1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help!! Search web sites keep redirecting

Discussion in 'Virus & Other Malware Removal' started by JonnyJabs, Dec 28, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. JonnyJabs

    JonnyJabs Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    5
    Please help. Any search engine site keeps redirecting me to random sites. Here are my logs.

    High Jack This Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:01:51 PM, on 12/28/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Jonny\Downloads\HijackThis(3).exe
    C:\Users\Jonny\Desktop\HijackThis.exe
    C:\windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll
    O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe

    --
    End of file - 6956 bytes


    Here is my DDS log:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jonny at 17:03:23.85 on Tue 12/28/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.247 [GMT -8:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security Netbook Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security Netbook Edition *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\taskeng.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Users\Jonny\Downloads\HijackThis(3).exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Users\Jonny\Downloads\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://samsung.msn.com
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\jonny\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\18td9kei.default\
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1105000.07f\SymDS.sys [2010-8-21 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1105000.07f\SymEFA.sys [2010-8-21 172592]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-24 165584]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1105000.07f\cchpx86.sys [2010-8-21 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101228.001\IDSvix86.sys [2010-12-28 353912]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-21 10752]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1105000.07f\Ironx86.sys [2010-8-21 116272]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1105000.07f\symtdiv.sys [2010-8-21 340016]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-24 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-24 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.5.0.127\ccSvcHst.exe [2010-8-21 126392]
    R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-5-31 2057560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-27 102448]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-8-22 109056]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 136176]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

    =============== Created Last 30 ================

    2010-12-28 03:52:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-28 03:52:27 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-12-28 02:39:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-27 22:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-27 22:23:42 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-12-27 21:27:09 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes
    2010-12-27 21:27:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-27 21:26:58 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-27 21:26:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-27 21:26:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-27 05:30:13 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-12-27 05:30:13 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-12-27 05:25:55 -------- d-----w- c:\program files\Diablo II(1)
    2010-12-27 02:58:25 -------- d-----w- c:\program files\Diablo II
    2010-12-26 23:13:51 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-12-26 23:13:50 -------- d-----w- c:\program files\MagicDisc
    2010-12-26 22:54:19 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2010-12-26 22:54:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-12-26 22:45:19 -------- d-----w- c:\users\jonny\appdata\local\Diagnostics
    2010-12-26 22:31:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-12-26 22:31:18 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-12-26 22:31:18 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-12-26 22:14:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-26 22:13:47 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-12-26 22:13:03 -------- d-----w- c:\users\jonny\appdata\roaming\DAEMON Tools Lite
    2010-12-26 22:12:57 -------- d-----w- c:\progra~2\DAEMON Tools Lite
    2010-12-26 20:09:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-12-26 20:09:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-12-26 20:09:18 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-12-26 20:09:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-12-26 20:09:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-12-26 06:18:55 -------- d-----w- c:\users\jonny\appdata\local\Google
    2010-12-26 06:18:01 -------- d-----w- c:\windows\system32\Adobe
    2010-12-25 21:50:05 -------- d-----w- c:\users\jonny\appdata\local\DFX
    2010-12-25 21:48:57 -------- d-----w- c:\progra~2\DFX
    2010-12-25 21:48:53 -------- d-----w- c:\program files\common files\DFX
    2010-12-25 21:48:52 -------- d-----w- c:\program files\DFX
    2010-12-25 21:31:00 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2010-12-25 21:30:59 -------- d-----w- c:\program files\AC3Filter
    2010-12-25 19:51:59 -------- d-----w- c:\program files\Mediatwins software
    2010-12-25 18:26:55 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-12-25 18:26:52 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-12-25 18:26:51 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-12-25 18:26:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-12-25 18:26:38 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-12-25 18:26:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-12-25 18:26:26 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-12-25 18:26:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-12-25 18:26:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-25 18:26:11 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-12-25 18:26:09 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-12-25 18:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-12-25 18:23:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-12-25 18:23:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-12-25 18:22:46 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-25 08:12:13 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-12-25 08:11:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-25 08:10:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-12-25 08:09:33 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-12-25 08:08:56 -------- d-----w- c:\windows\PCHEALTH
    2010-12-25 08:08:31 74520 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DSETUP.dll
    2010-12-25 08:08:31 484632 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DXSETUP.exe
    2010-12-25 08:08:31 1670936 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\dsetup32.dll
    2010-12-25 08:07:47 141399376 ----a-w- c:\program files\common files\windows live\.cache\wlc816E.tmp
    2010-12-25 08:07:11 -------- d-----w- c:\program files\common files\Windows Live
    2010-12-25 08:06:37 -------- d-----w- c:\progra~2\OberonGameConsole
    2010-12-25 08:01:56 131368 ----a-w- c:\progra~2\FullRemove.exe
    2010-12-25 08:01:53 -------- d-----w- c:\program files\common files\Oberon Media
    2010-12-25 08:01:36 -------- d-----w- c:\program files\Game Pack
    2010-12-25 08:01:24 -------- d-----w- c:\users\jonny\appdata\local\Adobe
    2010-12-25 06:34:56 -------- d-----w- c:\program files\Conduit
    2010-12-25 06:34:53 -------- d-----w- c:\program files\ConduitEngine
    2010-12-25 06:34:49 -------- d-----w- c:\program files\uTorrentBar
    2010-12-25 06:34:46 -------- d-----w- C:\extensions
    2010-12-25 06:34:40 -------- d-----w- c:\program files\uTorrent
    2010-12-25 06:33:40 -------- d-----w- c:\users\jonny\appdata\roaming\uTorrent
    2010-12-25 06:27:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-25 06:27:19 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-25 06:27:14 -------- d-----w- c:\progra~2\Alwil Software
    2010-12-25 05:52:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eb540ec8-e19f-4bc6-ab88-a49006b5f5a5}\mpengine.dll
    2010-12-25 05:52:19 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-25 05:44:41 -------- d-----w- c:\users\jonny\appdata\roaming\Sling Media
    2010-12-25 05:44:41 -------- d-----w- c:\progra~2\Sling Media

