04.0921 3688   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/20 14:42:05.0000 3688   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/20 14:42:05.0031 3688   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/20 14:42:05.0062 3688   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/20 14:42:05.0125 3688   omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/02/20 14:42:05.0171 3688   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/20 14:42:05.0187 3688   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/20 14:42:05.0218 3688   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/20 14:42:05.0265 3688   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/20 14:42:05.0296 3688   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/20 14:42:05.0343 3688   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/20 14:42:05.0453 3688   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/20 14:42:05.0531 3688   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/20 14:42:05.0656 3688   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/20 14:42:05.0718 3688   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/20 14:42:05.0765 3688   PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/20 14:42:05.0796 3688   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/20 14:42:05.0812 3688   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/20 14:42:05.0843 3688   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/20 14:42:05.0875 3688   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/20 14:42:05.0906 3688   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/20 14:42:05.0937 3688   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/20 14:42:05.0968 3688   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/20 14:42:06.0000 3688   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/20 14:42:06.0015 3688   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/20 14:42:06.0078 3688   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/20 14:42:06.0109 3688   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/20 14:42:06.0140 3688   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/20 14:42:06.0187 3688   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/20 14:42:06.0218 3688   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/20 14:42:06.0281 3688   rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/02/20 14:42:06.0312 3688   rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/02/20 14:42:06.0343 3688   rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/02/20 14:42:06.0421 3688   s24trans (daef68fc328342d219de928c8ee610b2) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/02/20 14:42:06.0562 3688   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/20 14:42:06.0578 3688   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/20 14:42:06.0734 3688   sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/20 14:42:06.0781 3688   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/20 14:42:06.0828 3688   serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/20 14:42:06.0859 3688   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/20 14:42:06.0906 3688   sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/20 14:42:06.0921 3688   sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/20 14:42:06.0953 3688   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/20 14:42:07.0000 3688   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/20 14:42:07.0062 3688   SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/20 14:42:07.0093 3688   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/20 14:42:07.0156 3688   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/20 14:42:07.0281 3688   sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/20 14:42:07.0281 3688   Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
2011/02/20 14:42:07.0296 3688   sptd - detected Locked file (1)
2011/02/20 14:42:07.0328 3688   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/20 14:42:07.0390 3688   Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/20 14:42:07.0437 3688   sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/02/20 14:42:07.0453 3688   ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/02/20 14:42:07.0546 3688   STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/20 14:42:07.0718 3688   streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/20 14:42:07.0765 3688   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/20 14:42:07.0812 3688   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/20 14:42:07.0859 3688   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/20 14:42:07.0921 3688   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/20 14:42:07.0953 3688   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/20 14:42:07.0968 3688   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/20 14:42:08.0031 3688   SynTP (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/20 14:42:08.0093 3688   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/20 14:42:08.0171 3688   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/20 14:42:08.0218 3688   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/20 14:42:08.0437 3688   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/20 14:42:08.0625 3688   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/20 14:42:08.0843 3688   tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/02/20 14:42:09.0171 3688   tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/02/20 14:42:09.0234 3688   tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/02/20 14:42:09.0265 3688   tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/02/20 14:42:09.0328 3688   tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/02/20 14:42:09.0359 3688   tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/02/20 14:42:09.0375 3688   tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/02/20 14:42:09.0421 3688   tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/02/20 14:42:09.0515 3688   tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/02/20 14:42:09.0578 3688   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/20 14:42:09.0625 3688   Tosrfbd (37a7d0d105110aafac6e982a2c49b8b6) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/02/20 14:42:09.0671 3688   Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys
2011/02/20 14:42:09.0703 3688   Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/02/20 14:42:09.0734 3688   Tosrfusb (1d19323d5bc7309d9df65dad5635005c) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/02/20 14:42:09.0781 3688   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/20 14:42:09.0843 3688   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/20 14:42:09.0906 3688   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/20 14:42:10.0000 3688   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/20 14:42:10.0046 3688   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/20 14:42:10.0078 3688   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/20 14:42:10.0125 3688   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/20 14:42:10.0156 3688   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/20 14:42:10.0234 3688   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/20 14:42:10.0265 3688   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/20 14:42:10.0281 3688   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/20 14:42:10.0328 3688   usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/20 14:42:10.0437 3688   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/20 14:42:10.0500 3688   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/20 14:42:10.0531 3688   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/20 14:42:10.0578 3688   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/20 14:42:10.0671 3688   w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/02/20 14:42:10.0812 3688   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/20 14:42:10.0875 3688   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/20 14:42:10.0921 3688   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/20 14:42:11.0015 3688   winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/02/20 14:42:11.0109 3688   WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/02/20 14:42:11.0140 3688   WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/20 14:42:11.0218 3688   WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/20 14:42:11.0312 3688   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/20 14:42:11.0343 3688   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/20 14:42:11.0421 3688   ================================================================================
2011/02/20 14:42:11.0421 3688   Scan finished
2011/02/20 14:42:11.0421 3688   ================================================================================
2011/02/20 14:42:11.0421 3692   Detected object count: 2
2011/02/20 14:48:06.0203 3692   Compbatt (0686fd8f51116b50672952d6f26f6f11) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/20 14:48:06.0203 3692   Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 0686fd8f51116b50672952d6f26f6f11, Fake md5: 6e4c9f21f0fae8940661144f41b13203
2011/02/20 14:48:14.0859 3692   Backup copy found, using it..
2011/02/20 14:48:14.0875 3692   C:\WINDOWS\system32\DRIVERS\compbatt.sys - will be cured after reboot
2011/02/20 14:48:14.0875 3692   Rootkit.Win32.TDSS.tdl3(Compbatt) - User select action: Cure
2011/02/20 14:48:14.0875 3692   Locked file(sptd) - User select action: Skip
2011/02/20 14:49:15.0000 0472   Deinitialize success

