Tech Support Forum banner
Status
Not open for further replies.

Search Engine Redirect, Blue Screen Crashes

2K views 11 replies 2 participants last post by  Ried 
#1 ·
Hi,

I just recently started having my searches redirected to odd sites using google or yahoo. It only redirects some searches and not others, there's no pattern. Also sometimes a new tab just automatically opens up in a new tab going to similar sites are the redirected searches. Also there's the odd times where a blue crash menu comes up and does a memory dump, then restarts the computer. I've ran every antivirus program I can think of including SuperAntispyware, Malwarebyte, Avast! Antispyware, SpyBot, Ad Adware and I still have the same problem! Please help!!

Oh and yes I do have access to a Windows Install Disc.


DDS (Ver_10-03-17.01) - NTFSx86
Run by BabieWho at 2:37:46.29 on 09/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.895.155 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BabieWho\Documents\Documents\Applications\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
mURLSearchHooks: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: mipony-plugin Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - c:\program files\mipony-plugin\tbmipo.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\users\babiewho\appdata\local\temp\E_S8FC2.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\babiewho\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-2 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-1-8 11264]

=============== Created Last 30 ================

2010-06-09 09:08:24 0 d-----w- C:\fixwareout
2010-06-09 08:56:20 0 d-----w- c:\program files\Trend Micro
2010-06-08 08:24:55 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 08:24:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 06:41:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 01:59:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-03 06:28:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-03 06:15:35 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-03 06:14:46 0 d-----w- c:\programdata\Lavasoft
2010-06-03 06:14:46 0 d-----w- c:\program files\Lavasoft
2010-06-02 23:08:27 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-02 23:06:23 0 d-----w- c:\programdata\Alwil Software
2010-06-02 07:48:55 0 d-----w- c:\users\babiewho\appdata\roaming\Malwarebytes
2010-06-02 07:48:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 07:48:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 07:48:21 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 07:32:48 0 d-----w- c:\users\babiewho\appdata\roaming\Little Noir Stories
2010-05-31 07:29:16 0 d-----w- c:\program files\Lisa's Fleet Flight
2010-05-30 08:02:12 0 d-----w- c:\users\babiewho\appdata\roaming\Mipony
2010-05-30 08:01:52 0 d-----w- c:\program files\mipony-plugin
2010-05-30 08:01:52 0 d-----w- c:\program files\Conduit
2010-05-28 07:17:26 0 d-----w- c:\users\babiewho\appdata\roaming\freshgames
2010-05-28 07:17:26 0 d-----w- c:\programdata\freshgames
2010-05-28 07:17:04 0 d-----w- C:\games
2010-05-26 05:12:01 0 d-----w- c:\users\babiewho\appdata\roaming\FFSJ
2010-05-25 21:55:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 08:54:26 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-21 08:54:26 77824 ----a-w- c:\windows\system32\xvid.ax
2010-05-21 08:54:26 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-21 08:54:26 0 d-----w- c:\program files\Xvid
2010-05-21 07:39:48 0 d-----w- c:\users\babiewho\Tracing
2010-05-21 06:57:17 0 d-----w- c:\program files\Microsoft
2010-05-21 06:56:53 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-21 05:50:41 0 d-----w- c:\program files\common files\Windows Live
2010-05-20 06:48:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-19 05:29:03 156655008 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 05:24:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 05:23:19 0 d-----w- c:\users\babiewho\appdata\roaming\Research In Motion
2010-05-19 05:22:13 26752 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-19 05:21:46 0 d-----w- c:\users\babiewho\appdata\roaming\Blackberry Desktop
2010-05-19 05:21:31 0 d-----w- c:\program files\common files\Research In Motion
2010-05-19 05:21:16 0 d-----w- c:\program files\Research In Motion
2010-05-19 02:34:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
2010-05-19 02:26:40 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-05-19 02:26:40 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-05-19 02:26:40 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-05-19 02:26:40 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-19 02:24:40 69632 ----a-r- c:\windows\system32\trcde.ax
2010-05-17 09:13:30 0 d-----w- c:\users\babiewho\appdata\roaming\GamesCafe
2010-05-17 09:11:24 0 d-----w- c:\program files\Sally's Studio Collector's Edition
2010-05-17 09:07:18 0 d-----w- c:\program files\Fix IT Up World Tour
2010-05-17 09:04:23 0 d-----w- c:\program files\common files\SWF Studio
2010-05-17 07:12:22 0 d-----w- c:\users\babiewho\appdata\roaming\SUPERAntiSpyware.com
2010-05-17 07:12:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-17 03:21:12 49786 ----a-w- c:\users\babiewho\appdata\roaming\nvModes.dat
2010-05-17 03:11:22 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-17 01:53:49 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-16 07:05:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-16 06:41:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-16 06:41:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-16 06:40:24 0 d-----w- c:\program files\iPod
2010-05-16 06:40:16 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-05-16 06:40:15 0 d-----w- c:\program files\iTunes
2010-05-16 06:38:35 0 d-----w- c:\program files\Bonjour
2010-05-16 06:37:21 0 d-----w- c:\programdata\Apple Computer
2010-05-16 06:35:00 0 d-----w- c:\programdata\Apple
2010-05-15 22:17:38 0 d-----w- c:\program files\BitTorrent
2010-05-15 22:13:21 0 d-----w- c:\users\babiewho\appdata\roaming\BitTorrent
2010-05-15 01:49:43 0 d-----w- c:\users\babiewho\appdata\roaming\LimeWire
2010-05-13 23:56:34 0 d-----w- c:\windows\system32\Wat
2010-05-12 22:54:04 0 d-----w- c:\program files\common files\Macrovision Shared
2010-05-12 22:53:19 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-12 06:33:06 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 07:33:06 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-10 23:17:49 0 d-----w- c:\programdata\EPSON
2010-05-10 23:08:05 76800 ----a-w- c:\windows\system32\E_FLBAEA.DLL
2010-05-10 23:08:03 62976 ----a-w- c:\windows\system32\E_FD4BAEA.DLL
2010-05-10 23:07:30 61952 ----a-w- c:\windows\system32\escwiad.dll
2010-05-10 10:04:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-05-10 10:02:57 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-10 10:02:56 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-10 10:02:56 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