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8531A555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x853207b0]; MOV EAX, [0x8532082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81C8C458] -> \Device\Harddisk0\DR0[0x852F4948]
    3 CLASSPNP[0x8680459E] -> ntkrnlpa!IofCallDriver[0x81C8C458] -> [0x854C8028]
    \Driver\iaStor[0x852F7DD0] -> IRP_MJ_CREATE -> 0x8531A555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&1ba53893&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 488397166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 17:06:30.69 ===============


    Here is my ARK log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-28 17:16:18
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 SAMSUNG_ rev.2AC1
    Running: e6xy3fvi.exe; Driver: C:\Users\Jonny\AppData\Local\Temp\kglyapoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 [866B3360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \FileSystem\Ntfs \Ntfs 848011F8

    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&1ba53893&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----




    Please help..
     
  2. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.
     
  3. JonnyJabs

    JonnyJabs Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    5
    definitely still need some help.. here is the current dds log

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jonny at 19:14:25.99 on Wed 12/29/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.378 [GMT -8:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Norton Internet Security Netbook Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security Netbook Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskeng.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Samsung\SFB\SmartRestarter.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\windows\system32\sppsvc.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Users\Jonny\Downloads\dds.scr
    C:\windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://samsung.msn.com
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\18td9kei.default\
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coFFPlgn

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1105000.07f\SymDS.sys [2010-8-21 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1105000.07f\SymEFA.sys [2010-8-21 172592]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-24 165584]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1105000.07f\cchpx86.sys [2010-8-21 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101228.001\IDSvix86.sys [2010-12-28 353912]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-21 10752]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1105000.07f\Ironx86.sys [2010-8-21 116272]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1105000.07f\symtdiv.sys [2010-8-21 340016]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-24 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-24 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.5.0.127\ccSvcHst.exe [2010-8-21 126392]
    R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-5-31 2057560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-27 102448]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-8-22 109056]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 136176]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-24 40384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