SuperDave · « **Reply #16 on:** February 20, 2011, 04:03:23 PM »

Ok. Now please run these scans again and post the logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*******************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

shag · « **Reply #17 on:** February 21, 2011, 01:56:39 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/21/2011 at 01:09 PM

Application Version : 4.48.1000

Core Rules Database Version : 6411
Trace Rules Database Version: 4223

Scan type : Complete Scan
Total Scan Time : 01:16:26

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 7824
Registry threats detected : 0
File items scanned : 70747
File threats detected : 1

Trojan.Agent/Gen-Nullo[Short]
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS.VIR_

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/21/2011 2:40:08 PM
mbam-log-2011-02-21 (14-40-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 204810
Time elapsed: 35 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

shag · « **Reply #18 on:** February 21, 2011, 03:04:13 PM »

sorry for making multiple posts...but i've been playing with the laptop a bit. windows is stable in normal mode (no more svchost errors) and my internet is working. my music still won't play from windows media player...i'm seeing what i can do about that.

shag · « **Reply #19 on:** February 22, 2011, 06:25:42 AM »

nix that on the internet--it won't connect this morning and i can't seem to access anything related to network configuration. i also never could do anything about my computer not making sound--sound configuration is equally stymied.

sorry for mult posts

SuperDave · « **Reply #20 on:** February 22, 2011, 12:14:23 PM »

Please run ComboFix again as instructed in Reply # 4 and post the log.

shag · « **Reply #21 on:** February 22, 2011, 04:00:21 PM »

running combofix got me on the internet again...we'll see if it lasts. here's the log.

ComboFix 11-02-22.01 - Chris 02/22/2011 16:29:12.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.592 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))
.

