Google keeps re-directing [INACTIVE] - Log'N'Rock

(2 Pages)
←
1
2

You cannot start a new topic
This topic is locked

Google keeps re-directing [INACTIVE] Google keeps re-directing

#21 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 22 June 2011 - 01:38 AM

... no dice. still getting the redirect.

Back to top of the page up there ^
MultiQuote
Reply

#22 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 28 June 2011 - 06:51 AM

Rob, apologies for such a long delay in replying.. been manic at work!
(If I had a gun I'd shoot myself just to have a lie down)!!.. :lol:

Hope to get back to this tonight and will review the thread and go from there.

Thanks
Fred

Back to top of the page up there ^
MultiQuote
Reply

#23 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 29 June 2011 - 11:42 PM

happy to hear you haven't given up!!!

Back to top of the page up there ^
MultiQuote
Reply

#24 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 01 July 2011 - 09:49 PM

Hi Rob,

RogueKiller
Please download RogueKiller.exe ... by Tigzy and save it to your desktop.
Note: If malware prevents execution, you may try executing the program several times. If unsuccessful, rename the program to winlogon.exe.

Close all open windows, quit all running programs.
Double click RogueKiller.exe to run it.
Vista-W7 users: Right click on RogueKiller.exe and select "Run As Administrator" to run. If UAC prompts, allow it
When the program window appears, type 1 ...then press Enter.
When the scan is finished, a file named RKreport.txt should appear on your desktop.
Please copy and paste the contents of the RKreport.txt file in your next reply.

Then:

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start the scan.
On completion of the scan, "Scan finished successfully" press the "Save log" button.
You'll be prompted to save a file named "aswMBR.txt"... Save it to your desktop.
Please copy and paste the contents of aswMBR.txt in your next reply.

Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat... this is a copy of your MBR record, before we make changes, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

Finally:

OTL - System Scan
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop

Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
Underneath Output at the top, make sure Minimal Output is selected.
Under the Standard Registry box change it to All.
Check/tick the boxes beside LOP Check and Purity Check.
Highlight the following bold text with your mouse and press Ctrl + C on your keyboard:

netsvcs
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
volsnap.*
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click under the Custom Scan box and press Ctrl + V on your keyboard to paste the above.
Click the Run Scan button. The scan won't take long.
When the scan completes, Notepad will open (2 windows) with files: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post back the logs

Thanks
Fred

Back to top of the page up there ^
MultiQuote
Reply

#25 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 02 July 2011 - 12:25 AM

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Rob [Admin rights]
Mode: Scan -- Date : 07/01/2011 18:20:00

Bad processes: 2
[SUSP PATH] googletalkplugin.exe -- c:\users\rob\appdata\local\google\google talk plugin\googletalkplugin.exe -> KILLED
[RESIDUE] googletalkplugin.exe -- c:\users\rob\appdata\local\google\google talk plugin\googletalkplugin.exe -> KILLED

Registry Entries: 5
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptbehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

Back to top of the page up there ^
MultiQuote
Reply

#26 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 02 July 2011 - 12:38 AM

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-01 20:26:06
-----------------------------
20:26:06.322 OS Version: Windows 6.1.7600
20:26:06.322 Number of processors: 1 586 0xD08
20:26:06.324 ComputerName: ROB-LT UserName: Rob
20:26:09.804 Initialize success
20:27:26.350 AVAST engine defs: 11070102
20:27:32.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:27:32.780 Disk 0 Vendor: HTS541040G9AT00 MB2IA60A Size: 38154MB BusType: 3
20:27:34.796 Disk 0 MBR read successfully
20:27:34.800 Disk 0 MBR scan
20:27:34.804 Disk 0 Windows 7 default MBR code
20:27:36.809 Disk 0 scanning sectors +78137344
20:27:36.840 Disk 0 scanning C:\Windows\system32\drivers
20:27:46.213 Service scanning
20:27:47.500 Disk 0 trace - called modules:
20:27:47.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8546e1ed]<<
20:27:47.536 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853a5aa0]
20:27:47.542 3 CLASSPNP.SYS[8773c59e] -> nt!IofCallDriver -> [0x852de918]
20:27:47.549 5 ACPI.sys[86fbc3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85289030]
20:27:47.914 \Driver\atapi[0x85288f38] -> IRP_MJ_CREATE -> 0x845831f8
20:27:49.411 AVAST engine scan C:\Windows
20:38:19.112 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:38:19.124 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"

Back to top of the page up there ^
MultiQuote
Reply

#27 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 02 July 2011 - 12:49 AM