    =============== Created Last 30 ================

    2010-12-28 03:52:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-28 03:52:27 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-12-28 02:39:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-27 22:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-27 22:23:42 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-12-27 21:27:09 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes
    2010-12-27 21:27:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-27 21:26:58 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-27 21:26:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-27 21:26:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-27 05:30:13 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-12-27 05:30:13 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-12-27 05:25:55 -------- d-----w- c:\program files\Diablo II(1)
    2010-12-27 02:58:25 -------- d-----w- c:\program files\Diablo II
    2010-12-26 23:13:51 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-12-26 23:13:50 -------- d-----w- c:\program files\MagicDisc
    2010-12-26 22:54:19 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2010-12-26 22:54:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-12-26 22:45:19 -------- d-----w- c:\users\jonny\appdata\local\Diagnostics
    2010-12-26 22:31:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-12-26 22:31:18 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-12-26 22:31:18 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-12-26 22:14:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-26 22:13:03 -------- d-----w- c:\users\jonny\appdata\roaming\DAEMON Tools Lite
    2010-12-26 22:12:57 -------- d-----w- c:\progra~2\DAEMON Tools Lite
    2010-12-26 20:09:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-12-26 20:09:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-12-26 20:09:18 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-12-26 20:09:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-12-26 20:09:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-12-26 06:18:55 -------- d-----w- c:\users\jonny\appdata\local\Google
    2010-12-26 06:18:01 -------- d-----w- c:\windows\system32\Adobe
    2010-12-25 21:50:05 -------- d-----w- c:\users\jonny\appdata\local\DFX
    2010-12-25 21:48:57 -------- d-----w- c:\progra~2\DFX
    2010-12-25 21:48:53 -------- d-----w- c:\program files\common files\DFX
    2010-12-25 21:48:52 -------- d-----w- c:\program files\DFX
    2010-12-25 21:31:00 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2010-12-25 21:30:59 -------- d-----w- c:\program files\AC3Filter
    2010-12-25 19:51:59 -------- d-----w- c:\program files\Mediatwins software
    2010-12-25 18:26:55 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-12-25 18:26:52 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-12-25 18:26:51 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-12-25 18:26:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-12-25 18:26:38 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-12-25 18:26:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-12-25 18:26:26 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-12-25 18:26:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-12-25 18:26:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-25 18:26:11 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-12-25 18:26:09 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-12-25 18:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-12-25 18:23:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-12-25 18:23:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-12-25 18:22:46 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-25 08:12:13 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-12-25 08:11:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-25 08:10:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-12-25 08:09:33 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-12-25 08:08:56 -------- d-----w- c:\windows\PCHEALTH
    2010-12-25 08:08:31 74520 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DSETUP.dll
    2010-12-25 08:08:31 484632 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DXSETUP.exe
    2010-12-25 08:08:31 1670936 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\dsetup32.dll
    2010-12-25 08:07:47 141399376 ----a-w- c:\program files\common files\windows live\.cache\wlc816E.tmp
    2010-12-25 08:07:11 -------- d-----w- c:\program files\common files\Windows Live
    2010-12-25 08:06:37 -------- d-----w- c:\progra~2\OberonGameConsole
    2010-12-25 08:01:56 131368 ----a-w- c:\progra~2\FullRemove.exe
    2010-12-25 08:01:53 -------- d-----w- c:\program files\common files\Oberon Media
    2010-12-25 08:01:36 -------- d-----w- c:\program files\Game Pack
    2010-12-25 08:01:24 -------- d-----w- c:\users\jonny\appdata\local\Adobe
    2010-12-25 06:34:56 -------- d-----w- c:\program files\Conduit
    2010-12-25 06:34:53 -------- d-----w- c:\program files\ConduitEngine
    2010-12-25 06:34:49 -------- d-----w- c:\program files\uTorrentBar
    2010-12-25 06:34:46 -------- d-----w- C:\extensions
    2010-12-25 06:34:40 -------- d-----w- c:\program files\uTorrent
    2010-12-25 06:33:40 -------- d-----w- c:\users\jonny\appdata\roaming\uTorrent
    2010-12-25 06:27:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-25 06:27:19 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-25 06:27:14 -------- d-----w- c:\progra~2\Alwil Software
    2010-12-25 05:52:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eb540ec8-e19f-4bc6-ab88-a49006b5f5a5}\mpengine.dll
    2010-12-25 05:52:19 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-25 05:44:41 -------- d-----w- c:\users\jonny\appdata\roaming\Sling Media
    2010-12-25 05:44:41 -------- d-----w- c:\progra~2\Sling Media

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x852F8555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x852fe7b0]; MOV EAX, [0x852fe82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x81C8F458] -> \Device\Harddisk0\DR0[0x852D5AC8]
    3 CLASSPNP[0x86E7259E] -> ntkrnlpa!IofCallDriver[0x81C8F458] -> [0x854F4590]
    \Driver\iaStor[0x852DFB30] -> IRP_MJ_CREATE -> 0x852F8555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HM250HI_________________________2AC101C4#4&1ba53893&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 488397166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 19:16:51.07 ===============



    I cant attach the attach file and dont know if i should post it on the forum..
     
  4. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  5. JonnyJabs

    JonnyJabs Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    5
    well.. i keep trying to run combofix but when i run it it just freezes.. it almost completes and then frozen.. any ideas??
     
  6. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Please try to run it in safe mode if possible.
     