2011-02-19 22:48 . 2011-02-19 22:48   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\program files\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner
2011-01-30 15:45 . 2011-01-30 15:45   135568   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 20:49 . 2006-04-05 15:42   10240   ----a-w-   c:\windows\system32\drivers\compbatt.sys
2011-02-19 02:11 . 2007-09-15 15:26   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-19 02:11 . 2010-07-17 01:46   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2004-08-11 22:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-21 21:04 . 2010-12-21 21:04   141264   ----a-w-   c:\windows\system32\drivers\eamon.sys
2010-12-21 21:04 . 2010-12-21 21:04   115008   ----a-w-   c:\windows\system32\drivers\ehdrv.sys
2010-12-21 19:47 . 2010-12-21 19:47   94872   ----a-w-   c:\windows\system32\drivers\epfwtdir.sys
2010-12-20 23:59 . 2004-08-11 22:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 22:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 22:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 22:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 22:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 22:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 22:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 22:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 03:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-16_06.44.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-22 22:19 . 2011-02-22 22:19   16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
+ 2004-08-11 22:00 . 2011-02-22 22:23   73052 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2011-02-16 06:29   73052 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-11-06 00:26   66560 c:\windows\system32\mshtmled.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   66560 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2010-11-06 00:26   55296 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59   55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   25600 c:\windows\system32\jsproxy.dll
- 2004-08-11 22:00 . 2010-11-06 00:26   25600 c:\windows\system32\jsproxy.dll
- 2010-01-06 02:23 . 2010-11-06 00:26   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-06 02:23 . 2010-12-20 23:59   12800 c:\windows\system32\dllcache\xpshims.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   66560 c:\windows\system32\dllcache\mshtmled.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   66560 c:\windows\system32\dllcache\mshtmled.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-06-27 14:34 . 2010-12-20 23:59   55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 17:05 . 2010-12-20 23:59   43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 17:05 . 2010-11-06 00:26   43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2009-12-14 07:08   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30   33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-02-19 22:22 . 2011-02-19 22:22   10134 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\callmsi.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
- 2004-08-11 22:00 . 2011-02-16 06:29   443914 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2011-02-22 22:23   443914 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2010-11-06 00:26   206848 c:\windows\system32\occache.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   206848 c:\windows\system32\occache.dll
- 2004-08-11 22:00 . 2010-11-06 00:26   611840 c:\windows\system32\mstime.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   611840 c:\windows\system32\mstime.dll
+ 2006-11-08 02:03 . 2010-12-20 23:59   602112 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2010-11-06 00:26   602112 c:\windows\system32\msfeeds.dll
+ 2011-02-19 02:11 . 2011-02-19 02:11   157472 c:\windows\system32\javaws.exe
+ 2011-02-19 02:11 . 2011-02-19 02:11   145184 c:\windows\system32\javaw.exe
- 2010-11-02 12:44 . 2010-09-15 09:50   145184 c:\windows\system32\javaw.exe
- 2010-11-02 12:44 . 2010-09-15 09:50   145184 c:\windows\system32\java.exe
+ 2011-02-19 02:11 . 2011-02-19 02:11   145184 c:\windows\system32\java.exe
- 2004-08-11 22:00 . 2010-11-06 00:26   184320 c:\windows\system32\iepeers.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   184320 c:\windows\system32\iepeers.dll
- 2004-08-11 22:00 . 2010-11-06 00:26   387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   387584 c:\windows\system32\iedkcs32.dll
- 2004-08-11 22:00 . 2010-11-03 12:26   173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:00 . 2010-12-20 12:55   173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-11 22:06 . 2011-02-16 11:34   138056 c:\windows\system32\FNTCACHE.DAT
- 2004-08-11 22:06 . 2010-12-16 19:12   138056 c:\windows\system32\FNTCACHE.DAT
- 2008-01-18 04:43 . 2008-01-18 10:43   716272 c:\windows\system32\drivers\sptd.sys
+ 2008-01-18 04:43 . 2008-01-18 16:43   716272 c:\windows\system32\drivers\sptd.sys
+ 2006-06-23 11:25 . 2010-12-20 23:59   916480 c:\windows\system32\dllcache\wininet.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   916480 c:\windows\system32\dllcache\wininet.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44   439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2004-08-11 22:00 . 2004-08-04 10:00   146432 c:\windows\system32\dllcache\regedit.exe
+ 2006-10-17 17:04 . 2010-12-20 23:59   206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2010-11-06 00:26   206848 c:\windows\system32\dllcache\occache.dll