OTL logfile created on: 7/1/2011 8:42:35 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Rob\Desktop
Ultimate Edition N (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.49 Mb Total Physical Memory | 316.13 Mb Available Physical Memory | 30.92% Memory free
2.00 Gb Paging File | 0.81 Gb Available in Paging File | 40.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.16 Gb Total Space | 15.41 Gb Free Space | 41.48% Space Free | Partition Type: NTFS
Drive F: | 55.86 Gb Total Space | 40.40 Gb Free Space | 72.32% Space Free | Partition Type: FAT32

Computer Name: ROB-LT | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rob\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Rob\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (VSTHWICH) -- C:\Windows\System32\drivers\VSTICH3.SYS (Conexant Systems, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (w29n51) Intel® -- C:\Windows\System32\drivers\w29n51.sys (Intel® Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Winbond Electronics Corp.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 E4 FD BA 19 B8 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

O1 HOSTS File: ([2011/06/21 20:32:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 18:20:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\RK_Quarantine
[2011/07/01 18:18:42 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Rob\Desktop\aswMBR.exe
[2011/07/01 13:48:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/01 13:48:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/21 21:17:50 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\explorer (2).exe
[2011/06/21 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\temp
[2011/06/21 20:24:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/21 20:24:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/21 20:24:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/21 20:21:31 | 004,129,832 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\ComboFix.exe
[2011/06/20 19:40:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/20 19:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/20 19:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/20 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/20 19:34:40 | 011,448,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Rob\Desktop\SUPERAntiSpyware.exe
[2011/06/19 03:34:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Mozilla
[2011/06/18 19:40:47 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/06/18 19:40:25 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\12334 - Copy.Com
[2011/06/18 19:28:29 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\12334.com
[2011/06/18 19:27:50 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\GooredFix Backups
[2011/06/18 19:27:21 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Rob\Desktop\GooredFix.exe
[2011/06/18 19:22:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/18 19:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/06/18 19:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/06/18 19:16:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rob\Desktop\erunt-setup.exe
[2011/06/18 16:25:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/06/17 16:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/17 16:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/16 20:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/16 20:27:05 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Malwarebytes
[2011/06/16 20:25:50 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/16 20:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/16 20:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/16 20:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/16 20:24:57 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rob\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/10 12:11:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\CrashDumps
[2011/06/10 10:54:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/10 10:54:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/10 09:26:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\NPE
[2011/06/10 09:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/06/09 08:34:56 | 000,000,000 | -H-D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore

========== Files - Modified Within 30 Days ==========

[2011/07/01 20:38:19 | 000,000,512 | ---- | M] () -- C:\Users\Rob\Desktop\MBR.dat
[2011/07/01 20:34:18 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2431647456-2543421603-4089080921-1000UA.job
[2011/07/01 18:18:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2011/07/01 18:18:49 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Rob\Desktop\aswMBR.exe
[2011/07/01 18:18:16 | 000,516,608 | ---- | M] () -- C:\Users\Rob\Desktop\RogueKiller.exe
[2011/07/01 13:52:44 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 13:52:44 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/01 13:05:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/01 13:05:04 | 804,118,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/01 12:54:19 | 004,129,832 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\ComboFix.exe
[2011/07/01 09:34:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2431647456-2543421603-4089080921-1000Core.job
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/21 21:38:04 | 000,680,672 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/21 21:38:04 | 000,127,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/21 21:18:00 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\explorer (2).exe
[2011/06/21 20:32:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/21 19:32:26 | 000,737,055 | ---- | M] () -- C:\Users\Rob\Desktop\explorer.exe
[2011/06/20 19:40:16 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/20 19:35:10 | 011,448,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rob\Desktop\SUPERAntiSpyware.exe
[2011/06/18 19:28:39 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\12334.com
[2011/06/18 19:28:39 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rob\Desktop\12334 - Copy.Com
[2011/06/18 19:27:22 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Rob\Desktop\GooredFix.exe
[2011/06/18 19:18:27 | 000,000,922 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2011/06/18 19:18:27 | 000,000,903 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/06/18 19:16:09 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rob\Desktop\erunt-setup.exe
[2011/06/17 16:59:58 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/16 20:25:50 | 000,001,095 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/16 20:25:11 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rob\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/16 14:55:41 | 000,770,512 | ---- | M] () -- C:\Users\Rob\Desktop\Whole_Grain_Morning_Loaf.jpg
[2011/06/10 10:49:06 | 000,973,180 | ---- | M] () -- C:\Users\Rob\Desktop\A guide and tutorial on using ComboFix.mht
[2011/06/10 09:01:09 | 000,247,914 | ---- | M] () -- C:\Users\Rob\AppData\Local\census.cache
[2011/06/10 09:00:34 | 000,104,901 | ---- | M] () -- C:\Users\Rob\AppData\Local\ars.cache
[2011/06/10 08:49:18 | 000,000,036 | ---- | M] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache
[2011/06/09 08:37:54 | 000,000,392 | -H-- | M] () -- C:\ProgramData\30859000
[2011/06/09 08:34:57 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~30859000r
[2011/06/09 08:34:57 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~30859000