  7. JonnyJabs

    JonnyJabs Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    5
    i tried to run combofix in safe mode and when i do it it completes the scan but then the computer crashes and i get the blue screen.. i tried it multiple times with the same results..
     
  8. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Let's try other thing.

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
     
  9. JonnyJabs

    JonnyJabs Thread Starter

    Joined:
    Dec 28, 2010
    Messages:
    5
    ok.. here is the tdsskiller log..

    2011/01/01 18:31:23.0125 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/01 18:31:23.0125 ================================================================================
    2011/01/01 18:31:23.0125 SystemInfo:
    2011/01/01 18:31:23.0125
    2011/01/01 18:31:23.0125 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/01 18:31:23.0125 Product type: Workstation
    2011/01/01 18:31:23.0125 ComputerName: POOP-TOP
    2011/01/01 18:31:23.0140 UserName: Jonny
    2011/01/01 18:31:23.0140 Windows directory: C:\windows
    2011/01/01 18:31:23.0140 System windows directory: C:\windows
    2011/01/01 18:31:23.0140 Processor architecture: Intel x86
    2011/01/01 18:31:23.0140 Number of processors: 2
    2011/01/01 18:31:23.0140 Page size: 0x1000
    2011/01/01 18:31:23.0140 Boot type: Normal boot
    2011/01/01 18:31:23.0140 ================================================================================
    2011/01/01 18:31:23.0827 Initialize success
    2011/01/01 18:31:27.0696 ================================================================================
    2011/01/01 18:31:27.0696 Scan started
    2011/01/01 18:31:27.0696 Mode: Manual;
    2011/01/01 18:31:27.0696 ================================================================================
    2011/01/01 18:31:28.0195 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
    2011/01/01 18:31:28.0335 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
    2011/01/01 18:31:28.0429 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
    2011/01/01 18:31:28.0538 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    2011/01/01 18:31:28.0725 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    2011/01/01 18:31:28.0834 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    2011/01/01 18:31:28.0990 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
    2011/01/01 18:31:29.0053 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
    2011/01/01 18:31:29.0146 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    2011/01/01 18:31:29.0287 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
    2011/01/01 18:31:29.0396 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
    2011/01/01 18:31:29.0490 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
    2011/01/01 18:31:29.0583 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    2011/01/01 18:31:29.0708 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    2011/01/01 18:31:29.0802 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
    2011/01/01 18:31:29.0911 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    2011/01/01 18:31:30.0020 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
    2011/01/01 18:31:30.0145 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
    2011/01/01 18:31:30.0270 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    2011/01/01 18:31:30.0363 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    2011/01/01 18:31:30.0472 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\windows\system32\drivers\aswFsBlk.sys
    2011/01/01 18:31:30.0738 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\windows\system32\drivers\aswMonFlt.sys
    2011/01/01 18:31:30.0956 aswRdr (69823954bbd461a73d69774928c9737e) C:\windows\system32\drivers\aswRdr.sys
    2011/01/01 18:31:31.0190 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\windows\system32\drivers\aswSP.sys
    2011/01/01 18:31:31.0377 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\windows\system32\drivers\aswTdi.sys
    2011/01/01 18:31:31.0705 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    2011/01/01 18:31:31.0954 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
    2011/01/01 18:31:32.0454 athr (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
    2011/01/01 18:31:33.0998 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    2011/01/01 18:31:43.0171 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    2011/01/01 18:31:43.0701 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    2011/01/01 18:31:44.0419 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys
    2011/01/01 18:31:45.0199 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    2011/01/01 18:31:45.0714 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
    2011/01/01 18:31:46.0119 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/01 18:31:46.0618 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/01 18:31:47.0258 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    2011/01/01 18:31:47.0866 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    2011/01/01 18:31:48.0334 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    2011/01/01 18:31:48.0787 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    2011/01/01 18:31:49.0239 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
    2011/01/01 18:31:49.0801 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    2011/01/01 18:31:50.0425 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    2011/01/01 18:31:51.0158 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
    2011/01/01 18:31:51.0720 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
    2011/01/01 18:31:52.0437 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
    2011/01/01 18:31:53.0077 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    2011/01/01 18:31:53.0654 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
    2011/01/01 18:31:54.0278 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    2011/01/01 18:31:54.0793 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    2011/01/01 18:31:55.0432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    2011/01/01 18:31:55.0885 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
    2011/01/01 18:31:56.0119 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    2011/01/01 18:31:56.0384 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    2011/01/01 18:31:56.0681 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
    2011/01/01 18:31:56.0899 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    2011/01/01 18:31:57.0585 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
    2011/01/01 18:31:57.0773 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    2011/01/01 18:31:57.0960 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    2011/01/01 18:31:58.0272 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    2011/01/01 18:31:58.0584 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
    2011/01/01 18:31:59.0863 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    2011/01/01 18:32:00.0518 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    2011/01/01 18:32:01.0220 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    2011/01/01 18:32:01.0595 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2011/01/01 18:32:02.0031 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
    2011/01/01 18:32:02.0312 ETD (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys
    2011/01/01 18:32:02.0531 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    2011/01/01 18:32:02.0671 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    2011/01/01 18:32:02.0827 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    2011/01/01 18:32:02.0952 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    2011/01/01 18:32:03.0123 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    2011/01/01 18:32:03.0279 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    2011/01/01 18:32:03.0498 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    2011/01/01 18:32:03.0654 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    2011/01/01 18:32:03.0950 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\windows\system32\DRIVERS\fssfltr.sys