+ 2009-04-18 04:29 . 2010-12-09 15:15   718336 c:\windows\system32\dllcache\ntdll.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   611840 c:\windows\system32\dllcache\mstime.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   611840 c:\windows\system32\dllcache\mstime.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-06-27 14:34 . 2010-12-20 23:59   602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-18 04:29 . 2009-06-25 08:25   730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-04-18 04:29 . 2010-12-20 17:26   730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-06-25 08:25 . 2009-06-25 08:25   301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-25 08:25 . 2010-12-22 12:34   301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-01-06 02:23 . 2010-11-06 00:26   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-01-06 02:23 . 2010-12-20 23:59   247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2006-06-23 11:25 . 2010-12-20 23:59   184320 c:\windows\system32\dllcache\iepeers.dll
- 2006-06-23 11:25 . 2010-11-06 00:26   184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 00:50 . 2010-12-20 23:59   743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 00:50 . 2010-11-06 00:26   743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 08:27 . 2010-12-20 23:59   387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 08:27 . 2010-11-06 00:26   387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 08:26 . 2010-12-20 12:55   173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 08:26 . 2010-11-03 12:26   173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2011-01-07 14:09   290048 c:\windows\system32\dllcache\atmfd.dll
- 2010-04-20 05:30 . 2010-10-28 13:13   290048 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-11 22:00 . 2004-08-04 10:00   146432 c:\windows\regedit.exe
- 2004-08-11 22:00 . 2008-04-14 00:12   146432 c:\windows\regedit.exe
+ 2011-02-19 02:12 . 2011-02-19 02:12   180224 c:\windows\Installer\a9c0f.msi
+ 2011-02-19 02:11 . 2011-02-19 02:11   677376 c:\windows\Installer\a9c01.msi
+ 2011-02-19 22:22 . 2011-02-19 22:22   967680 c:\windows\Installer\46d5f.msi
+ 2011-02-19 22:22 . 2011-02-19 22:22   101504 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\egui.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-21 17:46 . 2010-07-05 13:16   382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-21 17:46 . 2010-07-05 13:15   231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-21 17:46 . 2010-11-06 00:26   206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-21 17:46 . 2010-11-03 12:26   173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
- 2004-08-11 22:00 . 2010-11-06 00:26   1210880 c:\windows\system32\urlmon.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   1210880 c:\windows\system32\urlmon.dll
- 2004-08-11 22:00 . 2010-07-27 06:30   8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2011-01-21 14:44   8462336 c:\windows\system32\shell32.dll
+ 2004-08-11 22:00 . 2010-12-20 23:59   5961216 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2010-12-20 23:59   1991680 c:\windows\system32\iertutil.dll
- 2006-10-17 16:57 . 2010-11-06 00:26   1991680 c:\windows\system32\iertutil.dll
+ 2008-10-16 20:33 . 2010-12-31 13:10   1854976 c:\windows\system32\dllcache\win32k.sys
- 2006-07-25 20:42 . 2010-11-06 00:26   1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-25 20:42 . 2010-12-20 23:59   1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44   8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30   8462336 c:\windows\system32\dllcache\shell32.dll
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-07-28 11:30 . 2010-12-20 23:59   5961216 c:\windows\system32\dllcache\mshtml.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2007-06-27 14:34 . 2010-12-20 23:59   1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-19 02:26 . 2011-02-19 02:26   2283008 c:\windows\Installer\a9fb0.msi
+ 2010-11-10 18:49 . 2010-11-10 18:49   2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 18:49 . 2010-11-10 18:49   1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 18:49 . 2010-11-10 18:49   1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-02-21 17:46 . 2010-11-06 00:26   1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2008-10-16 20:33 . 2010-12-09 13:38   2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 20:33 . 2010-12-09 13:07   2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 20:33 . 2010-12-09 13:42   2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-10-05 17:54 . 2011-02-16 09:01   37443528 c:\windows\system32\MRT.exe
+ 2006-11-08 02:03 . 2010-12-21 11:29   11080704 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2010-11-06 00:26   11080704 c:\windows\system32\ieframe.dll
- 2007-06-27 14:34 . 2010-11-06 00:26   11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2007-06-27 14:34 . 2010-12-21 11:29   11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-30 20:44 . 2011-01-30 20:44   12425728 c:\windows\Installer\a9fb1.msp
+ 2010-11-10 18:49 . 2010-11-10 18:49   23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
+ 2011-02-21 17:46 . 2010-11-06 00:26   11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 543232]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-5 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-3-8 315392]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-3-3 118784]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-18 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GameConsoleService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Games HQ\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Games HQ\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2008 10:43 PM 716272]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
S0 haqaugev;haqaugev;c:\windows\system32\drivers\jhyedcun.sys --> c:\windows\system32\drivers\jhyedcun.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\khnidukr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-22 16:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-02-22 16:35:42
ComboFix-quarantined-files.txt 2011-02-22 22:35
ComboFix2.txt 2011-02-22 21:56
ComboFix3.txt 2011-02-18 02:02
ComboFix4.txt 2011-02-16 06:53