==================== Find3M ====================

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 05:35:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 05:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:40:04.95 ===============
 

Attachments

See less See more
#2 ·
Hello BooCody,

If you still require assistance, please run a new scan with dds, post the fresh dds.txt , and we'll get started.
 
#3 ·
Hi Ried,

Here's the new DDS.txt that I ran today.

DDS (Ver_10-03-17.01) - NTFSx86
Run by BabieWho at 12:20:03.66 on 13/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.895.86 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\BabieWho\Documents\Documents\Applications\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\users\babiewho\appdata\local\temp\E_S8FC2.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\babiewho\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\users\babiewho\appdata\roaming\mozilla\firefox\profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-5 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-2 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-8 1153368]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-1-8 11264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-13 1343400]

=============== Created Last 30 ================

2010-06-11 03:06:01 173 ----a-w- c:\windows\system32\MRT.INI
2010-06-09 09:08:24 0 d-----w- C:\fixwareout
2010-06-09 08:56:20 0 d-----w- c:\program files\Trend Micro
2010-06-08 08:24:55 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 08:24:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 06:41:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 01:59:56 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-03 06:28:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-03 06:15:35 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-03 06:14:46 0 d-----w- c:\programdata\Lavasoft
2010-06-03 06:14:46 0 d-----w- c:\program files\Lavasoft
2010-06-02 23:08:27 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-02 23:06:23 0 d-----w- c:\programdata\Alwil Software
2010-06-02 07:48:55 0 d-----w- c:\users\babiewho\appdata\roaming\Malwarebytes
2010-06-02 07:48:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 07:48:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 07:48:21 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 07:32:48 0 d-----w- c:\users\babiewho\appdata\roaming\Little Noir Stories
2010-05-30 08:02:12 0 d-----w- c:\users\babiewho\appdata\roaming\Mipony
2010-05-30 08:01:52 0 d-----w- c:\program files\Conduit
2010-05-28 07:17:26 0 d-----w- c:\users\babiewho\appdata\roaming\freshgames
2010-05-28 07:17:26 0 d-----w- c:\programdata\freshgames
2010-05-28 07:17:04 0 d-----w- C:\games
2010-05-26 05:12:01 0 d-----w- c:\users\babiewho\appdata\roaming\FFSJ
2010-05-25 21:55:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 08:54:26 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-21 08:54:26 77824 ----a-w- c:\windows\system32\xvid.ax
2010-05-21 08:54:26 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-21 08:54:26 0 d-----w- c:\program files\Xvid
2010-05-21 07:39:48 0 d-----w- c:\users\babiewho\Tracing
2010-05-21 06:57:17 0 d-----w- c:\program files\Microsoft
2010-05-21 06:56:53 0 d-----w- c:\program files\Windows Live SkyDrive
2010-05-21 05:50:41 0 d-----w- c:\program files\common files\Windows Live
2010-05-20 06:48:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-19 05:29:03 137923296 ----a-w- c:\windows\MEMORY.DMP
2010-05-19 05:24:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 05:23:19 0 d-----w- c:\users\babiewho\appdata\roaming\Research In Motion
2010-05-19 05:22:13 26752 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-19 05:21:46 0 d-----w- c:\users\babiewho\appdata\roaming\Blackberry Desktop
2010-05-19 05:21:31 0 d-----w- c:\program files\common files\Research In Motion
2010-05-19 05:21:16 0 d-----w- c:\program files\Research In Motion
2010-05-19 02:34:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
2010-05-19 02:26:40 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-05-19 02:26:40 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-05-19 02:26:40 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-05-19 02:26:40 0 d-----w- c:\program files\common files\PX Storage Engine
2010-05-19 02:24:40 69632 ----a-r- c:\windows\system32\trcde.ax
2010-05-17 09:13:30 0 d-----w- c:\users\babiewho\appdata\roaming\GamesCafe
2010-05-17 09:11:24 0 d-----w- c:\program files\Sally's Studio Collector's Edition
2010-05-17 09:07:18 0 d-----w- c:\program files\Fix IT Up World Tour
2010-05-17 09:04:23 0 d-----w- c:\program files\common files\SWF Studio
2010-05-17 07:12:22 0 d-----w- c:\users\babiewho\appdata\roaming\SUPERAntiSpyware.com
2010-05-17 07:12:22 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-17 03:21:12 49762 ----a-w- c:\users\babiewho\appdata\roaming\nvModes.dat
2010-05-17 03:11:22 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-17 01:53:49 0 d-----w- c:\program files\SystemRequirementsLab
2010-05-16 07:05:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-16 06:41:38 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-16 06:41:38 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-16 06:40:24 0 d-----w- c:\program files\iPod
2010-05-16 06:40:16 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-05-16 06:40:15 0 d-----w- c:\program files\iTunes
2010-05-16 06:38:35 0 d-----w- c:\program files\Bonjour
2010-05-16 06:37:21 0 d-----w- c:\programdata\Apple Computer
2010-05-16 06:35:00 0 d-----w- c:\programdata\Apple
2010-05-15 22:17:38 0 d-----w- c:\program files\BitTorrent
2010-05-15 22:13:21 0 d-----w- c:\users\babiewho\appdata\roaming\BitTorrent
2010-05-15 01:49:43 0 d-----w- c:\users\babiewho\appdata\roaming\LimeWire

==================== Find3M ====================

2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 05:35:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 05:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:22:25.26 ===============
 
#4 · (Edited)
Thank you. :)

Download this file and extract TDSSKiller.exe to your Desktop.

  • Disable your onboard Anti Virus and Spybot's Tea Timer
  • Double click TDSSKiller.exe to run the tool.
  • You may be prompted to restart your machine. Type Y at the prompt

Once complete, a log will be produced at the root drive which is typically C:\.

For example, C:\TDSSKiller.2.3.0.0_24.05.2010_15.31.43_log.txt. Please post that log in your next reply.

==========================


After you've completed the above, download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with any registry changes that may need to take place.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 
#5 ·
Hi again,

Here's the log from the TDSSKiller. I will post the results from the combofix in the next reply. Thank you!

00:14:39:435 2600 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
00:14:39:435 2600 ================================================================================
00:14:39:435 2600 SystemInfo:

00:14:39:436 2600 OS Version: 6.1.7600 ServicePack: 0.0
00:14:39:436 2600 Product type: Workstation
00:14:39:436 2600 ComputerName: BABIEWHO-PC
00:14:39:437 2600 UserName: BabieWho
00:14:39:437 2600 Windows directory: C:\Windows
00:14:39:437 2600 Processor architecture: Intel x86
00:14:39:437 2600 Number of processors: 2
00:14:39:437 2600 Page size: 0x1000
00:14:39:440 2600 Boot type: Normal boot
00:14:39:440 2600 ================================================================================
00:14:40:904 2600 Initialize success
00:14:40:905 2600
00:14:40:906 2600 Scanning Services ...
00:14:43:009 2600 Raw services enum returned 469 services
00:14:43:044 2600
00:14:43:045 2600 Scanning Drivers ...
00:14:47:142 2600 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
00:14:47:185 2600 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
00:14:47:259 2600 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
00:14:47:345 2600 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:14:47:461 2600 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:14:47:516 2600 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:14:47:600 2600 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
00:14:47:697 2600 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
00:14:47:826 2600 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:14:47:914 2600 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
00:14:47:951 2600 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
00:14:48:005 2600 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
00:14:48:087 2600 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:14:48:170 2600 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:14:48:261 2600 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
00:14:48:354 2600 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:14:48:446 2600 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
00:14:48:525 2600 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
00:14:48:646 2600 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:14:48:756 2600 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:14:48:860 2600 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
00:14:48:907 2600 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
00:14:48:957 2600 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
00:14:49:026 2600 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
00:14:49:130 2600 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
00:14:49:252 2600 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:14:49:324 2600 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
00:14:49:387 2600 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:14:49:485 2600 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:14:49:637 2600 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:14:49:866 2600 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:14:49:914 2600 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:14:49:962 2600 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
00:14:50:026 2600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:14:50:111 2600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:14:50:189 2600 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:14:50:371 2600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:14:50:439 2600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:14:50:472 2600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:14:50:507 2600 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:14:50:592 2600 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:14:50:664 2600 cdrom (a308e5e728e84d9175e6b26f69e54f61) C:\Windows\system32\DRIVERS\cdrom.sys
00:14:50:667 2600 Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom.sys. Real md5: a308e5e728e84d9175e6b26f69e54f61, Fake md5: ba6e70aa0e6091bc39de29477d866a77
00:14:50:669 2600 File "C:\Windows\system32\DRIVERS\cdrom.sys" infected by TDSS rootkit ... 00:14:54:426 2600 Backup copy found, using it..
00:14:54:454 2600 will be cured on next reboot
00:14:54:685 2600 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:14:54:810 2600 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:14:54:857 2600 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:14:54:910 2600 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
00:14:54:975 2600 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
00:14:55:310 2600 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:14:55:364 2600 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:14:55:429 2600 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:14:55:552 2600 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
00:14:55:617 2600 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
00:14:55:679 2600 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:14:55:852 2600 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:14:55:946 2600 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:14:56:056 2600 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
00:14:56:345 2600 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:14:56:721 2600 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:14:56:810 2600 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
00:14:56:902 2600 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:14:56:974 2600 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:14:57:045 2600 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:14:57:106 2600 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:14:57:244 2600 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:14:57:322 2600 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:14:57:387 2600 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:14:57:430 2600 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:14:57:472 2600 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:14:57:544 2600 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
00:14:57:639 2600 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:14:57:744 2600 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:14:57:800 2600 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
00:14:57:864 2600 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:14:57:984 2600 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
00:14:58:046 2600 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:14:58:184 2600 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:14:58:276 2600 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:14:58:390 2600 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:14:58:456 2600 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
00:14:58:497 2600 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:14:58:567 2600 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
00:14:58:741 2600 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
00:14:58:854 2600 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
00:14:58:927 2600 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
00:14:59:054 2600 ICDUSB3 (4b9f5768f6da1fd247198d91a07328d9) C:\Windows\system32\Drivers\ICDUSB3.sys
00:14:59:144 2600 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:14:59:245 2600 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
00:14:59:384 2600 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:14:59:441 2600 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:14:59:605 2600 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:14:59:881 2600 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:14:59:915 2600 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:14:59:945 2600 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
00:15:00:091 2600 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
00:15:00:130 2600 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:15:00:176 2600 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
00:15:00:237 2600 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
00:15:00:262 2600 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
00:15:00:335 2600 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
00:15:00:411 2600 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
00:15:00:547 2600 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:15:00:661 2600 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:15:00:726 2600 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:15:00:764 2600 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:15:00:799 2600 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:15:00:856 2600 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:15:01:016 2600 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:15:01:144 2600 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:15:01:197 2600 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:15:01:235 2600 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:15:01:275 2600 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:15:01:309 2600 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:15:01:352 2600 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
00:15:01:499 2600 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
00:15:01:600 2600 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:15:01:685 2600 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
00:15:01:774 2600 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:15:01:851 2600 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:15:01:910 2600 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:15:02:004 2600 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
00:15:02:095 2600 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
00:15:02:141 2600 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:15:02:180 2600 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:15:02:207 2600 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
00:15:02:280 2600 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:15:02:330 2600 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:15:02:375 2600 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:15:02:470 2600 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:15:02:629 2600 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