    2011/01/01 18:32:04.0434 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    2011/01/01 18:32:04.0980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
    2011/01/01 18:32:05.0167 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    2011/01/01 18:32:05.0791 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    2011/01/01 18:32:06.0025 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
    2011/01/01 18:32:06.0243 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
    2011/01/01 18:32:06.0337 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    2011/01/01 18:32:06.0462 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    2011/01/01 18:32:06.0587 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    2011/01/01 18:32:06.0914 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
    2011/01/01 18:32:07.0211 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
    2011/01/01 18:32:07.0819 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
    2011/01/01 18:32:07.0959 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
    2011/01/01 18:32:08.0084 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
    2011/01/01 18:32:08.0334 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    2011/01/01 18:32:08.0568 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
    2011/01/01 18:32:09.0192 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101229.002\IDSvix86.sys
    2011/01/01 18:32:10.0409 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
    2011/01/01 18:32:11.0235 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    2011/01/01 18:32:12.0078 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
    2011/01/01 18:32:12.0858 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
    2011/01/01 18:32:13.0045 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    2011/01/01 18:32:13.0248 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/01 18:32:13.0466 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/01 18:32:13.0560 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    2011/01/01 18:32:13.0763 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    2011/01/01 18:32:13.0997 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
    2011/01/01 18:32:14.0199 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
    2011/01/01 18:32:14.0574 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
    2011/01/01 18:32:14.0777 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
    2011/01/01 18:32:14.0917 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
    2011/01/01 18:32:15.0073 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
    2011/01/01 18:32:15.0416 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    2011/01/01 18:32:15.0619 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    2011/01/01 18:32:15.0806 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    2011/01/01 18:32:16.0149 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/01 18:32:16.0461 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/01 18:32:16.0742 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    2011/01/01 18:32:17.0163 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys
    2011/01/01 18:32:17.0397 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    2011/01/01 18:32:17.0725 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    2011/01/01 18:32:17.0990 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    2011/01/01 18:32:18.0287 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    2011/01/01 18:32:18.0505 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
    2011/01/01 18:32:18.0677 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    2011/01/01 18:32:18.0801 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
    2011/01/01 18:32:18.0895 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
    2011/01/01 18:32:19.0082 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    2011/01/01 18:32:19.0176 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
    2011/01/01 18:32:19.0379 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
    2011/01/01 18:32:19.0519 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/01 18:32:19.0675 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/01 18:32:19.0862 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
    2011/01/01 18:32:20.0127 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
    2011/01/01 18:32:20.0237 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    2011/01/01 18:32:20.0330 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    2011/01/01 18:32:20.0393 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
    2011/01/01 18:32:20.0533 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    2011/01/01 18:32:20.0595 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    2011/01/01 18:32:20.0689 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    2011/01/01 18:32:20.0767 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    2011/01/01 18:32:20.0892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
    2011/01/01 18:32:20.0954 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    2011/01/01 18:32:21.0032 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    2011/01/01 18:32:21.0126 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    2011/01/01 18:32:21.0422 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    2011/01/01 18:32:21.0812 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101230.036\NAVENG.SYS
    2011/01/01 18:32:22.0171 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20101230.036\NAVEX15.SYS
    2011/01/01 18:32:22.0764 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
    2011/01/01 18:32:23.0325 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    2011/01/01 18:32:23.0871 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    2011/01/01 18:32:24.0371 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
    2011/01/01 18:32:24.0495 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
    2011/01/01 18:32:24.0589 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
    2011/01/01 18:32:24.0698 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    2011/01/01 18:32:24.0839 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
    2011/01/01 18:32:24.0995 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    2011/01/01 18:32:25.0151 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    2011/01/01 18:32:25.0275 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    2011/01/01 18:32:25.0837 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
    2011/01/01 18:32:27.0085 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    2011/01/01 18:32:27.0834 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
    2011/01/01 18:32:28.0458 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
    2011/01/01 18:32:28.0785 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
    2011/01/01 18:32:28.0895 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
    2011/01/01 18:32:29.0113 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    2011/01/01 18:32:29.0207 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
    2011/01/01 18:32:29.0331 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    2011/01/01 18:32:29.0659 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
    2011/01/01 18:32:29.0815 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
    2011/01/01 18:32:30.0033 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    2011/01/01 18:32:30.0174 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    2011/01/01 18:32:30.0470 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    2011/01/01 18:32:31.0063 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    2011/01/01 18:32:31.0375 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    2011/01/01 18:32:31.0812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    2011/01/01 18:32:32.0264 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    2011/01/01 18:32:32.0997 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    2011/01/01 18:32:33.0185 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    2011/01/01 18:32:33.0278 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    2011/01/01 18:32:33.0403 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    2011/01/01 18:32:33.0528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    2011/01/01 18:32:33.0621 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    2011/01/01 18:32:33.0699 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    2011/01/01 18:32:33.0793 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