Pre-Run: 53,639,651,328 bytes free
Post-Run: 53,621,751,808 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 10675F77863A3BE8BC773F10DBBB7087

SuperDave · « **Reply #22 on:** February 23, 2011, 12:05:24 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\system32\drivers\jhyedcun.sys

MBR::

Reglock::
[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00

Driver::
haqaugev
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

shag · « **Reply #23 on:** February 23, 2011, 05:12:38 PM »

ComboFix 11-02-23.05 - Chris 02/23/2011 17:22:59.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.615 [GMT -6:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\jhyedcun.sys"
.
   /wow section - STAGE 25
The system cannot find the path specified.
@DO was unexpected at this time.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_haqaugev

((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))))
.

2011-02-19 22:48 . 2011-02-19 22:48   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\program files\ESET
2011-02-19 22:21 . 2011-02-19 22:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
2011-02-15 03:24 . 2011-02-15 03:24   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-02-15 03:20 . 2011-02-15 03:20   --------   d-----w-   c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2011-02-15 03:15 . 2011-02-15 03:15   388096   ----a-r-   c:\documents and settings\Chris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-15 02:11 . 2011-02-15 02:11   --------   d-----w-   c:\program files\TrendMicro
2011-02-11 01:49 . 2010-12-21 00:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-11 01:49 . 2010-12-21 00:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-02-11 01:42 . 2011-02-11 01:42   --------   d-----w-   c:\program files\CCleaner
2011-01-30 15:45 . 2011-01-30 15:45   135568   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 20:49 . 2006-04-05 15:42   10240   ----a-w-   c:\windows\system32\drivers\compbatt.sys
2011-02-19 02:11 . 2007-09-15 15:26   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-19 02:11 . 2010-07-17 01:46   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-01-21 14:44 . 2004-08-11 22:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00   290048   ----a-w-   c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-11 22:00   1854976   ----a-w-   c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-11 22:00   301568   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-21 21:04 . 2010-12-21 21:04   141264   ----a-w-   c:\windows\system32\drivers\eamon.sys
2010-12-21 21:04 . 2010-12-21 21:04   115008   ----a-w-   c:\windows\system32\drivers\ehdrv.sys
2010-12-21 19:47 . 2010-12-21 19:47   94872   ----a-w-   c:\windows\system32\drivers\epfwtdir.sys
2010-12-20 23:59 . 2004-08-11 22:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-11 22:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-11 22:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-11 22:00   730112   ----a-w-   c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-11 22:00   385024   ----a-w-   c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-11 22:00   718336   ----a-w-   c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-11 22:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2004-08-11 22:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 03:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-11-29 23:38 . 2010-11-29 23:38   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38   69632   ----a-w-   c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-17 397312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-19 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-19 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-19 77824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2005-11-17 543232]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2006-4-5 156784]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-5 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2007-3-8 315392]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-3-3 118784]
PHOTOfunSTUDIO.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-1-18 44176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GameConsoleService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Games HQ\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Games HQ\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/17/2008 10:43 PM 716272]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 5:13 PM 65584]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\khnidukr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 17:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE46BEE-309A-D118-EEF6-0B629E101924}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iandjebeamjplkkima"=hex:6a,61,6f,6d,70,67,70,6a,61,6e,6d,62,65,6b,62,6a,67,66,
67,6d,00,f2
"haddpfckmafepble"=hex:6b,61,69,6d,61,6a,63,62,61,63,6c,6a,67,6e,6a,6c,6c,70,
6e,62,69,61,00,00

[HKEY_USERS\S-1-5-21-763208294-2166686365-2200820826-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C4FF9455-D2D0-B2C0-5236-97D1CE5D2B9A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaifkpmhmcpabcapeb"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,f1
"hacgbhgnolebgoia"=hex:6a,61,6a,6f,63,67,6c,63,66,6b,6a,65,6b,64,68,61,67,68,
6e,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1396)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-02-23 17:34:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-23 23:34
ComboFix2.txt 2011-02-22 22:35
ComboFix3.txt 2011-02-22 21:56
ComboFix4.txt 2011-02-18 02:02
ComboFix5.txt 2011-02-23 23:20

