Help!! Search web sites keep redirecting

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

JonnyJabs

Thread Starter
Joined
Dec 28, 2010
Messages
5
Please help. Any search engine site keeps redirecting me to random sites. Here are my logs.

High Jack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:51 PM, on 12/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jonny\Downloads\HijackThis(3).exe
C:\Users\Jonny\Desktop\HijackThis.exe
C:\windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe

--
End of file - 6956 bytes


Here is my DDS log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jonny at 17:03:23.85 on Tue 12/28/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.247 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\Jonny\Downloads\HijackThis(3).exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Jonny\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jonny\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\18td9kei.default\
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1105000.07f\SymDS.sys [2010-8-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1105000.07f\SymEFA.sys [2010-8-21 172592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-24 165584]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1105000.07f\cchpx86.sys [2010-8-21 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101228.001\IDSvix86.sys [2010-12-28 353912]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-21 10752]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1105000.07f\Ironx86.sys [2010-8-21 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1105000.07f\symtdiv.sys [2010-8-21 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-24 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.5.0.127\ccSvcHst.exe [2010-8-21 126392]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-5-31 2057560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-27 102448]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-8-22 109056]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

=============== Created Last 30 ================

2010-12-28 03:52:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-28 03:52:27 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-28 02:39:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-27 22:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 22:23:42 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-27 21:27:09 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes
2010-12-27 21:27:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 21:26:58 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-27 21:26:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 21:26:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 05:30:13 94208 ----a-w- c:\windows\DIIUnin.exe
2010-12-27 05:30:13 2829 ----a-w- c:\windows\DIIUnin.pif
2010-12-27 05:25:55 -------- d-----w- c:\program files\Diablo II(1)
2010-12-27 02:58:25 -------- d-----w- c:\program files\Diablo II
2010-12-26 23:13:51 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-12-26 23:13:50 -------- d-----w- c:\program files\MagicDisc
2010-12-26 22:54:19 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 22:54:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 22:45:19 -------- d-----w- c:\users\jonny\appdata\local\Diagnostics
2010-12-26 22:31:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-26 22:31:18 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-26 22:31:18 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-12-26 22:14:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-26 22:13:47 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-12-26 22:13:03 -------- d-----w- c:\users\jonny\appdata\roaming\DAEMON Tools Lite
2010-12-26 22:12:57 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-12-26 20:09:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-26 20:09:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-26 20:09:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-26 20:09:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-26 20:09:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-26 06:18:55 -------- d-----w- c:\users\jonny\appdata\local\Google
2010-12-26 06:18:01 -------- d-----w- c:\windows\system32\Adobe
2010-12-25 21:50:05 -------- d-----w- c:\users\jonny\appdata\local\DFX
2010-12-25 21:48:57 -------- d-----w- c:\progra~2\DFX
2010-12-25 21:48:53 -------- d-----w- c:\program files\common files\DFX
2010-12-25 21:48:52 -------- d-----w- c:\program files\DFX
2010-12-25 21:31:00 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-12-25 21:30:59 -------- d-----w- c:\program files\AC3Filter
2010-12-25 19:51:59 -------- d-----w- c:\program files\Mediatwins software
2010-12-25 18:26:55 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-25 18:26:52 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-25 18:26:51 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-25 18:26:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-25 18:26:38 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-25 18:26:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-25 18:26:26 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-25 18:26:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-25 18:26:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-25 18:26:11 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-25 18:26:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-12-25 18:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-25 18:23:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-25 18:23:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-25 18:22:46 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 08:12:13 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-25 08:11:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-25 08:10:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-25 08:09:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-25 08:08:56 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 08:08:31 74520 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DSETUP.dll
2010-12-25 08:08:31 484632 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DXSETUP.exe
2010-12-25 08:08:31 1670936 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\dsetup32.dll
2010-12-25 08:07:47 141399376 ----a-w- c:\program files\common files\windows live\.cache\wlc816E.tmp
2010-12-25 08:07:11 -------- d-----w- c:\program files\common files\Windows Live
2010-12-25 08:06:37 -------- d-----w- c:\progra~2\OberonGameConsole
2010-12-25 08:01:56 131368 ----a-w- c:\progra~2\FullRemove.exe
2010-12-25 08:01:53 -------- d-----w- c:\program files\common files\Oberon Media
2010-12-25 08:01:36 -------- d-----w- c:\program files\Game Pack
2010-12-25 08:01:24 -------- d-----w- c:\users\jonny\appdata\local\Adobe
2010-12-25 06:34:56 -------- d-----w- c:\program files\Conduit
2010-12-25 06:34:53 -------- d-----w- c:\program files\ConduitEngine
2010-12-25 06:34:49 -------- d-----w- c:\program files\uTorrentBar
2010-12-25 06:34:46 -------- d-----w- C:\extensions
2010-12-25 06:34:40 -------- d-----w- c:\program files\uTorrent
2010-12-25 06:33:40 -------- d-----w- c:\users\jonny\appdata\roaming\uTorrent
2010-12-25 06:27:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-25 06:27:19 38848 ----a-w- c:\windows\avastSS.scr
2010-12-25 06:27:14 -------- d-----w- c:\progra~2\Alwil Software
2010-12-25 05:52:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eb540ec8-e19f-4bc6-ab88-a49006b5f5a5}\mpengine.dll
2010-12-25 05:52:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 05:44:41 -------- d-----w- c:\users\jonny\appdata\roaming\Sling Media
2010-12-25 05:44:41 -------- d-----w- c:\progra~2\Sling Media