    2011/01/01 18:32:33.0871 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    2011/01/01 18:32:33.0949 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
    2011/01/01 18:32:34.0058 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    2011/01/01 18:32:34.0136 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    2011/01/01 18:32:34.0199 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
    2011/01/01 18:32:34.0308 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
    2011/01/01 18:32:34.0479 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    2011/01/01 18:32:34.0635 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    2011/01/01 18:32:34.0698 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
    2011/01/01 18:32:34.0791 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
    2011/01/01 18:32:34.0932 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
    2011/01/01 18:32:35.0041 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
    2011/01/01 18:32:35.0166 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
    2011/01/01 18:32:35.0353 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    2011/01/01 18:32:35.0493 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    2011/01/01 18:32:35.0587 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    2011/01/01 18:32:35.0665 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    2011/01/01 18:32:35.0821 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
    2011/01/01 18:32:35.0915 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/01 18:32:35.0977 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
    2011/01/01 18:32:36.0039 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    2011/01/01 18:32:36.0149 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
    2011/01/01 18:32:36.0242 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/01 18:32:36.0351 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    2011/01/01 18:32:36.0445 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    2011/01/01 18:32:36.0585 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    2011/01/01 18:32:36.0819 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
    2011/01/01 18:32:36.0819 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/01/01 18:32:36.0851 sptd - detected Locked file (1)
    2011/01/01 18:32:36.0975 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS
    2011/01/01 18:32:37.0085 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
    2011/01/01 18:32:37.0194 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
    2011/01/01 18:32:37.0303 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
    2011/01/01 18:32:37.0365 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
    2011/01/01 18:32:37.0490 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    2011/01/01 18:32:37.0615 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
    2011/01/01 18:32:37.0802 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
    2011/01/01 18:32:37.0927 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
    2011/01/01 18:32:38.0083 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
    2011/01/01 18:32:38.0208 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
    2011/01/01 18:32:38.0364 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
    2011/01/01 18:32:38.0582 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
    2011/01/01 18:32:38.0754 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
    2011/01/01 18:32:38.0847 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
    2011/01/01 18:32:38.0925 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
    2011/01/01 18:32:39.0003 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
    2011/01/01 18:32:39.0081 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
    2011/01/01 18:32:39.0144 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
    2011/01/01 18:32:39.0362 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
    2011/01/01 18:32:39.0503 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
    2011/01/01 18:32:39.0581 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    2011/01/01 18:32:39.0690 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
    2011/01/01 18:32:39.0830 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
    2011/01/01 18:32:39.0971 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
    2011/01/01 18:32:40.0033 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    2011/01/01 18:32:40.0158 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
    2011/01/01 18:32:40.0251 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
    2011/01/01 18:32:40.0329 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\DRIVERS\usbehci.sys
    2011/01/01 18:32:40.0423 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\DRIVERS\usbhub.sys
    2011/01/01 18:32:40.0532 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    2011/01/01 18:32:40.0610 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    2011/01/01 18:32:40.0673 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/01 18:32:40.0766 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
    2011/01/01 18:32:40.0875 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
    2011/01/01 18:32:41.0016 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
    2011/01/01 18:32:41.0109 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    2011/01/01 18:32:41.0187 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    2011/01/01 18:32:41.0297 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
    2011/01/01 18:32:41.0375 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
    2011/01/01 18:32:41.0453 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    2011/01/01 18:32:41.0531 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
    2011/01/01 18:32:41.0624 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
    2011/01/01 18:32:41.0733 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    2011/01/01 18:32:41.0843 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
    2011/01/01 18:32:41.0952 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    2011/01/01 18:32:42.0092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    2011/01/01 18:32:42.0170 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    2011/01/01 18:32:42.0295 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    2011/01/01 18:32:42.0373 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2011/01/01 18:32:42.0451 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
    2011/01/01 18:32:42.0591 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    2011/01/01 18:32:42.0685 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    2011/01/01 18:32:42.0903 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    2011/01/01 18:32:42.0981 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    2011/01/01 18:32:43.0262 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
    2011/01/01 18:32:43.0418 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    2011/01/01 18:32:43.0574 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
    2011/01/01 18:32:43.0621 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
    2011/01/01 18:32:43.0793 yukonw7 (49d10b542dacfbb0e2ebf3e59f83ef21) C:\windows\system32\DRIVERS\yk62x86.sys
    2011/01/01 18:32:43.0933 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/01 18:32:43.0933 ================================================================================
    2011/01/01 18:32:43.0949 Scan finished
    2011/01/01 18:32:43.0949 ================================================================================
    2011/01/01 18:32:43.0980 Detected object count: 2
    2011/01/01 18:32:57.0146 Locked file(sptd) - User select action: Skip
    2011/01/01 18:32:57.0209 \HardDisk0 - will be cured after reboot
    2011/01/01 18:32:57.0240 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/01 18:33:03.0885 Deinitialize success