Pre-Run: 53,204,619,264 bytes free
Post-Run: 53,349,474,304 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 58837753BADF08FCA8B8CACCD51F2DF4

SuperDave · « **Reply #24 on:** February 24, 2011, 12:51:06 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

shag · « **Reply #25 on:** February 24, 2011, 02:59:26 PM »

Alright, here's the log...should I note that we've run this program once before? (I think TDSS killer was our next step)

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 796
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1076
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\LEXBCES.EXE
PID: 1176
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\LEXPPS.EXE
PID: 1212
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 1240
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PID: 1260
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 1356
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Motive\McciCMService.exe
PID: 1520
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 1588
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1708
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 188
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 180
Hidden: No
Window Visible: No

Name: C:\Program Files\QuickTime\QTTask.exe
PID: 232
Hidden: No
Window Visible: No

Name: C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PID: 236
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PID: 260
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PID: 364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dla\tfswctrl.exe
PID: 504
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\QuickSet\quickset.exe
PID: 516
Hidden: No
Window Visible: No

Name: C:\Program Files\Citrix\ICA Client\concentr.exe
PID: 524
Hidden: No
Window Visible: No

Name: C:\Program Files\BellSouthWCC\McciTrayApp.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 980
Hidden: No
Window Visible: No

Name: C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PID: 1612
Hidden: No
Window Visible: No

Name: C:\Program Files\NetWaiting\netwaiting.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Program Files\DellSupport\DSAgnt.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\Program Files\DAEMON Tools Lite\daemon.exe
PID: 1644
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 588
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PID: 2060
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 2108
Hidden: No
Window Visible: No

Name: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
PID: 2164
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PID: 2400
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 1316
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 3644
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4076
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Chris\Desktop\Latest Problems\SysProt\SysProt.exe
PID: 3556
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Chris\Desktop\Latest Problems\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A9FA3000
Module End: A9FAE000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E5000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E5000
Module End: 80705D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A7D000
Module End: F7A7F000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F798D000
Module End: F7990000
Hidden: No

Module Name: spgf.sys
Service Name: ---
Module Base: F737F000
Module End: F747C000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F7A7F000
Module End: F7A81000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F7367000
Module End: F737F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7339000
Module End: F7367000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7328000
Module End: F7339000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F757D000
Module End: F7587000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7991000
Module End: F7994000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F7995000
Module End: F7999000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B45000
Module End: F7B46000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F77FD000
Module End: F7804000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F758D000
Module End: F7598000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7309000
Module End: F7328000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F72E3000
Module End: F7309000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7805000
Module End: F780A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F759D000
Module End: F75AA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F72CB000
Module End: F72E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F75AD000
Module End: F75B6000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F75BD000
Module End: F75CA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F72AB000
Module End: F72CB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7299000
Module End: F72AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvmcdb.sys
Service Name: drvmcdb
Module Base: F7284000
Module End: F7299000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F75CD000
Module End: F75D7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F726D000
Module End: F7284000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F71E0000
Module End: F726D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F71B3000
Module End: F71E0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F75DD000
Module End: F75ED000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F75ED000
Module End: F75FB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7199000
Module End: F71B3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F76CD000
Module End: F76DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F6A7F000
Module End: F6A88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F6F68000
Module End: F6F6B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F6F64000
Module End: F6F68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F68B2000
Module End: F69FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F689E000
Module End: F68B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6876000
Module End: F689E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
Service Name: NETw3x32
Module Base: F66D4000
Module End: F6876000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F791D000
Module End: F7923000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F66B0000
Module End: F66D4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7925000
Module End: F792D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: F6A6F000
Module End: F6A7B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: F669C000
Module End: F66B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: F792D000
Module End: F7934000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: F6A5F000
Module End: F6A6C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: F6650000
Module End: F669C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F6A4F000
Module End: F6A5C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F6621000
Module End: F6650000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7ABB000
Module End: F7ABD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7935000
Module End: F793B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F793D000
Module End: F7943000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F6A3F000
Module End: F6A4A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Afc.sys
Service Name: Afc
Module Base: F7945000
Module End: F794D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Service Name: sscdbhk5
Module Base: F7ABD000
Module End: F7ABF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F6A2F000
Module End: F6A3F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F6A1F000
Module End: F6A2E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F65FE000
Module End: F6621000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\ay3i5k4g.SYS
Service Name: ---
Module Base: F6599000
Module End: F65FE000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BAA000
Module End: F7BAB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6A0F000
Module End: F6A1C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A51000
Module End: F7A54000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6560000
Module End: F6577000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F69FF000
Module End: F6A0A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F761D000
Module End: F7629000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F781D000
Module End: F7822000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F783D000
Module End: F7842000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7885000
Module End: F788A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Service Name: wanatw
Module Base: F7845000
Module End: F784B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F6530000
Module End: F6560000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F762D000
Module End: F7637000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7AC9000
Module End: F7ACB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F64AA000
Module End: F6508000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7A69000
Module End: F7A6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\omci.sys
Service Name: omci
Module Base: F784D000
Module End: F7852000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F764D000
Module End: F7657000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sthda.sys
Service Name: STHDA
Module Base: AA5D5000
Module End: AA6CD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AA5B1000
Module End: AA5D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F76AD000
Module End: F76BC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: AA577000
Module End: AA5B1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: AA480000
Module End: AA577000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: AA3CA000
Module End: AA480000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F786D000
Module End: F7875000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F76ED000
Module End: F76FC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F7A41000
Module End: F7A44000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7ADB000
Module End: F7ADD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7BFE000
Module End: F7BFF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ssrtln.sys
Service Name: ssrtln
Module Base: F787D000
Module End: F7883000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: AA383000
Module End: AA3A2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F78AD000
Module End: F78B4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F78BD000
Module End: F78C3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7AEF000
Module End: F7AF1000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7AF1000
Module End: F7AF3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F78C5000
Module End: F78CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F78CD000
Module End: F78D5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F6520000
Module End: F6523000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AA350000
Module End: AA363000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F774D000
Module End: F7756000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AA2F7000
Module End: AA350000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\tosrfusb.sys
Service Name: Tosrfusb
Module Base: F775D000
Module End: F7767000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AA2CF000
Module End: AA2F7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AA2A9000
Module End: AA2CF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Service Name: epfwtdir
Module Base: AA291000
Module End: AA2A9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F776D000
Module End: F7776000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: F651C000
Module End: F651F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AA26F000
Module End: AA291000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F777D000
Module End: F7786000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: AA24D000
Module End: AA26F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F77AD000
Module End: F77BC000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F78DD000
Module End: F78E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AA222000
Module End: AA24D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AA1B2000
Module End: AA222000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F77BD000
Module End: F77C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
Service Name: ctxusbm
Module Base: AA0FE000
Module End: AA112000
Hidden: No

Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Service Name: APPDRV
Module Base: F6508000
Module End: F650C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\tosrfbd.sys
Service Name: Tosrfbd
Module Base: AA0BB000
Module End: AA0D6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F77DD000
Module End: F77ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
Service Name: Tosrfhid
Module Base: F765D000
Module End: F766D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: AA7A0000
Module End: AA7A3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: F766D000
Module End: F7676000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7975000
Module End: F797C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: AA79C000
Module End: AA79F000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AA02B000
Module End: AA043000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B25000
Module End: F7B27000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: AA3BA000
Module End: AA3BD000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F7815000
Module End: F781A000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C4D000
Module End: F7C4E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\eamon.sys
Service Name: eamon
Module Base: A9E44000
Module End: A9EEB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drvnddm.sys
Service Name: drvnddm
Module Base: AA142000
Module End: AA14C000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndres.sys
Service Name: tfsndres
Module Base: F7C2D000
Module End: F7C2E000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnifs.sys
Service Name: tfsnifs
Module Base: A9E2E000
Module End: A9E44000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnopio.sys
Service Name: tfsnopio
Module Base: A9F5F000
Module End: A9F63000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnpool.sys
Service Name: tfsnpool
Module Base: F7A89000
Module End: F7A8B000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnboio.sys
Service Name: tfsnboio
Module Base: F78B5000
Module End: F78BC000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsncofs.sys
Service Name: tfsncofs
Module Base: F77CD000
Module End: F77D6000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsndrct.sys
Service Name: tfsndrct
Module Base: F7C25000
Module End: F7C26000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudf.sys
Service Name: tfsnudf
Module Base: A9E15000
Module End: A9E2E000
Hidden: No