========== Files Created - No Company Name ==========

[2011/07/01 20:38:19 | 000,000,512 | ---- | C] () -- C:\Users\Rob\Desktop\MBR.dat
[2011/07/01 18:18:06 | 000,516,608 | ---- | C] () -- C:\Users\Rob\Desktop\RogueKiller.exe
[2011/06/21 20:24:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/21 20:24:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/21 20:24:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/21 20:24:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/21 20:24:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/21 19:32:20 | 000,737,055 | ---- | C] () -- C:\Users\Rob\Desktop\explorer.exe
[2011/06/20 19:40:16 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/18 19:18:27 | 000,000,922 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk
[2011/06/18 19:18:27 | 000,000,903 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
[2011/06/17 16:59:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/17 16:59:00 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/16 20:25:50 | 000,001,095 | ---- | C] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/06/16 14:55:21 | 000,770,512 | ---- | C] () -- C:\Users\Rob\Desktop\Whole_Grain_Morning_Loaf.jpg
[2011/06/10 10:49:03 | 000,973,180 | ---- | C] () -- C:\Users\Rob\Desktop\A guide and tutorial on using ComboFix.mht
[2011/06/10 09:01:09 | 000,247,914 | ---- | C] () -- C:\Users\Rob\AppData\Local\census.cache
[2011/06/10 09:00:34 | 000,104,901 | ---- | C] () -- C:\Users\Rob\AppData\Local\ars.cache
[2011/06/10 08:49:18 | 000,000,036 | ---- | C] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache
[2011/06/09 08:34:57 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~30859000r
[2011/06/09 08:34:57 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~30859000
[2011/06/09 08:26:36 | 000,000,392 | -H-- | C] () -- C:\ProgramData\30859000
[2010/02/28 20:45:28 | 000,007,607 | -H-- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2010/02/28 20:08:42 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/28 01:36:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:55:27 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:02:04 | 000,346,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,680,672 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,127,512 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2010/03/07 13:42:05 | 000,000,000 | -H-D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Lite
[2011/02/14 21:11:03 | 000,000,000 | -H-D | M] -- C:\Users\Rob\AppData\Roaming\McGraw-HillLicensing
[2011/06/20 21:24:40 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2011/06/21 19:32:26 | 000,737,055 | ---- | M] () MD5=E9D1F355A561D781831EDC2839F2057B -- C:\Users\Rob\Desktop\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.INF >
[2009/07/14 00:50:12 | 000,001,666 | ---- | M] () MD5=0513FB1D99C3313A55B8C7F378AB5714 -- C:\Windows\inf\volsnap.inf
[2009/07/13 16:21:39 | 000,001,666 | ---- | M] () MD5=0513FB1D99C3313A55B8C7F378AB5714 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_x86_neutral_42f862e05fcb0306\volsnap.inf
[2009/07/13 16:21:39 | 000,001,666 | ---- | M] () MD5=0513FB1D99C3313A55B8C7F378AB5714 -- C:\Windows\winsxs\x86_volsnap.inf_31bf3856ad364e35_6.1.7600.16385_none_6d76054c9136060d\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2009/07/13 22:04:26 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\System32\DriverStore\en-US\volsnap.inf_loc
[2009/07/13 22:04:26 | 000,000,198 | ---- | M] () MD5=F040058B592FE682204B2FC15DDEAC0D -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_13398118e291963b\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2010/02/27 22:32:27 | 000,005,096 | ---- | M] () MD5=B3BFB2AF8B39807712EF0E01264CCE02 -- C:\Windows\inf\volsnap.PNF
[2010/02/27 22:32:27 | 000,005,096 | ---- | M] () MD5=DF2A743FD96AE6B44FDB877FD7CCF5A8 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_x86_neutral_42f862e05fcb0306\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2009/07/13 22:03:18 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747EC73A2F1046431763323C1E26F017 -- C:\Windows\System32\drivers\en-US\volsnap.sys.mui
[2009/07/13 22:03:18 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=747EC73A2F1046431763323C1E26F017 -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7afca05c2148f2a6\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/08/31 20:07:52 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/08/31 20:07:52 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/08/31 20:07:52 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/08/31 20:07:52 | 000,673,048 | ---- | M] (Microsoft Corporation)

< End of report >

Back to top of the page up there ^
MultiQuote
Reply

#28 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 02 July 2011 - 12:56 AM

ran OTL twice with no extras output.