00:15:02:676 2600 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:15:02:917 2600 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:15:03:479 2600 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:15:03:617 2600 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:15:03:902 2600 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
00:15:04:029 2600 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:15:04:119 2600 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:15:04:169 2600 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
00:15:04:326 2600 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
00:15:04:366 2600 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
00:15:04:409 2600 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:15:04:467 2600 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
00:15:04:554 2600 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:15:04:594 2600 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:15:04:641 2600 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:15:04:827 2600 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
00:15:04:965 2600 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:15:05:129 2600 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
00:15:05:381 2600 nvlddmkm (e70d10238e1c7463728d56920d1eb186) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:15:05:702 2600 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
00:15:05:756 2600 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
00:15:05:825 2600 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
00:15:05:971 2600 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
00:15:06:041 2600 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:15:06:176 2600 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
00:15:06:219 2600 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:15:06:254 2600 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
00:15:06:287 2600 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
00:15:06:362 2600 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:15:06:399 2600 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:15:06:454 2600 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:15:06:542 2600 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:15:06:667 2600 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:15:06:732 2600 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:15:06:849 2600 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
00:15:06:976 2600 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:15:07:305 2600 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:15:07:375 2600 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:15:07:404 2600 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:15:07:477 2600 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:15:07:502 2600 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:15:07:534 2600 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:15:07:564 2600 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:15:07:607 2600 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
00:15:07:887 2600 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:15:08:099 2600 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:15:08:341 2600 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
00:15:08:551 2600 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:15:08:737 2600 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:15:08:865 2600 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
00:15:09:276 2600 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
00:15:09:527 2600 RimUsb (c48ed71f500f07a01aa8ac274e144e93) C:\Windows\system32\Drivers\RimUsb.sys
00:15:09:870 2600 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\Windows\system32\DRIVERS\RimSerial.sys
00:15:10:005 2600 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:15:10:175 2600 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
00:15:10:269 2600 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:15:10:355 2600 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
00:15:10:442 2600 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:15:10:466 2600 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:15:10:627 2600 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
00:15:10:691 2600 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
00:15:10:794 2600 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
00:15:10:914 2600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:15:11:004 2600 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:15:11:055 2600 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:15:11:224 2600 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:15:11:286 2600 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
00:15:11:331 2600 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:15:11:365 2600 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:15:11:469 2600 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:15:11:521 2600 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
00:15:11:562 2600 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:15:11:680 2600 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:15:11:789 2600 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:15:12:025 2600 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:15:12:132 2600 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
00:15:12:337 2600 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
00:15:12:487 2600 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:15:12:595 2600 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:15:12:797 2600 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:15:12:974 2600 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
00:15:13:071 2600 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:15:13:181 2600 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:15:13:254 2600 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
00:15:13:322 2600 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
00:15:13:405 2600 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
00:15:13:539 2600 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
00:15:13:652 2600 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
00:15:13:751 2600 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
00:15:13:799 2600 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
00:15:13:845 2600 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
00:15:13:899 2600 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
00:15:13:997 2600 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:15:14:034 2600 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
00:15:14:089 2600 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:15:14:225 2600 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
00:15:14:301 2600 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:15:14:365 2600 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
00:15:14:469 2600 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:15:14:550 2600 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
00:15:14:670 2600 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
00:15:14:754 2600 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
00:15:14:837 2600 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
00:15:14:987 2600 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
00:15:15:037 2600 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
00:15:15:145 2600 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:15:15:232 2600 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:15:15:317 2600 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:15:15:435 2600 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
00:15:15:569 2600 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
00:15:15:619 2600 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:15:15:751 2600 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:15:15:817 2600 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:15:15:927 2600 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
00:15:16:056 2600 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
00:15:16:111 2600 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:15:16:144 2600 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
00:15:16:241 2600 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
00:15:16:370 2600 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:15:16:495 2600 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
00:15:16:636 2600 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:15:16:692 2600 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
00:15:16:751 2600 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:15:16:852 2600 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:15:16:950 2600 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:15:17:076 2600 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:15:17:144 2600 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:15:17:154 2600 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:15:17:210 2600 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:15:17:266 2600 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:15:17:452 2600 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:15:17:526 2600 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:15:17:616 2600 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
00:15:17:661 2600 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:15:17:709 2600 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:15:17:769 2600 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
00:15:17:925 2600 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:15:17:935 2600 Reboot required for cure complete..
00:15:18:441 2600 Cure on reboot scheduled successfully
00:15:18:441 2600
00:15:18:442 2600 Completed
00:15:18:444 2600
00:15:18:445 2600 Results:
00:15:18:446 2600 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:15:18:446 2600 File objects infected / cured / cured on reboot: 1 / 0 / 1
00:15:18:447 2600
00:15:18:455 2600 KLMD(ARK) unloaded successfully
 
#6 ·
Here's the Combofix report:

ComboFix 10-06-13.01 - BabieWho 14/06/2010 0:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.895.117 [GMT -7:00]
Running from: c:\users\BabieWho\Desktop\Virus\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-14 07:51 . 2010-06-14 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-14 01:15 . 2010-06-14 01:17 -------- d-----w- c:\users\BabieWho\AppData\Roaming\DVD Flick
2010-06-14 01:14 . 2003-01-26 20:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-06-12 03:25 . 2010-06-12 03:25 -------- d-----w- c:\windows\Sun
2010-06-09 09:08 . 2010-06-09 09:08 -------- d-----w- C:\fixwareout
2010-06-09 08:56 . 2010-06-09 08:56 -------- d-----w- c:\program files\Trend Micro
2010-06-08 08:24 . 2010-06-09 04:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-08 08:24 . 2010-06-09 02:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-06 06:41 . 2010-06-06 06:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-04 01:59 . 2010-06-03 06:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-03 06:28 . 2010-06-03 06:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-03 06:15 . 2010-06-03 06:15 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-03 06:15 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-03 06:14 . 2010-06-03 06:28 -------- d-----w- c:\programdata\Lavasoft
2010-06-03 06:14 . 2010-06-03 06:15 -------- d-----w- c:\program files\Lavasoft
2010-06-02 23:08 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-02 23:08 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-02 23:08 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-02 23:08 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-02 23:08 . 2010-05-06 20:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-02 23:06 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-02 23:06 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-02 23:06 . 2010-06-02 23:06 -------- d-----w- c:\programdata\Alwil Software
2010-06-02 23:06 . 2010-06-02 23:06 -------- d-----w- c:\program files\Alwil Software
2010-06-02 07:48 . 2010-06-02 07:48 -------- d-----w- c:\users\BabieWho\AppData\Roaming\Malwarebytes
2010-06-02 07:48 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 07:48 . 2010-06-02 07:48 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 07:48 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 00:43 . 2010-06-09 08:14 63488 ----a-w- c:\users\BabieWho\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-31 07:32 . 2010-05-31 07:32 -------- d-----w- c:\users\BabieWho\AppData\Roaming\Little Noir Stories
2010-05-30 08:02 . 2010-06-02 18:14 -------- d-----w- c:\users\BabieWho\AppData\Roaming\Mipony
2010-05-30 08:02 . 2010-01-20 19:16 52224 ----a-w- c:\users\BabieWho\AppData\Roaming\Mozilla\Firefox\Profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
2010-05-30 08:02 . 2010-01-20 19:16 101376 ----a-w- c:\users\BabieWho\AppData\Roaming\Mozilla\Firefox\Profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
2010-05-30 08:01 . 2010-05-30 08:01 -------- d-----w- c:\program files\Conduit
2010-05-28 07:17 . 2010-05-28 07:17 -------- d-----w- c:\users\BabieWho\AppData\Roaming\freshgames
2010-05-28 07:17 . 2010-05-28 07:17 -------- d-----w- c:\programdata\freshgames
2010-05-28 07:17 . 2010-05-31 07:32 -------- d-----w- C:\games
2010-05-26 05:12 . 2010-05-26 05:12 -------- d-----w- c:\users\BabieWho\AppData\Roaming\FFSJ
2010-05-25 21:55 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-23 18:49 . 2010-05-23 18:49 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-21 08:54 . 2010-05-21 08:54 -------- d-----w- c:\program files\Xvid
2010-05-21 08:54 . 2009-06-07 23:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-05-21 08:54 . 2009-06-07 23:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-05-21 07:39 . 2010-06-09 08:15 -------- d-----w- c:\users\BabieWho\Tracing
2010-05-21 06:57 . 2010-05-21 06:57 -------- d-----w- c:\program files\Microsoft
2010-05-21 06:56 . 2010-05-21 06:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-21 06:56 . 2010-05-21 06:57 -------- d-----w- c:\program files\Windows Live
2010-05-21 05:50 . 2010-05-21 05:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-20 06:48 . 2010-05-20 06:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-19 05:23 . 2010-05-19 05:23 -------- d-----w- c:\users\BabieWho\AppData\Roaming\Research In Motion
2010-05-19 05:22 . 2006-06-30 23:10 26752 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-19 05:21 . 2010-05-19 05:21 -------- d-----w- c:\users\BabieWho\AppData\Roaming\Blackberry Desktop
2010-05-19 05:21 . 2010-05-19 05:21 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-19 05:21 . 2010-05-19 05:21 -------- d-----w- c:\program files\Research In Motion
2010-05-19 02:26 . 2010-05-19 02:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-19 02:26 . 2009-05-20 10:00 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-05-19 02:26 . 2009-05-15 10:00 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-05-19 02:26 . 2009-05-15 10:00 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-05-17 09:13 . 2010-05-17 09:13 -------- d-----w- c:\users\BabieWho\AppData\Roaming\GamesCafe
2010-05-17 09:11 . 2010-05-17 09:11 -------- d-----w- c:\program files\Sally's Studio Collector's Edition
2010-05-17 09:07 . 2010-05-17 09:08 -------- d-----w- c:\program files\Fix IT Up World Tour
2010-05-17 09:04 . 2010-05-17 09:04 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-05-17 07:12 . 2010-05-17 07:12 52224 ----a-w- c:\users\BabieWho\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 07:12 . 2010-06-09 08:14 117760 ----a-w- c:\users\BabieWho\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 07:12 . 2010-05-17 07:12 -------- d-----w- c:\users\BabieWho\AppData\Roaming\SUPERAntiSpyware.com
2010-05-17 07:12 . 2010-05-17 07:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-17 03:11 . 2007-01-13 17:29 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-17 03:07 . 2010-05-17 03:07 290816 ----a-w- c:\users\BabieWho\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-17 03:07 . 2010-05-17 03:07 290816 ----a-w- c:\users\BabieWho\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-17 03:07 . 2010-05-17 03:07 290816 ----a-w- c:\users\BabieWho\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-17 03:07 . 2010-05-17 03:07 290816 ----a-w- c:\users\BabieWho\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-17 01:53 . 2010-05-17 03:08 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-17 01:53 . 2010-05-17 03:08 -------- d-----w- c:\users\BabieWho\AppData\Roaming\SystemRequirementsLab
2010-05-17 01:53 . 2010-05-17 01:53 84480 ----a-w- c:\users\BabieWho\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-05-16 06:42 . 2010-05-16 07:15 -------- d-----w- c:\users\BabieWho\AppData\Local\Apple Computer
2010-05-16 06:42 . 2010-05-16 07:36 -------- d-----w- c:\users\BabieWho\AppData\Roaming\Apple Computer
2010-05-16 06:41 . 2010-06-06 06:41 -------- dc----w- c:\windows\system32\DRVSTORE
2010-05-16 06:41 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-16 06:41 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-16 06:40 . 2010-05-16 06:40 -------- d-----w- c:\program files\iPod
2010-05-16 06:40 . 2010-05-16 06:41 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-05-16 06:40 . 2010-05-16 06:41 -------- d-----w- c:\program files\iTunes
2010-05-16 06:38 . 2010-05-16 06:38 -------- d-----w- c:\program files\Bonjour
2010-05-16 06:37 . 2010-05-16 06:38 -------- d-----w- c:\program files\QuickTime
2010-05-16 06:37 . 2010-05-16 06:40 -------- d-----w- c:\programdata\Apple Computer
2010-05-16 06:36 . 2010-05-16 06:36 -------- d-----w- c:\users\BabieWho\AppData\Local\Apple
2010-05-16 06:36 . 2010-05-16 06:36 -------- d-----w- c:\program files\Apple Software Update
2010-05-16 06:35 . 2010-05-16 07:05 -------- d-----w- c:\programdata\Apple
2010-05-16 06:35 . 2010-05-16 06:40 -------- d-----w- c:\program files\Common Files\Apple
2010-05-15 22:17 . 2010-05-15 22:17 -------- d-----w- c:\program files\BitTorrent
2010-05-15 22:13 . 2010-06-11 02:58 -------- d-----w- c:\users\BabieWho\AppData\Roaming\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 07:18 . 2010-05-15 01:49 -------- d-----w- c:\users\BabieWho\AppData\Roaming\LimeWire
2010-06-14 07:17 . 2009-07-13 23:11 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-14 01:15 . 2010-03-04 21:59 -------- d-----w- c:\program files\Audacity
2010-06-14 01:15 . 2009-12-29 06:01 -------- d-----w- c:\program files\DVD Flick
2010-06-10 07:23 . 2010-05-17 03:21 49762 ----a-w- c:\users\BabieWho\AppData\Roaming\nvModes.dat
2010-06-08 08:04 . 2010-05-15 07:25 -------- d-----w- c:\users\BabieWho\AppData\Roaming\vlc
2010-06-02 07:48 . 2010-03-08 07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 22:56 . 2010-05-08 06:58 -------- d-----w- c:\programdata\Microsoft Help
2010-05-23 19:32 . 2010-05-08 05:18 110384 ----a-w- c:\users\BabieWho\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-23 19:06 . 2010-05-08 07:05 -------- d-----w- c:\program files\Microsoft Works
2010-05-20 06:51 . 2010-03-08 01:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-19 05:24 . 2010-05-19 05:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 05:18 . 2010-05-08 06:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-19 02:34 . 2010-05-19 02:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ICDUSB3_01007.Wdf
2010-05-19 02:25 . 2010-01-08 07:19 -------- d-----w- c:\program files\Sony
2010-05-19 02:24 . 2010-05-08 06:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 07:05 . 2010-05-16 07:05 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-05-15 01:49 . 2010-05-15 01:49 8192 ----a-w- c:\users\BabieWho\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-05-15 01:49 . 2010-05-15 01:49 20480 ----a-w- c:\users\BabieWho\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-05-12 22:54 . 2010-05-08 06:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-12 22:54 . 2010-05-12 22:54 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-12 18:21 . 2010-05-08 05:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 10:01 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-10 23:17 . 2010-05-10 23:17 -------- d-----w- c:\users\BabieWho\AppData\Roaming\InstallShield
2010-05-10 23:17 . 2010-05-10 23:17 -------- d-----w- c:\programdata\EPSON
2010-05-10 05:48 . 2010-05-10 05:48 -------- d-----w- c:\users\BabieWho\AppData\Roaming\ViquaSoft
2010-05-10 05:47 . 2010-05-10 05:47 -------- d-----w- c:\program files\Shop-n-Spree
2010-05-10 05:09 . 2010-05-10 05:09 -------- d-----w- c:\programdata\XLab
2010-05-08 07:26 . 2010-05-08 07:26 -------- d-----w- c:\program files\VideoLAN
2010-05-08 07:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-05-08 07:01 . 2010-05-08 07:01 -------- d-----w- c:\program files\Microsoft.NET
2010-05-08 06:59 . 2010-05-08 06:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-08 06:50 . 2010-05-08 06:50 -------- d-----w- c:\programdata\Macrovision
2010-05-08 06:50 . 2010-05-08 06:50 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-05-08 06:11 . 2010-05-08 06:11 -------- d-----w- c:\users\BabieWho\AppData\Roaming\VitySoft
2010-05-08 05:36 . 2010-05-08 05:36 -------- d-----w- c:\program files\Common Files\Java
2010-05-08 05:35 . 2010-05-08 05:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-08 05:35 . 2010-05-08 05:35 -------- d-----w- c:\program files\Java
2010-04-17 05:12 . 2010-04-17 05:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-07 2017280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\BabieWho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-7 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-06 1352320]
R3 Dxgsvcemo;Dxgsvcemo; [x]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [2008-08-18 11264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-06 64288]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-07 68168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 06:33]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\BabieWho\AppData\Roaming\Mozilla\Firefox\Profiles\n284r250.default\
FF - component: c:\users\BabieWho\AppData\Roaming\Mozilla\Firefox\Profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\FFExternalAlert.dll
FF - component: c:\users\BabieWho\AppData\Roaming\Mozilla\Firefox\Profiles\n284r250.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3056)
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Completion time: 2010-06-14 00:58:28
ComboFix-quarantined-files.txt 2010-06-14 07:58

Pre-Run: 31,819,563,008 bytes free
Post-Run: 32,155,455,488 bytes free

- - End Of File - - B1563A3BB010D83074D862F7B76E6E40
 
#7 ·
Looking real good. :sayyes:

What we need to do now is run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
 
#8 ·
Sorry it took so long, the scan took a lot of time to complete but finally, here's the report :)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, June 16, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, June 16, 2010 01:32:21
Records in database: 4284387
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 125725
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 08:02:27


File name / Threat / Threats count
C:\Users\BabieWho\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\238ef117-4b641bfd Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.
 
#9 · (Edited)
Simple enough to take care of. All you need to do is clear the Sun Java cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked

    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
===============================

After completing the above, your logs are clean. If there aren't any more problems, we have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
    • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

  • WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.


  • Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles


**Kindly respond one more time and let me know if we may consider this thread resolved.
 
#11 ·
Oh and yes I believe the problem has been resolved. I've been searching stuff on google and it hasn't been redirected yet. As for the blue screen crash, that didn't happen all the time so I can't really say that it's gone but I assume it is if the redirecting is gone?
 
#12 · (Edited)
Your hard disk controller had been hijacked. How did it happen...? The most common source is P2P file sharing, (and I do see LimeWire on your system), visiting crack sites or other dubious sites, or a legit site with weak security which allowed the malicious code to be parked on their website without their knowledge.

Given that the hard disk controller had been hijacked, it's highly likely that was the cause of the blue screen. Without the actual Stop Error code of that bsod, I cannot say for certain. :)

Regarding LimeWire, please do take the time to read our sticky topic mentioned in our pre-posting topic Perils of P2P File Sharing.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top