Module Name: C:\WINDOWS\system32\dla\tfsnudfa.sys
Service Name: tfsnudfa
Module Base: A9DFC000
Module End: A9E15000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F78ED000
Module End: F78F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: A9F13000
Module End: A9F17000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Service Name: dsunidrv
Module Base: F7A9D000
Module End: F7A9F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A9A68000
Module End: A9A8C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A9B8C000
Module End: A9B90000
Hidden: No

Module Name: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
Service Name: MRENDIS5
Module Base: A9BF4000
Module End: A9BF9000
Hidden: No

Module Name: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Service Name: DSproct
Module Base: F7AA9000
Module End: F7AAB000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: AA384610
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwCreateKey
Address: F73800E0
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwDebugActiveProcess
Address: AA384C10
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwDuplicateObject
Address: AA384730
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwEnumerateKey
Address: F739DCA2
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwEnumerateValueKey
Address: F739E030
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwOpenKey
Address: F73800C0
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwOpenProcess
Address: AA3844B0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwOpenThread
Address: AA384570
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwProtectVirtualMemory
Address: AA3846D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwQueryKey
Address: F739E108
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwQueryValueKey
Address: F739DF88
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwQueueApcThread
Address: AA384790
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetContextThread
Address: AA384690
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetInformationThread
Address: AA384650
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetSecurityObject
Address: AA3847D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSetValueKey
Address: F739E19A
Driver Base: F737F000
Driver End: F747C000
Driver Name: spgf.sys

Function Name: ZwSuspendProcess
Address: AA384510
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwSuspendThread
Address: AA384590
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwTerminateProcess
Address: AA3844D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwTerminateThread
Address: AA3845D0
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

Function Name: ZwWriteVirtualMemory
Address: AA384750
Driver Base: AA383000
Driver End: AA3A2000
Driver Name: \SystemRoot\system32\DRIVERS\ehdrv.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #26 on:** February 25, 2011, 12:46:08 PM »

Quote

should I note that we've run this program once before?

You're correct. I didn't check back far enough. Sorry.
Please run the ESET scan again as requested in Reply # 12

shag · « **Reply #27 on:** February 25, 2011, 09:25:05 PM »

alrighty, with the internet currently functional on the laptop, this is what i got.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 02:26:22
# local_time=2011-02-25 08:26:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5634550 0 0
# scanned=73797
# found=1
# cleaned=0
# scan_time=4387
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I

SuperDave · « **Reply #28 on:** February 26, 2011, 12:39:23 PM »

Copy and paste the text in the code box below into Notepad.

Code: [Select]

@echo off
del C: C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   

del blackpudding.bat
exit

Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

Double-click on blackpudding.bat to run it.

Now, please run the ESET scan again and post the log.

shag · « **Reply #29 on:** February 26, 2011, 10:42:47 PM »

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 02:26:22
# local_time=2011-02-25 08:26:22 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5634550 0 0
# scanned=73797
# found=1
# cleaned=0
# scan_time=4387
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=fcd9d6124cc58645a01fda453d900793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-26 11:37:11
# local_time=2011-02-26 05:37:11 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8199 22379925 100 100 0 5709877 0 0
# scanned=90777
# found=2
# cleaned=0
# scan_time=5310
# nod_component=V3 Build:0x30000000
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\58\52a2a7ba-16bf8651   a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean)   00000000000000000000000000000000   I
F:\Useful Downloaded Stuff--packed files\SDFix.exe   Win32/PrcView application (unable to clean)   00000000000000000000000000000000   I

Computer Hope Forum

News:

Author Topic: Kept getting blocked/redirected on internet explorer (Read 28951 times)

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer

SuperDave

Re: Kept getting blocked/redirected on internet explorer

shag

Re: Kept getting blocked/redirected on internet explorer