Back to top of the page up there ^
MultiQuote
Reply

#29 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 02 July 2011 - 11:27 PM

Quote

ran OTL twice with no extras output.

Not to worry, my fault as it only runs on first scan unless selected!.. :rolleyes:

Try a full scan with MBAM again, make sure that you update it first.

Then see if TDSS Killer will run now.

Post back the logs, let me know if there is any improvement?

Thanks
Fred

Back to top of the page up there ^
MultiQuote
Reply

#30 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 07 July 2011 - 05:44 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/07/2011 at 12:02 PM

Application Version : 4.55.1000

Core Rules Database Version : 7293
Trace Rules Database Version: 5105

Scan type : Complete Scan
Total Scan Time : 00:34:26

Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 9460
Registry threats detected : 0
File items scanned : 22411
File threats detected : 61

Adware.Tracking Cookie
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@pro-market[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@viacom.adbureau[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@tribalfusion[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@apmebf[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@fastclick[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@imrworldwide[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@fastclick[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@advertising[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@mediaplex[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@lucidmedia[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@doubleclick[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@adbrite[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@r1-ads.ace.advertising[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@content.yieldmanager[3].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@ads.undertone[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@search.clicksfind[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@atdmt[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@search.hippofind[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@adxpose[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@media6degrees[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@pointroll[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@search.findsmy[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@dc.tremormedia[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@cdn.jemamedia[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@ad.yieldmanager[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@ads.pubmatic[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@theclickcheck[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@mediaplex[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@serving-sys[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@search.clickcheer[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@yieldmanager[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@zedo[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@content.yieldmanager[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@bs.serving-sys[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@ads.pointroll[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@collective-media[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@revsci[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@insightexpressai[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@interclick[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@a1.interclick[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@adserver.adtechus[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@www.burstbeacon[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@2o7[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@ru4[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@burstnet[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@search.clickwhale[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@invitemedia[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@realmedia[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@mediabrandsww[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@eas.apm.emediate[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@search.clicksare[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@amazonservices.122.2o7[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@newmusiccountdown.mevio[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@media6degrees[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@ads.bridgetrack[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@track.clickpayz[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@network.realmedia[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@questionmarket[2].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@www.burstnet[1].txt
C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\rob@legolas-media[2].txt
secure-us.imrworldwide.com [ C:\Users\Rob\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\47KDDETS ]

Back to top of the page up there ^
MultiQuote
Reply

#31 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 07 July 2011 - 06:50 PM

2011/07/07 13:49:04.0686 2652 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/07 13:49:05.0032 2652 ================================================================================
2011/07/07 13:49:05.0032 2652 SystemInfo:
2011/07/07 13:49:05.0032 2652
2011/07/07 13:49:05.0032 2652 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/07 13:49:05.0032 2652 Product type: Workstation
2011/07/07 13:49:05.0032 2652 ComputerName: ROB-LT
2011/07/07 13:49:05.0033 2652 UserName: Rob
2011/07/07 13:49:05.0033 2652 Windows directory: C:\Windows
2011/07/07 13:49:05.0033 2652 System windows directory: C:\Windows
2011/07/07 13:49:05.0033 2652 Processor architecture: Intel x86
2011/07/07 13:49:05.0033 2652 Number of processors: 1
2011/07/07 13:49:05.0033 2652 Page size: 0x1000
2011/07/07 13:49:05.0033 2652 Boot type: Normal boot
2011/07/07 13:49:05.0033 2652 ================================================================================
2011/07/07 13:49:06.0087 2652 Initialize success
2011/07/07 13:50:28.0748 2228 ================================================================================
2011/07/07 13:50:28.0748 2228 Scan started
2011/07/07 13:50:28.0748 2228 Mode: Manual;
2011/07/07 13:50:28.0748 2228 ================================================================================
2011/07/07 13:50:30.0856 2228 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/07 13:50:30.0934 2228 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/07 13:50:31.0031 2228 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/07 13:50:31.0118 2228 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/07 13:50:31.0180 2228 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/07 13:50:31.0241 2228 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/07 13:50:31.0460 2228 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/07/07 13:50:31.0519 2228 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/07 13:50:31.0604 2228 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/07 13:50:31.0694 2228 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/07 13:50:31.0744 2228 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/07 13:50:31.0784 2228 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/07 13:50:31.0847 2228 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/07 13:50:31.0960 2228 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/07 13:50:32.0015 2228 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/07 13:50:32.0071 2228 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/07 13:50:32.0132 2228 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/07 13:50:32.0205 2228 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/07 13:50:32.0330 2228 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/07 13:50:32.0392 2228 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/07 13:50:32.0459 2228 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/07 13:50:32.0578 2228 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/07 13:50:32.0820 2228 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/07 13:50:33.0136 2228 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/07 13:50:33.0222 2228 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/07 13:50:33.0293 2228 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/07 13:50:33.0380 2228 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/07 13:50:33.0444 2228 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/07 13:50:33.0498 2228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/07 13:50:33.0539 2228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/07 13:50:33.0880 2228 BrSerIb (08c7e41ff10f56e83b4f10b5e8b1e8b6) C:\Windows\system32\DRIVERS\BrSerIb.sys
2011/07/07 13:50:33.0958 2228 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/07 13:50:34.0010 2228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/07 13:50:34.0050 2228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/07 13:50:34.0091 2228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/07 13:50:34.0148 2228 BrUsbSIb (2132a117160f2a96a13c044ae9bced91) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2011/07/07 13:50:34.0188 2228 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/07 13:50:34.0458 2228 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/07 13:50:34.0530 2228 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/07 13:50:34.0593 2228 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/07 13:50:34.0661 2228 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/07 13:50:34.0723 2228 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/07 13:50:34.0782 2228 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/07 13:50:34.0848 2228 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/07 13:50:34.0923 2228 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/07 13:50:35.0074 2228 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/07 13:50:35.0125 2228 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/07 13:50:35.0229 2228 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/07/07 13:50:35.0334 2228 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/07/07 13:50:35.0401 2228 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/07 13:50:35.0478 2228 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/07 13:50:35.0616 2228 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows\system32\DRIVERS\DozeHDD.sys
2011/07/07 13:50:35.0798 2228 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/07 13:50:35.0903 2228 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/07 13:50:36.0140 2228 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/07 13:50:36.0406 2228 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/07 13:50:36.0472 2228 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/07 13:50:36.0580 2228 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/07 13:50:36.0653 2228 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/07 13:50:36.0724 2228 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/07 13:50:36.0794 2228 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/07 13:50:36.0916 2228 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/07 13:50:36.0983 2228 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/07 13:50:37.0038 2228 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/07 13:50:37.0130 2228 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/07 13:50:37.0184 2228 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/07 13:50:37.0252 2228 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/07 13:50:37.0309 2228 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/07 13:50:37.0364 2228 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/07 13:50:37.0433 2228 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/07 13:50:37.0475 2228 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/07 13:50:37.0517 2228 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/07 13:50:37.0582 2228 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/07 13:50:37.0730 2228 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/07 13:50:37.0863 2228 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/07 13:50:37.0933 2228 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/07 13:50:38.0015 2228 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/07 13:50:38.0172 2228 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/07 13:50:38.0249 2228 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/07 13:50:38.0374 2228 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/07/07 13:50:38.0453 2228 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/07 13:50:38.0530 2228 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/07 13:50:38.0637 2228 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/07 13:50:38.0782 2228 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/07 13:50:38.0836 2228 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/07 13:50:38.0900 2228 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