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8531A555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x853207b0]; MOV EAX, [0x8532082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81C8C458] -> \Device\Harddisk0\DR0[0x852F4948]
3 CLASSPNP[0x8680459E] -> ntkrnlpa!IofCallDriver[0x81C8C458] -> [0x854C8028]
\Driver\iaStor[0x852F7DD0] -> IRP_MJ_CREATE -> 0x8531A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&1ba53893&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 17:06:30.69 ===============


Here is my ARK log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-28 17:16:18
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.2AC1
Running: e6xy3fvi.exe; Driver: C:\Users\Jonny\AppData\Local\Temp\kglyapoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [866B3360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \FileSystem\Ntfs \Ntfs 848011F8

AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&1ba53893&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----




Please help..
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.
 

JonnyJabs

Thread Starter
Joined
Dec 28, 2010
Messages
5
definitely still need some help.. here is the current dds log

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jonny at 19:14:25.99 on Wed 12/29/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.378 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Samsung\SFB\SmartRestarter.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Jonny\Downloads\dds.scr
C:\windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\18td9kei.default\
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coFFPlgn

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1105000.07f\SymDS.sys [2010-8-21 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1105000.07f\SymEFA.sys [2010-8-21 172592]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-24 165584]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1105000.07f\cchpx86.sys [2010-8-21 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101228.001\IDSvix86.sys [2010-12-28 353912]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-21 10752]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1105000.07f\Ironx86.sys [2010-8-21 116272]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1105000.07f\symtdiv.sys [2010-8-21 340016]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-24 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.5.0.127\ccSvcHst.exe [2010-8-21 126392]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-5-31 2057560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-27 102448]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-8-22 109056]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

=============== Created Last 30 ================

2010-12-28 03:52:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-28 03:52:27 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-28 02:39:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-27 22:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 22:23:42 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-27 21:27:09 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes
2010-12-27 21:27:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 21:26:58 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-27 21:26:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 21:26:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 05:30:13 94208 ----a-w- c:\windows\DIIUnin.exe
2010-12-27 05:30:13 2829 ----a-w- c:\windows\DIIUnin.pif
2010-12-27 05:25:55 -------- d-----w- c:\program files\Diablo II(1)
2010-12-27 02:58:25 -------- d-----w- c:\program files\Diablo II
2010-12-26 23:13:51 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-12-26 23:13:50 -------- d-----w- c:\program files\MagicDisc
2010-12-26 22:54:19 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 22:54:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 22:45:19 -------- d-----w- c:\users\jonny\appdata\local\Diagnostics
2010-12-26 22:31:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-26 22:31:18 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-26 22:31:18 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-12-26 22:14:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-26 22:13:03 -------- d-----w- c:\users\jonny\appdata\roaming\DAEMON Tools Lite
2010-12-26 22:12:57 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-12-26 20:09:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-26 20:09:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-26 20:09:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-26 20:09:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-26 20:09:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-26 06:18:55 -------- d-----w- c:\users\jonny\appdata\local\Google
2010-12-26 06:18:01 -------- d-----w- c:\windows\system32\Adobe
2010-12-25 21:50:05 -------- d-----w- c:\users\jonny\appdata\local\DFX
2010-12-25 21:48:57 -------- d-----w- c:\progra~2\DFX
2010-12-25 21:48:53 -------- d-----w- c:\program files\common files\DFX
2010-12-25 21:48:52 -------- d-----w- c:\program files\DFX
2010-12-25 21:31:00 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-12-25 21:30:59 -------- d-----w- c:\program files\AC3Filter
2010-12-25 19:51:59 -------- d-----w- c:\program files\Mediatwins software
2010-12-25 18:26:55 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-25 18:26:52 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-25 18:26:51 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-25 18:26:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-25 18:26:38 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-25 18:26:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-25 18:26:26 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-25 18:26:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-25 18:26:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-25 18:26:11 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-25 18:26:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-12-25 18:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-25 18:23:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-25 18:23:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-25 18:22:46 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 08:12:13 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-25 08:11:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-25 08:10:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-25 08:09:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-25 08:08:56 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 08:08:31 74520 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DSETUP.dll
2010-12-25 08:08:31 484632 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DXSETUP.exe
2010-12-25 08:08:31 1670936 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\dsetup32.dll
2010-12-25 08:07:47 141399376 ----a-w- c:\program files\common files\windows live\.cache\wlc816E.tmp
2010-12-25 08:07:11 -------- d-----w- c:\program files\common files\Windows Live
2010-12-25 08:06:37 -------- d-----w- c:\progra~2\OberonGameConsole
2010-12-25 08:01:56 131368 ----a-w- c:\progra~2\FullRemove.exe
2010-12-25 08:01:53 -------- d-----w- c:\program files\common files\Oberon Media
2010-12-25 08:01:36 -------- d-----w- c:\program files\Game Pack
2010-12-25 08:01:24 -------- d-----w- c:\users\jonny\appdata\local\Adobe
2010-12-25 06:34:56 -------- d-----w- c:\program files\Conduit
2010-12-25 06:34:53 -------- d-----w- c:\program files\ConduitEngine
2010-12-25 06:34:49 -------- d-----w- c:\program files\uTorrentBar
2010-12-25 06:34:46 -------- d-----w- C:\extensions
2010-12-25 06:34:40 -------- d-----w- c:\program files\uTorrent
2010-12-25 06:33:40 -------- d-----w- c:\users\jonny\appdata\roaming\uTorrent
2010-12-25 06:27:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-25 06:27:19 38848 ----a-w- c:\windows\avastSS.scr
2010-12-25 06:27:14 -------- d-----w- c:\progra~2\Alwil Software
2010-12-25 05:52:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eb540ec8-e19f-4bc6-ab88-a49006b5f5a5}\mpengine.dll
2010-12-25 05:52:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 05:44:41 -------- d-----w- c:\users\jonny\appdata\roaming\Sling Media
2010-12-25 05:44:41 -------- d-----w- c:\progra~2\Sling Media

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x852F8555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x852fe7b0]; MOV EAX, [0x852fe82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81C8F458] -> \Device\Harddisk0\DR0[0x852D5AC8]
3 CLASSPNP[0x86E7259E] -> ntkrnlpa!IofCallDriver[0x81C8F458] -> [0x854F4590]
\Driver\iaStor[0x852DFB30] -> IRP_MJ_CREATE -> 0x852F8555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&1ba53893&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 19:16:51.07 ===============



I cant attach the attach file and dont know if i should post it on the forum..
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 

JonnyJabs

Thread Starter
Joined
Dec 28, 2010
Messages
5
well.. i keep trying to run combofix but when i run it it just freezes.. it almost completes and then frozen.. any ideas??
 

JonnyJabs

Thread Starter
Joined
Dec 28, 2010
Messages
5
i tried to run combofix in safe mode and when i do it it completes the scan but then the computer crashes and i get the blue screen.. i tried it multiple times with the same results..
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Let's try other thing.

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 

JonnyJabs

Thread Starter
Joined
Dec 28, 2010
Messages
5
ok.. here is the tdsskiller log..