    and an updated dds log in case you need it..


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jonny at 18:52:45.92 on Sat 01/01/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.414 [GMT -5:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security Netbook Edition *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\Samsung\SFB\SmartRestarter.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Jonny\Downloads\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://samsung.msn.com
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jonny\appdata\roaming\mozilla\firefox\profiles\18td9kei.default\
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coFFPlgn

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-12-30 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-12-30 173104]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-25 165584]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-12-30 501888]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20101229.002\IDSvix86.sys [2010-12-30 353912]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-8-21 10752]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-12-30 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-12-30 339504]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-25 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-25 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-25 40384]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-12-30 126392]
    R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-27 102448]
    R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-8-22 109056]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-7-8 322336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-26 136176]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-25 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-25 40384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-25 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

    =============== Created Last 30 ================

    2011-01-01 23:27:39 -------- d-----w- C:\tdsskiller
    2010-12-31 14:57:42 -------- d-----w- c:\users\jonny\appdata\local\CrashDumps
    2010-12-31 02:38:13 3999600 ----a-w- C:\ComboFix(2).exe
    2010-12-31 02:32:19 43696 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtspx.sys
    2010-12-31 02:32:19 339504 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys
    2010-12-31 02:32:19 328752 ----a-r- c:\windows\system32\drivers\nis\1108000.005\symds.sys
    2010-12-31 02:32:19 173104 ----a-w- c:\windows\system32\drivers\nis\1108000.005\symefa.sys
    2010-12-31 02:32:18 501888 ----a-w- c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys
    2010-12-31 02:32:18 325680 ----a-w- c:\windows\system32\drivers\nis\1108000.005\srtsp.sys
    2010-12-31 02:32:18 116784 ----a-w- c:\windows\system32\drivers\nis\1108000.005\ironx86.sys
    2010-12-31 02:31:21 -------- d-----w- c:\windows\system32\drivers\nis\1108000.005
    2010-12-30 03:37:25 -------- d-----w- c:\users\jonny\appdata\roaming\Tific
    2010-12-30 03:37:21 -------- d-----w- c:\users\jonny\appdata\local\Symantec
    2010-12-28 03:52:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-12-28 03:52:27 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-12-28 02:39:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-27 22:23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-27 22:23:42 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-12-27 21:27:09 -------- d-----w- c:\users\jonny\appdata\roaming\Malwarebytes
    2010-12-27 21:27:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-27 21:26:58 -------- d-----w- c:\progra~2\Malwarebytes
    2010-12-27 21:26:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-27 21:26:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-27 05:30:13 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-12-27 05:30:13 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-12-27 05:25:55 -------- d-----w- c:\program files\Diablo II(1)
    2010-12-27 02:58:25 -------- d-----w- c:\program files\Diablo II
    2010-12-26 23:13:51 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-12-26 23:13:50 -------- d-----w- c:\program files\MagicDisc
    2010-12-26 22:54:19 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2010-12-26 22:54:18 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-12-26 22:45:19 -------- d-----w- c:\users\jonny\appdata\local\Diagnostics
    2010-12-26 22:31:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-12-26 22:31:18 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-12-26 22:31:18 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-12-26 22:14:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-12-26 22:13:03 -------- d-----w- c:\users\jonny\appdata\roaming\DAEMON Tools Lite