2011/07/07 13:50:38.0970 2228 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/07 13:50:39.0052 2228 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/07 13:50:39.0114 2228 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/07 13:50:39.0176 2228 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/07 13:50:39.0252 2228 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/07 13:50:39.0334 2228 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/07 13:50:39.0474 2228 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/07 13:50:39.0585 2228 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/07 13:50:39.0711 2228 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/07 13:50:39.0774 2228 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/07 13:50:39.0816 2228 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/07 13:50:39.0860 2228 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/07 13:50:39.0941 2228 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/07 13:50:40.0026 2228 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/07 13:50:40.0141 2228 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/07 13:50:40.0202 2228 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/07 13:50:40.0269 2228 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/07 13:50:40.0335 2228 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/07 13:50:40.0416 2228 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/07 13:50:40.0487 2228 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/07 13:50:40.0551 2228 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/07 13:50:40.0631 2228 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/07 13:50:40.0687 2228 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/07 13:50:40.0753 2228 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/07 13:50:40.0894 2228 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/07 13:50:40.0956 2228 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/07 13:50:41.0011 2228 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/07 13:50:41.0074 2228 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/07 13:50:41.0133 2228 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/07 13:50:41.0215 2228 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/07 13:50:41.0280 2228 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/07 13:50:41.0353 2228 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/07 13:50:41.0441 2228 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/07 13:50:41.0544 2228 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/07 13:50:41.0594 2228 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/07 13:50:41.0648 2228 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/07 13:50:41.0711 2228 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/07 13:50:41.0832 2228 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/07 13:50:41.0936 2228 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/07 13:50:42.0007 2228 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/07 13:50:42.0155 2228 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/07 13:50:42.0251 2228 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/07/07 13:50:42.0383 2228 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/07 13:50:42.0456 2228 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/07 13:50:42.0502 2228 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/07 13:50:42.0626 2228 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/07 13:50:42.0672 2228 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/07 13:50:42.0718 2228 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/07 13:50:42.0775 2228 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/07 13:50:42.0909 2228 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/07 13:50:43.0006 2228 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/07 13:50:43.0058 2228 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/07/07 13:50:43.0136 2228 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/07 13:50:43.0295 2228 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/07/07 13:50:43.0399 2228 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/07 13:50:43.0497 2228 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/07 13:50:43.0556 2228 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/07 13:50:43.0633 2228 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/07 13:50:43.0773 2228 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/07 13:50:43.0885 2228 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/07 13:50:43.0937 2228 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/07 13:50:43.0987 2228 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/07 13:50:44.0054 2228 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/07 13:50:44.0127 2228 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/07 13:50:44.0179 2228 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/07 13:50:44.0235 2228 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/07 13:50:44.0300 2228 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/07 13:50:44.0597 2228 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/07 13:50:44.0680 2228 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/07 13:50:44.0802 2228 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/07 13:50:44.0902 2228 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/07 13:50:45.0040 2228 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/07 13:50:45.0117 2228 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/07 13:50:45.0168 2228 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/07 13:50:45.0264 2228 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/07 13:50:45.0355 2228 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/07 13:50:45.0430 2228 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/07 13:50:45.0478 2228 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/07 13:50:45.0544 2228 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/07 13:50:45.0651 2228 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/07 13:50:45.0700 2228 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/07 13:50:45.0776 2228 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/07 13:50:45.0850 2228 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/07 13:50:45.0913 2228 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/07 13:50:45.0965 2228 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/07 13:50:46.0049 2228 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/07 13:50:46.0190 2228 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/07/07 13:50:46.0318 2228 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/07 13:50:46.0401 2228 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/07 13:50:46.0524 2228 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/07 13:50:46.0585 2228 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/07 13:50:46.0695 2228 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/07 13:50:46.0775 2228 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/07 13:50:46.0925 2228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/07 13:50:47.0043 2228 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/07 13:50:47.0096 2228 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/07 13:50:47.0149 2228 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/07 13:50:47.0244 2228 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/07 13:50:47.0283 2228 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/07 13:50:47.0324 2228 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/07 13:50:47.0394 2228 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/07 13:50:47.0503 2228 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/07 13:50:47.0561 2228 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/07 13:50:47.0604 2228 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/07 13:50:47.0693 2228 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/07 13:50:47.0881 2228 smwdm (96abbcacbee41c6d8b031246db16a78d) C:\Windows\system32\drivers\smwdm.sys
2011/07/07 13:50:48.0077 2228 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/07 13:50:48.0247 2228 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/07 13:50:48.0248 2228 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/07 13:50:48.0268 2228 sptd - detected LockedFile.Multi.Generic (1)
2011/07/07 13:50:48.0495 2228 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2011/07/07 13:50:48.0582 2228 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/07 13:50:48.0653 2228 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/07 13:50:48.0754 2228 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/07 13:50:48.0815 2228 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/07 13:50:48.0857 2228 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/07 13:50:48.0911 2228 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/07 13:50:49.0043 2228 SynTP (0953d53a2d272de4c4be1e6c6a2c90d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/07 13:50:49.0187 2228 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2011/07/07 13:50:49.0319 2228 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/07 13:50:49.0400 2228 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/07 13:50:49.0480 2228 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/07 13:50:49.0594 2228 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/07 13:50:49.0648 2228 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/07 13:50:49.0700 2228 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/07 13:50:49.0828 2228 TPM (317b746b6069a10d635fdbdf48723845) C:\Windows\system32\DRIVERS\tpm.sys
2011/07/07 13:50:49.0878 2228 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
2011/07/07 13:50:49.0981 2228 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/07 13:50:50.0057 2228 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/07 13:50:50.0117 2228 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/07 13:50:50.0177 2228 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/07 13:50:50.0350 2228 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/07 13:50:50.0430 2228 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/07 13:50:50.0480 2228 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/07 13:50:50.0565 2228 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/07 13:50:50.0607 2228 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/07 13:50:50.0664 2228 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/07 13:50:50.0730 2228 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/07 13:50:50.0774 2228 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/07 13:50:50.0835 2228 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/07 13:50:50.0912 2228 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/07 13:50:50.0979 2228 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/07 13:50:51.0090 2228 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/07 13:50:51.0168 2228 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/07 13:50:51.0240 2228 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/07 13:50:51.0299 2228 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/07 13:50:51.0387 2228 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/07 13:50:51.0460 2228 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/07 13:50:51.0505 2228 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/07 13:50:51.0558 2228 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/07 13:50:51.0629 2228 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/07 13:50:51.0672 2228 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/07 13:50:51.0741 2228 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/07 13:50:51.0877 2228 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/07 13:50:51.0935 2228 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/07 13:50:51.0939 2228 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/07 13:50:51.0959 2228 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/07 13:50:52.0028 2228 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/07 13:50:52.0111 2228 VSTHWICH (a864e0bfe76383ed7d5ffca51dcc0d5b) C:\Windows\system32\DRIVERS\VSTICH3.SYS
2011/07/07 13:50:52.0221 2228 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/07 13:50:52.0413 2228 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/07 13:50:52.0599 2228 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\Windows\system32\DRIVERS\w29n51.sys
2011/07/07 13:50:52.0821 2228 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/07 13:50:52.0895 2228 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/07 13:50:52.0927 2228 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/07 13:50:53.0033 2228 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/07 13:50:53.0128 2228 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/07 13:50:53.0273 2228 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/07 13:50:53.0330 2228 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/07 13:50:53.0411 2228 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/07 13:50:53.0687 2228 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/07 13:50:53.0772 2228 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/07 13:50:53.0903 2228 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/07 13:50:54.0002 2228 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/07 13:50:54.0058 2228 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/07 13:50:54.0175 2228 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/07 13:50:54.0218 2228 Boot (0x1200) (802bec36d1d85e1b935bc044a832993a) \Device\Harddisk0\DR0\Partition0
2011/07/07 13:50:54.0252 2228 Boot (0x1200) (c30a7085ceb9aecf433e105f227180a5) \Device\Harddisk0\DR0\Partition1
2011/07/07 13:50:54.0269 2228 ================================================================================
2011/07/07 13:50:54.0269 2228 Scan finished
2011/07/07 13:50:54.0269 2228 ================================================================================
2011/07/07 13:50:54.0299 3052 Detected object count: 2
2011/07/07 13:50:54.0299 3052 Actual detected object count: 2
2011/07/07 13:51:31.0258 3052 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/07 13:51:31.0786 3052 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/07 13:51:31.0788 3052 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/07 13:51:33.0112 3052 Backup copy found, using it..
2011/07/07 13:51:33.0147 3052 C:\Windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/07/07 13:51:33.0147 3052 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/07/07 13:52:23.0343 2584 Deinitialize success

Back to top of the page up there ^
MultiQuote
Reply

#32 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 07 July 2011 - 06:55 PM

note that tdsskiller still would not work after the mbaw scan so I re-downloaded it and it worked. I tested the one that I had downloaded to my desktop previously after I successfully ran tdsskiller from the new one and it still would not execute. Not really sure what the issue was but I deleted that file since it is kaput.

Back to top of the page up there ^
MultiQuote
Reply

#33 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 07 July 2011 - 10:30 PM

Probably a corrupted download or it got nobbled by the rootkit. Malware often is designed to block the running of these tools.

Did you reboot after the successful run of TDDSKiller?
If not please do so now.

You didn't say whether there was any improvement in the running of the system, are the redirects still happening or not?

Thanks
Fred

Back to top of the page up there ^
MultiQuote
Reply

#34 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 08 July 2011 - 01:43 AM

Sorry - was in the middle of rebooting and got distracted... I think it is fixed!!!!!!!! Will report back tomorrow on if it stays.

Back to top of the page up there ^
MultiQuote
Reply

#35 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 08 July 2011 - 07:34 AM

No problem, I'll get to this by this evening but:

2011/07/07 13:51:33.0147 3052 Rootkit.Win32.TDSS.tdl3(volsnap) - in the TDSS log is the offending item which made it important to get TDSSKiller to run. Seems to have done the job too.. :thumbsup:

We'll do a couple of extra scans to make sure before we have a cleanup though once I've had chance to check the logs out.

Meantime, run MBAM and post that log, (the one in above post is SuperantiSpyware not MBAM as requested).. :rolleyes:

Glad things are improving..

Thanks
Fred

This post has been edited by Fred Flintstone: 08 July 2011 - 07:34 AM

Back to top of the page up there ^
MultiQuote
Reply

#36 Robh123

Log'N'Rocker

Group: Members
Posts: 26
Joined: 10-June 11

Posted 08 July 2011 - 02:57 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7035

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/8/2011 10:56:41 AM
mbam-log-2011-07-08 (10-56-41).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 256160
Time elapsed: 32 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\programdata\defender.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rob\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Back to top of the page up there ^
MultiQuote
Reply

#37 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 08 July 2011 - 11:36 PM

Hi Rob,

CCleaner
Please download CCleaner ... © Piriform Ltd. (slim version) and save it to your desktop. CCleaner documentation can be found here...if needed.

To Install CCleaner:

Click the ccsetup???_slim.exe...icon on your desktop. (??? = version #'s)
Press the "Run"...(Security prompt). Select a language...Press "OK" ...button.
Click "Next"...(Welcome screen). Click "I Agree"...(License Agreement).
Click "Next" for default install location.
The default is set to C:\Program Files\CCleaner. Unless you want it installed elsewhere, just leave it.
Check the "Install Options", you want.
Click "Install". Click "Finish" when prompted.

To Run CCleaner:

Click CCleaner desktop icon or Start Menu item...(depending on install options)
Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
A pop up box will appear advising this process will permanently delete files from your system.
Select the items to clean up.
- Clean all entries in the "Internet Explorer".
  Note: "Cookies"...box. If checked will require re-entry of user names, passwords on "next" visit to sites that require users log in.
- Clean all the entries in the "Windows Explorer" section.
- Clean all entries in the "System" section...except "Start Menu Shortcuts" and "Desktop Shortcuts" uncheck these 2 items.
- *Uncheck* the "Advanced" section.
- Clean all in the "Firefox/Mozilla" section. (if you use it)
  Firefox Caution: "Saved Form Information"...box. If checked will remove all your saved passwords, if you use that feature.
- Clean all in the "Opera" section. (if you use it)
- Clean all in the "Applications" section.
- Clean all in the "Internet" Section.
- Clean all in the "Multimedia" section. (if you use them)
- Clean all in the "Utilities" section. (if you use them)
- Clean all in the "Windows" section.
Then click the "Run Cleaner" button and it will scan and clean your system.
Close CCleaner when finished.

FYI...You may see some files "marked" for deletion when Windows restarts...this is because they are "in use" by the system and can't be removed until restart.
CAUTION: Please do NOT use the "Issues" button in the left pane.
This is a built-in registry cleaner. Removing certain entries can render your computer inoperable!

Next

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Hold down Control then click on the following link to open a new window to ESET online scannner
Then click on:

Quote
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Finally..

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2

Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.

Thanks
Fred

Back to top of the page up there ^
MultiQuote
Reply

#38 Fred Flintstone

Dave Gilmour

Group: Malware Experts
Posts: 2,515
Joined: 20-April 08
Gender:Male
Location:Somerset

Posted 03 August 2011 - 11:03 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Back to top of the page up there ^
MultiQuote
Reply

(2 Pages)
←
1
2

You cannot start a new topic
This topic is locked

Log'N'Rock: Google keeps re-directing [INACTIVE] - Log'N'Rock

Google keeps re-directing [INACTIVE] Google keeps re-directing

#21 Robh123

#22 Fred Flintstone

#23 Robh123

#24 Fred Flintstone

#25 Robh123

#26 Robh123

#27 Robh123

#28 Robh123

#29 Fred Flintstone

#30 Robh123

#31 Robh123

#32 Robh123

#33 Fred Flintstone

#34 Robh123

#35 Fred Flintstone

#36 Robh123

#37 Fred Flintstone

#38 Fred Flintstone

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

Log'N'Rock: Google keeps re-directing [INACTIVE] - Log'N'Rock

Google keeps re-directing [INACTIVE] Google keeps re-directing

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users