2011/01/01 18:31:23.0125 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/01 18:31:23.0125 ================================================================================
2011/01/01 18:31:23.0125 SystemInfo:
2011/01/01 18:31:23.0125
2011/01/01 18:31:23.0125 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/01 18:31:23.0125 Product type: Workstation
2011/01/01 18:31:23.0125 ComputerName: POOP-TOP
2011/01/01 18:31:23.0140 UserName: Jonny
2011/01/01 18:31:23.0140 Windows directory: C:\windows
2011/01/01 18:31:23.0140 System windows directory: C:\windows
2011/01/01 18:31:23.0140 Processor architecture: Intel x86
2011/01/01 18:31:23.0140 Number of processors: 2
2011/01/01 18:31:23.0140 Page size: 0x1000
2011/01/01 18:31:23.0140 Boot type: Normal boot
2011/01/01 18:31:23.0140 ================================================================================
2011/01/01 18:31:23.0827 Initialize success
2011/01/01 18:31:27.0696 ================================================================================
2011/01/01 18:31:27.0696 Scan started
2011/01/01 18:31:27.0696 Mode: Manual;
2011/01/01 18:31:27.0696 ================================================================================
2011/01/01 18:31:28.0195 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/01 18:31:28.0335 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/01 18:31:28.0429 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/01 18:31:28.0538 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/01 18:31:28.0725 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/01 18:31:28.0834 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/01 18:31:28.0990 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/01/01 18:31:29.0053 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/01/01 18:31:29.0146 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/01/01 18:31:29.0287 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/01/01 18:31:29.0396 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/01/01 18:31:29.0490 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/01/01 18:31:29.0583 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/01 18:31:29.0708 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/01 18:31:29.0802 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/01 18:31:29.0911 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/01 18:31:30.0020 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/01 18:31:30.0145 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/01/01 18:31:30.0270 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/01/01 18:31:30.0363 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/01 18:31:30.0472 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\windows\system32\drivers\aswFsBlk.sys
2011/01/01 18:31:30.0738 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\windows\system32\drivers\aswMonFlt.sys
2011/01/01 18:31:30.0956 aswRdr (69823954bbd461a73d69774928c9737e) C:\windows\system32\drivers\aswRdr.sys
2011/01/01 18:31:31.0190 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\windows\system32\drivers\aswSP.sys
2011/01/01 18:31:31.0377 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\windows\system32\drivers\aswTdi.sys
2011/01/01 18:31:31.0705 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/01 18:31:31.0954 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/01/01 18:31:32.0454 athr (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
2011/01/01 18:31:33.0998 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/01/01 18:31:43.0171 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/01/01 18:31:43.0701 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/01/01 18:31:44.0419 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
2011/01/01 18:31:45.0199 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/01 18:31:45.0714 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/01/01 18:31:46.0119 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/01 18:31:46.0618 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/01 18:31:47.0258 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/01/01 18:31:47.0866 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/01 18:31:48.0334 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/01 18:31:48.0787 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/01 18:31:49.0239 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/01/01 18:31:49.0801 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/01 18:31:50.0425 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/01/01 18:31:51.0158 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/01/01 18:31:51.0720 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/01/01 18:31:52.0437 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
2011/01/01 18:31:53.0077 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/01 18:31:53.0654 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/01 18:31:54.0278 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/01/01 18:31:54.0793 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/01/01 18:31:55.0432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/01 18:31:55.0885 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/01 18:31:56.0119 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/01/01 18:31:56.0384 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/01 18:31:56.0681 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/01 18:31:56.0899 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/01 18:31:57.0585 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/01/01 18:31:57.0773 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/01/01 18:31:57.0960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/01/01 18:31:58.0272 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/01/01 18:31:58.0584 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/01 18:31:59.0863 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/01/01 18:32:00.0518 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/01 18:32:01.0220 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/01 18:32:01.0595 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/01/01 18:32:02.0031 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/01/01 18:32:02.0312 ETD (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys
2011/01/01 18:32:02.0531 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/01/01 18:32:02.0671 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/01/01 18:32:02.0827 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/01/01 18:32:02.0952 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/01/01 18:32:03.0123 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/01/01 18:32:03.0279 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/01 18:32:03.0498 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/01/01 18:32:03.0654 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/01/01 18:32:03.0950 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\windows\system32\DRIVERS\fssfltr.sys
2011/01/01 18:32:04.0434 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/01 18:32:04.0980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/01 18:32:05.0167 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/01 18:32:05.0791 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/01/01 18:32:06.0025 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/01/01 18:32:06.0243 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/01 18:32:06.0337 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/01 18:32:06.0462 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/01 18:32:06.0587 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/01/01 18:32:06.0914 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/01 18:32:07.0211 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/01 18:32:07.0819 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/01/01 18:32:07.0959 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/01/01 18:32:08.0084 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/01 18:32:08.0334 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/01 18:32:08.0568 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/01 18:32:09.0192 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101229.002\IDSvix86.sys
2011/01/01 18:32:10.0409 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/01/01 18:32:11.0235 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/01 18:32:12.0078 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
2011/01/01 18:32:12.0858 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/01/01 18:32:13.0045 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/01 18:32:13.0248 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/01 18:32:13.0466 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/01 18:32:13.0560 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/01/01 18:32:13.0763 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/01/01 18:32:13.0997 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/01 18:32:14.0199 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/01 18:32:14.0574 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/01 18:32:14.0777 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/01 18:32:14.0917 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/01/01 18:32:15.0073 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/01 18:32:15.0416 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/01 18:32:15.0619 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/01 18:32:15.0806 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/01 18:32:16.0149 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/01 18:32:16.0461 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/01 18:32:16.0742 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/01/01 18:32:17.0163 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys
2011/01/01 18:32:17.0397 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/01/01 18:32:17.0725 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/01 18:32:17.0990 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/01/01 18:32:18.0287 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/01/01 18:32:18.0505 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/01 18:32:18.0677 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/01 18:32:18.0801 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/01/01 18:32:18.0895 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/01/01 18:32:19.0082 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/01/01 18:32:19.0176 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/01/01 18:32:19.0379 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/01 18:32:19.0519 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/01 18:32:19.0675 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/01 18:32:19.0862 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/01/01 18:32:20.0127 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/01 18:32:20.0237 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/01/01 18:32:20.0330 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/01 18:32:20.0393 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/01 18:32:20.0533 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/01 18:32:20.0595 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/01 18:32:20.0689 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/01/01 18:32:20.0767 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/01/01 18:32:20.0892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/01 18:32:20.0954 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/01/01 18:32:21.0032 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/01 18:32:21.0126 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/01/01 18:32:21.0422 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/01 18:32:21.0812 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101230.036\NAVENG.SYS
2011/01/01 18:32:22.0171 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101230.036\NAVEX15.SYS
2011/01/01 18:32:22.0764 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/01/01 18:32:23.0325 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/01/01 18:32:23.0871 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/01 18:32:24.0371 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/01 18:32:24.0495 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/01 18:32:24.0589 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/01/01 18:32:24.0698 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/01/01 18:32:24.0839 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/01/01 18:32:24.0995 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/01/01 18:32:25.0151 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/01/01 18:32:25.0275 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/01/01 18:32:25.0837 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/01/01 18:32:27.0085 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/01/01 18:32:27.0834 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/01/01 18:32:28.0458 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/01/01 18:32:28.0785 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/01/01 18:32:28.0895 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/01 18:32:29.0113 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/01/01 18:32:29.0207 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/01/01 18:32:29.0331 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/01/01 18:32:29.0659 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/01/01 18:32:29.0815 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/01/01 18:32:30.0033 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/01 18:32:30.0174 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/01/01 18:32:30.0470 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/01/01 18:32:31.0063 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/01 18:32:31.0375 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/01/01 18:32:31.0812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/01/01 18:32:32.0264 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/01 18:32:32.0997 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/01 18:32:33.0185 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/01/01 18:32:33.0278 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/01 18:32:33.0403 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/01 18:32:33.0528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/01 18:32:33.0621 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/01 18:32:33.0699 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/01 18:32:33.0793 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/01 18:32:33.0871 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/01/01 18:32:33.0949 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/01 18:32:34.0058 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/01/01 18:32:34.0136 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/01/01 18:32:34.0199 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/01/01 18:32:34.0308 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/01/01 18:32:34.0479 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/01/01 18:32:34.0635 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/01 18:32:34.0698 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/01/01 18:32:34.0791 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
2011/01/01 18:32:34.0932 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/01/01 18:32:35.0041 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/01 18:32:35.0166 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/01 18:32:35.0353 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/01/01 18:32:35.0493 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/01/01 18:32:35.0587 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/01/01 18:32:35.0665 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/01 18:32:35.0821 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/01/01 18:32:35.0915 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/01/01 18:32:35.0977 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/01/01 18:32:36.0039 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/01 18:32:36.0149 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/01/01 18:32:36.0242 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/01 18:32:36.0351 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/01 18:32:36.0445 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/01/01 18:32:36.0585 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/01/01 18:32:36.0819 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/01/01 18:32:36.0819 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/01 18:32:36.0851 sptd - detected Locked file (1)
2011/01/01 18:32:36.0975 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS
2011/01/01 18:32:37.0085 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
2011/01/01 18:32:37.0194 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/01/01 18:32:37.0303 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/01/01 18:32:37.0365 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/01 18:32:37.0490 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/01 18:32:37.0615 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/01/01 18:32:37.0802 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
2011/01/01 18:32:37.0927 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
2011/01/01 18:32:38.0083 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
2011/01/01 18:32:38.0208 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
2011/01/01 18:32:38.0364 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
2011/01/01 18:32:38.0582 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/01/01 18:32:38.0754 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/01 18:32:38.0847 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/01/01 18:32:38.0925 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/01/01 18:32:39.0003 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/01/01 18:32:39.0081 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/01/01 18:32:39.0144 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/01/01 18:32:39.0362 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/01 18:32:39.0503 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/01 18:32:39.0581 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/01 18:32:39.0690 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/01/01 18:32:39.0830 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/01 18:32:39.0971 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/01/01 18:32:40.0033 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/01/01 18:32:40.0158 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/01 18:32:40.0251 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/01 18:32:40.0329 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/01 18:32:40.0423 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/01 18:32:40.0532 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/01 18:32:40.0610 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/01 18:32:40.0673 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/01 18:32:40.0766 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/01 18:32:40.0875 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/01/01 18:32:41.0016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/01 18:32:41.0109 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/01 18:32:41.0187 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/01/01 18:32:41.0297 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/01 18:32:41.0375 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/01/01 18:32:41.0453 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/01/01 18:32:41.0531 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/01/01 18:32:41.0624 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/01 18:32:41.0733 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/01/01 18:32:41.0843 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/01 18:32:41.0952 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/01 18:32:42.0092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/01 18:32:42.0170 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/01/01 18:32:42.0295 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/01 18:32:42.0373 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/01 18:32:42.0451 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/01 18:32:42.0591 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/01/01 18:32:42.0685 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/01/01 18:32:42.0903 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/01 18:32:42.0981 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/01/01 18:32:43.0262 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/01 18:32:43.0418 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/01 18:32:43.0574 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/01/01 18:32:43.0621 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/01 18:32:43.0793 yukonw7 (49d10b542dacfbb0e2ebf3e59f83ef21) C:\windows\system32\DRIVERS\yk62x86.sys
2011/01/01 18:32:43.0933 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/01 18:32:43.0933 ================================================================================
2011/01/01 18:32:43.0949 Scan finished
2011/01/01 18:32:43.0949 ================================================================================
2011/01/01 18:32:43.0980 Detected object count: 2
2011/01/01 18:32:57.0146 Locked file(sptd) - User select action: Skip
2011/01/01 18:32:57.0209 \HardDisk0 - will be cured after reboot
2011/01/01 18:32:57.0240 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/01 18:33:03.0885 Deinitialize success



and an updated dds log in case you need it..


DDS (Ver_10-12-12.02) - NTFSx86
Run by Jonny at 18:52:45.92 on Sat 01/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.414 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\SFB\SmartRestarter.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jonny\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://samsung.msn.com
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\18td9kei.default\
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coFFPlgn

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-12-30 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-12-30 173104]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-25 165584]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-12-30 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101229.002\IDSvix86.sys [2010-12-30 353912]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-21 10752]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-12-30 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-12-30 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-25 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-25 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-25 40384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-12-30 126392]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-27 102448]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-8-22 109056]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-26 136176]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-25 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-25 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

=============== Created Last 30 ================

2011-01-01 23:27:39 -------- d-----w- C:\tdsskiller
2010-12-31 14:57:42 -------- d-----w- c:\users\jonny\appdata\local\CrashDumps
2010-12-31 02:38:13 3999600 ----a-w- C:\ComboFix(2).exe
2010-12-31 02:32:19 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
2010-12-31 02:32:19 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
2010-12-31 02:32:19 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
2010-12-31 02:32:19 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
2010-12-31 02:32:18 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
2010-12-31 02:32:18 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
2010-12-31 02:32:18 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
2010-12-31 02:31:21 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
2010-12-30 03:37:25 -------- d-----w- c:\users\jonny\appdata\roaming\Tific
2010-12-30 03:37:21 -------- d-----w- c:\users\jonny\appdata\local\Symantec
2010-12-28 03:52:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-28 03:52:27 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-28 02:39:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-27 22:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 22:23:42 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-27 21:27:09 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes
2010-12-27 21:27:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 21:26:58 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-27 21:26:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-27 21:26:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 05:30:13 94208 ----a-w- c:\windows\DIIUnin.exe
2010-12-27 05:30:13 2829 ----a-w- c:\windows\DIIUnin.pif
2010-12-27 05:25:55 -------- d-----w- c:\program files\Diablo II(1)
2010-12-27 02:58:25 -------- d-----w- c:\program files\Diablo II
2010-12-26 23:13:51 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-12-26 23:13:50 -------- d-----w- c:\program files\MagicDisc
2010-12-26 22:54:19 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-12-26 22:54:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-26 22:45:19 -------- d-----w- c:\users\jonny\appdata\local\Diagnostics
2010-12-26 22:31:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-12-26 22:31:18 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-12-26 22:31:18 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-12-26 22:14:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-12-26 22:13:03 -------- d-----w- c:\users\jonny\appdata\roaming\DAEMON Tools Lite
2010-12-26 22:12:57 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-12-26 20:09:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-26 20:09:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-26 20:09:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-26 20:09:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-26 20:09:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-26 06:18:55 -------- d-----w- c:\users\jonny\appdata\local\Google
2010-12-26 06:18:01 -------- d-----w- c:\windows\system32\Adobe
2010-12-25 21:50:05 -------- d-----w- c:\users\jonny\appdata\local\DFX
2010-12-25 21:48:57 -------- d-----w- c:\progra~2\DFX
2010-12-25 21:48:53 -------- d-----w- c:\program files\common files\DFX
2010-12-25 21:48:52 -------- d-----w- c:\program files\DFX
2010-12-25 21:31:00 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-12-25 21:30:59 -------- d-----w- c:\program files\AC3Filter
2010-12-25 19:51:59 -------- d-----w- c:\program files\Mediatwins software
2010-12-25 18:26:55 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-12-25 18:26:52 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-12-25 18:26:51 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-12-25 18:26:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-12-25 18:26:38 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-25 18:26:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-25 18:26:26 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-25 18:26:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-25 18:26:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-25 18:26:11 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-25 18:26:09 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-12-25 18:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-25 18:23:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-25 18:23:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-12-25 18:22:46 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-25 08:12:13 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-12-25 08:11:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-25 08:10:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-12-25 08:09:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-25 08:08:56 -------- d-----w- c:\windows\PCHEALTH
2010-12-25 08:08:31 74520 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DSETUP.dll
2010-12-25 08:08:31 484632 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DXSETUP.exe
2010-12-25 08:08:31 1670936 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\dsetup32.dll
2010-12-25 08:07:47 141399376 ----a-w- c:\program files\common files\windows live\.cache\wlc816E.tmp
2010-12-25 08:07:11 -------- d-----w- c:\program files\common files\Windows Live
2010-12-25 08:06:37 -------- d-----w- c:\progra~2\OberonGameConsole
2010-12-25 08:01:56 131368 ----a-w- c:\progra~2\FullRemove.exe
2010-12-25 08:01:53 -------- d-----w- c:\program files\common files\Oberon Media
2010-12-25 08:01:36 -------- d-----w- c:\program files\Game Pack
2010-12-25 08:01:24 -------- d-----w- c:\users\jonny\appdata\local\Adobe
2010-12-25 06:34:56 -------- d-----w- c:\program files\Conduit
2010-12-25 06:34:53 -------- d-----w- c:\program files\ConduitEngine
2010-12-25 06:34:49 -------- d-----w- c:\program files\uTorrentBar
2010-12-25 06:34:46 -------- d-----w- C:\extensions
2010-12-25 06:34:40 -------- d-----w- c:\program files\uTorrent
2010-12-25 06:33:40 -------- d-----w- c:\users\jonny\appdata\roaming\uTorrent
2010-12-25 06:27:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-25 06:27:19 38848 ----a-w- c:\windows\avastSS.scr
2010-12-25 06:27:14 -------- d-----w- c:\progra~2\Alwil Software
2010-12-25 05:52:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eb540ec8-e19f-4bc6-ab88-a49006b5f5a5}\mpengine.dll
2010-12-25 05:52:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-25 05:44:41 -------- d-----w- c:\users\jonny\appdata\roaming\Sling Media
2010-12-25 05:44:41 -------- d-----w- c:\progra~2\Sling Media

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 18:55:33.14 ===============


thanks.. and happy new year..
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Please post attach.txt contents too.

Happy New Year 2011.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top