    2010-12-26 22:12:57 -------- d-----w- c:\progra~2\DAEMON Tools Lite
    2010-12-26 20:09:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-12-26 20:09:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-12-26 20:09:18 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-12-26 20:09:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-12-26 20:09:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-12-26 06:18:55 -------- d-----w- c:\users\jonny\appdata\local\Google
    2010-12-26 06:18:01 -------- d-----w- c:\windows\system32\Adobe
    2010-12-25 21:50:05 -------- d-----w- c:\users\jonny\appdata\local\DFX
    2010-12-25 21:48:57 -------- d-----w- c:\progra~2\DFX
    2010-12-25 21:48:53 -------- d-----w- c:\program files\common files\DFX
    2010-12-25 21:48:52 -------- d-----w- c:\program files\DFX
    2010-12-25 21:31:00 497664 ----a-w- c:\windows\system32\ac3filter.acm
    2010-12-25 21:30:59 -------- d-----w- c:\program files\AC3Filter
    2010-12-25 19:51:59 -------- d-----w- c:\program files\Mediatwins software
    2010-12-25 18:26:55 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-12-25 18:26:52 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-12-25 18:26:51 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-12-25 18:26:49 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-12-25 18:26:38 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-12-25 18:26:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-12-25 18:26:26 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-12-25 18:26:26 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-12-25 18:26:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-25 18:26:11 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-12-25 18:26:09 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-12-25 18:26:09 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-12-25 18:23:55 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-12-25 18:23:23 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-12-25 18:22:46 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-25 08:12:13 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-12-25 08:11:14 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-12-25 08:10:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-12-25 08:09:33 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-12-25 08:08:56 -------- d-----w- c:\windows\PCHEALTH
    2010-12-25 08:08:31 74520 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DSETUP.dll
    2010-12-25 08:08:31 484632 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\DXSETUP.exe
    2010-12-25 08:08:31 1670936 ----a-w- c:\program files\common files\windows live\.cache\eb7371571cba40a\dsetup32.dll
    2010-12-25 08:07:47 141399376 ----a-w- c:\program files\common files\windows live\.cache\wlc816E.tmp
    2010-12-25 08:07:11 -------- d-----w- c:\program files\common files\Windows Live
    2010-12-25 08:06:37 -------- d-----w- c:\progra~2\OberonGameConsole
    2010-12-25 08:01:56 131368 ----a-w- c:\progra~2\FullRemove.exe
    2010-12-25 08:01:53 -------- d-----w- c:\program files\common files\Oberon Media
    2010-12-25 08:01:36 -------- d-----w- c:\program files\Game Pack
    2010-12-25 08:01:24 -------- d-----w- c:\users\jonny\appdata\local\Adobe
    2010-12-25 06:34:56 -------- d-----w- c:\program files\Conduit
    2010-12-25 06:34:53 -------- d-----w- c:\program files\ConduitEngine
    2010-12-25 06:34:49 -------- d-----w- c:\program files\uTorrentBar
    2010-12-25 06:34:46 -------- d-----w- C:\extensions
    2010-12-25 06:34:40 -------- d-----w- c:\program files\uTorrent
    2010-12-25 06:33:40 -------- d-----w- c:\users\jonny\appdata\roaming\uTorrent
    2010-12-25 06:27:34 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-25 06:27:19 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-25 06:27:14 -------- d-----w- c:\progra~2\Alwil Software
    2010-12-25 05:52:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{eb540ec8-e19f-4bc6-ab88-a49006b5f5a5}\mpengine.dll
    2010-12-25 05:52:19 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-25 05:44:41 -------- d-----w- c:\users\jonny\appdata\roaming\Sling Media
    2010-12-25 05:44:41 -------- d-----w- c:\progra~2\Sling Media

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-22 11:43:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    ============= FINISH: 18:55:33.14 ===============


    thanks.. and happy new year..
     
  10. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Please post attach.txt contents too.

    Happy New Year 2011.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971275

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice