Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected after search.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirected after search.

Unread postby AhF » October 28th, 2010, 12:59 am

Im always being redirected to other sites and this has been a major hindrance for quite a while. Have used AVG and Super anti virus but nothing solved. Help would be greatly appreciated.

Edit : I realise that i cant use youtube and installation of adobe flash player cannot work too

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:26 PM, on 10/28/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\mobsync.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uobkayhian.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Google Update] "C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4017631574-1566193767-2575401280-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 7754 bytes
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am
Advertisement
Register to Remove

Re: Redirected after search.

Unread postby Cypher » October 31st, 2010, 8:00 am

Hi and welcome to Malware Removal Forum, sorry for the delay in answering your request for help the forum is really busy.
My name is Cypher, and I will be helping you with your malware problems.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup Made Easy - XP
How to backup your data - Vista



Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.



Please post an Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

Next.

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Logs/Information to Post in your Next Reply

  • Uninstall list.
  • MGADiag log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after search.

Unread postby AhF » October 31st, 2010, 10:53 am

Uninstall List :
AAA Logo Business Edition 3.10
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
ATI Catalyst Install Manager
ATI Catalyst Registration
AVG 2011
AVG 2011
AVG 2011
AVG PC Tuneup 2011
Battlefield: Bad Company™ 2
Catalyst Control Center - Branding
Cookie Domination .
DarksidersInstaller
Dead Rising 2
Dead Rising 2
Full Tilt Poker
Garena
Google Update Helper
HijackThis 2.0.2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn (Remove Only)
Java(TM) 6 Update 21
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
OpenOffice.org 3.2
PostgreSQL 8.4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SUPERAntiSpyware
TeamViewer 5
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Vista Codec Package
VLC media player 1.1.4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Youda Survivor BFG 1.00
Youda Sushi Chef
YouTube Downloader 2.6

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-YQQTB-FWK9V-932CC
Windows Product Key Hash: L1zPFFvNQ04Nunm9BorPaqFl4jI=
Windows Product ID: 89580-OEM-7332132-00031
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010100.1.0.001
ID: {6CEC11DC-7DD2-4F75-A58D-F18668CA26C1}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Ultimate
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): 00000000-80000003
Version: 6.0.6001.18152

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Enterprise 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6CEC11DC-7DD2-4F75-A58D-F18668CA26C1}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-932CC</PKey><PID>89580-OEM-7332132-00031</PID><PIDType>2</PIDType><SID>S-1-5-21-4017631574-1566193767-2575401280</SID><SYSTEM><Manufacturer>Unknow</Manufacturer><Model>Unknow</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20080310000000.000000+000</Date></BIOS><HWID>48333507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>_ASUS_</OEMID><OEMTableID>Notebook</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>6001FE321461D86</Val><Hash>V5TW2Ub8XnMjAK7itkFxTtYbjXw=</Hash><Pid>89388-707-6621776-65828</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, Ultimate edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: 5e802570-4657-4e84-bfbc-6a0e531b84af
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89580-00146-321-300031-02-1033-6001.0000-2362010
Installation ID: 012015006411795692294820426391431876099583813375583313
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 932CC
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: OgAAAAIABAABAAEAAgACAAAAAgABAAEAeqiyrB6ag2yiU+IXmGAGmExsgpiN7/L0mohaer69rFbI9A==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC Nvidia NVDAACPI
FACP Nvidia NVDAACPI
HPET Nvidia NVDAACPI
MCFG Nvidia NVDAACPI
SSDT PTLTD POWERNOW
SLIC _ASUS_ Notebook

For the performance of my computer, currently i realised that most of the links in my add/remove programs didnt work, giving a this program has not been installed properly. And unless my browser is bookmarked, and I click on the bookmark button, else it will be redirected. Have this post on my bookmark. Not much difference in system speed, and a web design program, xsitepro had some problems after getting the virus. Nothing much I realized. Thanks for the reply! =)
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby Cypher » October 31st, 2010, 11:52 am

Hi AhF.

The Microsoft Office Enterprise 2007 on your computer is a non-genuine copy. It was installed with an Invalid Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, that is more installations of XP using that key than authorized.
A VL Product Key is non-transferable to individuals.

Please read Illegal copies of software and Forum Rules.
Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. Have a read Here to see if you qualify for Genuince Office Offer.


Do you use this PC for business? let me know in your next reply.


Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following
Microsoft Office Enterprise 2007

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


Logs/Information to Post in your Next Reply

  • Is your PC used for business?
  • Malwarebytes log.
  • RSIT log.txt and info.txt contents.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after search.

Unread postby AhF » October 31st, 2010, 3:01 pm

My pc is for personal use but I'm kinda shocked that it isn't a valid version. Even paid money for it and the shop is no longer there. Will try to find a solution? Any suggestions? And the logs requested are below.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5008

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11/1/2010 2:32:46 AM
mbam-log-2010-11-01 (02-32-46).txt

Scan type: Quick scan
Objects scanned: 148001
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{14go4h58-v44n-a02n-y866-d28dq5y3k145} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Joshua\AppData\Roaming\wscntfy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Joshua at 2010-11-01 03:03:36
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 64 GB (36%) free of 177 GB
Total RAM: 3070 MB (66% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017631574-1566193767-2575401280-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017631574-1566193767-2575401280-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Google Update"=C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 136176]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7YTWeSeMfD]
C:\Users\Joshua\AppData\Roaming\wscntfy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internetexplorer]
C:\Program Files\Flash\FlashUpdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOO9RV9K4Z]
C:\Users\Joshua\AppData\Local\Temp\Flx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Metropolis]
C:\Windows\system32\sshnas21.dll,GetHandle []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
C:\Users\Joshua\AppData\Roaming\Microsoft\svchost.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-11-01 03:03:36 ----D---- C:\rsit
2010-11-01 02:22:47 ----D---- C:\Users\Joshua\AppData\Roaming\Malwarebytes
2010-11-01 02:22:20 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-01 02:22:19 ----D---- C:\ProgramData\Malwarebytes
2010-11-01 02:22:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-01 02:22:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-31 22:50:40 ----D---- C:\MGADiagToolOutput
2010-10-31 22:43:06 ----D---- C:\ProgramData\Office Genuine Advantage
2010-10-31 03:43:24 ----D---- C:\Program Files\Capcom
2010-10-30 04:16:27 ----D---- C:\Windows\system32\Macromed
2010-10-28 04:27:11 ----D---- C:\ProgramData\NOS
2010-10-28 04:27:11 ----D---- C:\Program Files\NOS
2010-10-28 01:11:01 ----D---- C:\Users\Joshua\AppData\Roaming\SUPERAntiSpyware.com
2010-10-28 01:11:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-28 01:10:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-27 13:15:52 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 13:15:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-25 11:49:08 ----D---- C:\Program Files\Trend Micro
2010-10-25 11:29:28 ----D---- C:\Users\Joshua\AppData\Roaming\AVG
2010-10-24 23:47:08 ----D---- C:\Program Files\Garena
2010-10-24 01:00:48 ----D---- C:\ProgramData\MumboJumbo
2010-10-24 01:00:31 ----D---- C:\ProgramData\Rare Treasures - Dinnerware Trading Company
2010-10-23 16:41:15 ----D---- C:\Windows\Sun
2010-10-21 21:17:38 ----HD---- C:\$AVG
2010-10-21 20:22:51 ----D---- C:\Users\Joshua\AppData\Roaming\AVG10
2010-10-21 20:21:59 ----HD---- C:\ProgramData\Common Files
2010-10-21 20:19:02 ----D---- C:\Windows\system32\drivers\AVG
2010-10-21 20:19:02 ----D---- C:\ProgramData\AVG10
2010-10-21 20:15:55 ----D---- C:\Program Files\AVG
2010-10-21 20:14:10 ----D---- C:\ProgramData\MFAData
2010-10-21 19:44:03 ----D---- C:\Program Files\Electronic Arts
2010-10-21 12:53:15 ----D---- C:\Windows\Youda Sushi Chef
2010-10-21 12:53:15 ----D---- C:\Program Files\Youda Sushi Chef
2010-10-21 12:53:09 ----A---- C:\Windows\Youda Sushi Chef Setup Log.txt
2010-10-21 12:11:46 ----A---- C:\Users\Joshua\AppData\Roaming\Joshua3SQLite3.dll
2010-10-21 12:02:21 ----D---- C:\Program Files\Games
2010-10-21 03:44:15 ----D---- C:\Windows\Minidump
2010-10-20 15:53:37 ----D---- C:\Users\Joshua\AppData\Roaming\UClick
2010-10-20 15:53:37 ----D---- C:\ProgramData\UClick
2010-10-20 13:07:35 ----D---- C:\Users\Joshua\AppData\Roaming\YoudaGames
2010-10-18 14:41:50 ----D---- C:\Program Files\Patrician III
2010-10-17 21:16:10 ----D---- C:\Users\Joshua\AppData\Roaming\ImgBurn
2010-10-17 21:04:47 ----D---- C:\Program Files\ImgBurn
2010-10-15 03:01:27 ----A---- C:\Windows\system32\msshsq.dll
2010-10-14 03:58:23 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 03:58:19 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 03:58:12 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 03:58:12 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 03:58:08 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 03:58:06 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 03:58:00 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 03:58:00 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 03:57:59 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 03:57:57 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 03:57:57 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 03:57:55 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 03:57:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 03:57:51 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\ieapfltr.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\ieaksie.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\occache.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\ieencode.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-11 11:27:04 ----D---- C:\Program Files\Common Files\Adobe
2010-10-11 11:27:04 ----D---- C:\Program Files\Adobe
2010-10-11 02:06:49 ----D---- C:\Program Files\Darksiders
2010-10-11 02:02:24 ----D---- C:\Program Files\THQ
2010-10-10 17:04:46 ----D---- C:\Program Files\Team17
2010-10-07 18:45:20 ----A---- C:\Windows\HMHud.INI
2010-10-07 13:54:22 ----D---- C:\Users\Joshua\AppData\Roaming\HEM Data
2010-10-07 13:02:17 ----A---- C:\Program Files\hminstalllog.txt
2010-10-07 12:58:26 ----D---- C:\Program Files\PostgreSQL
2010-10-07 12:56:55 ----D---- C:\Program Files\PSQLINSTALL
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-10-05 14:05:13 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-10-05 14:05:00 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-10-05 14:05:00 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-10-05 14:04:56 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-10-05 14:04:56 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-10-05 14:04:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-10-05 14:04:54 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xinput1_3.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xinput1_2.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xinput1_1.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx10.dll
2010-10-05 14:04:49 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-10-05 14:04:42 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-10-05 13:57:39 ----D---- C:\Program Files\PokerStars
2010-10-05 13:54:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-10-05 13:27:39 ----D---- C:\ProgramData\XHEO INC
2010-10-05 13:25:01 ----D---- C:\Program Files\RVG Software
2010-10-04 03:07:38 ----D---- C:\Users\Joshua\AppData\Roaming\Gogii
2010-10-04 03:05:10 ----AD---- C:\ProgramData\TEMP
2010-10-04 02:41:30 ----D---- C:\ProgramData\Trymedia
2010-10-04 02:40:48 ----D---- C:\Program Files\Google
2010-10-03 20:35:05 ----D---- C:\Windows\system32\EventProviders
2010-10-03 19:50:41 ----D---- C:\Users\Joshua\AppData\Roaming\ATI
2010-10-03 19:50:41 ----D---- C:\ProgramData\ATI
2010-10-03 19:43:18 ----D---- C:\Program Files\ATI Technologies
2010-10-03 19:43:15 ----D---- C:\Program Files\ATI
2010-10-03 19:23:41 ----D---- C:\Windows\system32\directx
2010-10-03 19:13:01 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-10-03 19:12:48 ----D---- C:\Program Files\DAEMON Tools Lite
2010-10-03 19:12:31 ----D---- C:\Users\Joshua\AppData\Roaming\DAEMON Tools Lite
2010-10-03 19:12:29 ----D---- C:\ProgramData\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-11-01 03:03:41 ----D---- C:\Windows\Temp
2010-11-01 03:03:37 ----D---- C:\Windows\Prefetch
2010-11-01 03:02:08 ----D---- C:\Windows\System32
2010-11-01 03:01:17 ----D---- C:\Windows\system32\drivers
2010-11-01 02:58:49 ----D---- C:\Windows\nap
2010-11-01 02:22:25 ----RD---- C:\Program Files
2010-11-01 02:22:19 ----HD---- C:\ProgramData
2010-11-01 01:36:47 ----SHD---- C:\System Volume Information
2010-10-31 22:11:31 ----D---- C:\Windows\Logs
2010-10-31 20:07:43 ----D---- C:\Windows\system32\Tasks
2010-10-31 20:04:26 ----SHD---- C:\Windows\Installer
2010-10-31 02:55:37 ----D---- C:\Users\Joshua\AppData\Roaming\tixati
2010-10-31 02:45:11 ----SD---- C:\ProgramData\Microsoft
2010-10-30 04:16:29 ----SD---- C:\Windows\Downloaded Program Files
2010-10-30 02:23:53 ----D---- C:\Windows\inf
2010-10-30 02:23:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-29 11:44:27 ----D---- C:\Windows
2010-10-29 02:58:09 ----D---- C:\Program Files\Common Files
2010-10-28 04:28:45 ----D---- C:\Windows\AppPatch
2010-10-28 03:01:13 ----D---- C:\Windows\winsxs
2010-10-27 13:14:25 ----D---- C:\Windows\system32\catroot
2010-10-27 13:14:24 ----D---- C:\Windows\system32\catroot2
2010-10-25 11:29:29 ----D---- C:\Windows\Tasks
2010-10-24 22:24:29 ----D---- C:\Windows\Debug
2010-10-21 21:01:17 ----D---- C:\Windows\system32\NDF
2010-10-21 20:27:10 ----SD---- C:\Users\Joshua\AppData\Roaming\Microsoft
2010-10-21 19:43:34 ----RSD---- C:\Windows\assembly
2010-10-21 19:23:04 ----D---- C:\Windows\system32\WDI
2010-10-17 21:17:36 ----D---- C:\Program Files\Full Tilt Poker
2010-10-17 21:13:45 ----D---- C:\Users\Joshua\AppData\Roaming\vlc
2010-10-15 03:39:02 ----D---- C:\Windows\rescache
2010-10-15 03:21:44 ----D---- C:\Windows\system32\en-US
2010-10-15 03:21:44 ----D---- C:\Program Files\Windows Media Player
2010-10-15 03:21:43 ----D---- C:\Program Files\Internet Explorer
2010-10-15 03:05:09 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 03:01:44 ----A---- C:\Windows\system32\mrt.exe
2010-10-13 00:24:08 ----D---- C:\Program Files\InstallShield Installation Information
2010-10-11 11:27:08 ----D---- C:\ProgramData\Adobe
2010-10-10 17:37:25 ----D---- C:\Windows\Microsoft.NET
2010-10-07 13:00:59 ----RD---- C:\Users
2010-10-05 13:54:58 ----D---- C:\Program Files\NVIDIA Corporation
2010-10-05 13:54:02 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-04 03:22:15 ----D---- C:\ChartNexus
2010-10-03 19:35:49 ----D---- C:\Program Files\PokerEdge

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-20 145464]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-03 691696]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6380032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-25 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6380032]
S3 av2x3g81;av2x3g81; C:\Windows\system32\drivers\av2x3g81.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Joshua\AppData\Local\Temp\JFDF354.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-25 176128]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-12-18 457248]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-12-18 191008]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-13 1956136]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-04 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby AhF » October 31st, 2010, 3:03 pm

info.txt logfile of random's system information tool 1.08 2010-11-01 03:03:50

======Uninstall list======

-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
AAA Logo Business Edition 3.10-->"C:\Program Files\AAALOGO2010\unins000.exe"
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
ATI Catalyst Install Manager-->msiexec /q/x{F34D6DAE-7777-5C40-E143-8A0D6A048F75} REBOOT=ReallySuppress
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{0323CB96-221A-4042-84A3-93EDE47099FC}
AVG 2011-->MsiExec.exe /I{1A258E63-8DF5-4ADB-9832-38A0121D65EB}
AVG PC Tuneup 2011-->"C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe"
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Catalyst Control Center - Branding-->MsiExec.exe /I{DDA34038-89BD-4804-B0B8-DC48D5DFB463}
DarksidersInstaller-->MsiExec.exe /I{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}
Dead Rising 2-->MsiExec.exe /I{4343080E-91B7-4388-AB4D-FB1000008200}
Dead Rising 2-->MsiExec.exe /X{4343080E-91B7-4388-AB4D-FB1000008200}
Full Tilt Poker-->C:\Program Files\Full Tilt Poker\uninstall.exe
Garena-->C:\Program Files\Garena\uninst.exe
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holdem Manager-->"C:\Program Files\RVG Software\Holdem Manager\UninstallHoldemManager.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
OpenOffice.org 3.2-->MsiExec.exe /I{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
PostgreSQL 8.4-->C:\Program Files\PostgreSQL\8.4\uninstall-postgresql.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
The Lord of the Rings FREE Trial -->MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2410711)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BB5A2EB0-4515-4C6B-A618-A6F6B0AB7BAA}
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{E6158D07-2637-4ECF-B576-37C489669174}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Messenger-->MsiExec.exe /X{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\Uninstall.exe
Youda Survivor BFG 1.00-->C:\Program Files\Games\Youda Survivor BFG\Uninstall.exe
Youda Sushi Chef-->"C:\Windows\Youda Sushi Chef\uninstall.exe" "/U:C:\Program Files\Youda Sushi Chef\Uninstall\uninstall.xml"
YouTube Downloader 2.6-->"C:\Program Files\YouTube Downloader\uninstall.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\Flash\FlashUpdate [2010-10-25]
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\Flash\FlashUpdate [2010-10-25]
F3 - REG:win.ini: load=C:\Users\Joshua\AppData\Local\Temp\dwm.exe [2010-10-25]

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Joshua-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 43209
Source Name: Microsoft-Windows-Time-Service
Time Written: 20101101024838.000000-000
Event Type: Warning
User:

Computer Name: Joshua-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 43210
Source Name: Microsoft-Windows-Time-Service
Time Written: 20101101024840.000000-000
Event Type: Warning
User:

Computer Name: Joshua-PC
Event Code: 34
Message: The time service has detected that the system time needs to be changed by -54205 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123) is working properly.
Record Number: 43214
Source Name: Microsoft-Windows-Time-Service
Time Written: 20101101024843.000000-000
Event Type: Error
User:

Computer Name: Joshua-PC
Event Code: 10010
Message: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Record Number: 43266
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20101101095951.000000-000
Event Type: Error
User:

Computer Name: Joshua-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 43290
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20101101100136.912562-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Joshua-PC
Event Code: 513
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.
.
Record Number: 6623
Source Name: Microsoft-Windows-CAPI2
Time Written: 20101101051141.000000-000
Event Type: Error
User:

Computer Name: Joshua-PC
Event Code: 513
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.
.
Record Number: 6627
Source Name: Microsoft-Windows-CAPI2
Time Written: 20101101080131.000000-000
Event Type: Error
User:

Computer Name: Joshua-PC
Event Code: 513
Message: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.
.
Record Number: 6628
Source Name: Microsoft-Windows-CAPI2
Time Written: 20101101080139.000000-000
Event Type: Error
User:

Computer Name: Joshua-PC
Event Code: 0
Message: 2010-11-01 03:02:03 PDTFATAL: the database system is starting up

Record Number: 6653
Source Name: PostgreSQL
Time Written: 20101101100203.000000-000
Event Type: Error
User:

Computer Name: Joshua-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 6662
Source Name: Microsoft-Windows-WMI
Time Written: 20101101100311.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Joshua-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: JOSHUA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x354
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8247
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101101100158.440771-000
Event Type: Audit Success
User:

Computer Name: Joshua-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8248
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101101100158.440771-000
Event Type: Audit Success
User:

Computer Name: Joshua-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: JOSHUA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x354
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 8249
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101101100158.456371-000
Event Type: Audit Success
User:

Computer Name: Joshua-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: JOSHUA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x354
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8250
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101101100158.456371-000
Event Type: Audit Success
User:

Computer Name: Joshua-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8251
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101101100158.456371-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E60E000 C:\Windows\system32\DRIVERS\atikmdag.sys 6701056 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x81C13000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81C13000 PnpManager 3903488 bytes
0x81C13000 RAW 3903488 bytes
0x81C13000 WMIxWDM 3903488 bytes
0x97CC0000 Win32k 2109440 bytes
0x97CC0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A40D000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x8A00C000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E400000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1048576 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x8060A000 PCI_PNP3248 995328 bytes
0x8060A000 sptd 995328 bytes
0x8060A000 C:\Windows\System32\Drivers\spwf.sys 995328 bytes
0x8A203000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x80469000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9D860000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9BE02000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8EC72000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8234E000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x80549000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x822DD000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9BED4000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8F66C000 C:\Windows\system32\drivers\csc.sys 368640 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x9D800000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x82206000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8F317000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8F29D000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8072C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80428000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8ED8E000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x807BF000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x8A3B3000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8F6DD000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8F626000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8E500000 C:\Windows\system32\DRIVERS\atikmpag.sys 241664 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8A142000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8ED1E000 C:\Windows\System32\Drivers\afrpmqab.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8F786000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A51C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8A1A6000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81FCC000 ACPI_HAL 208896 bytes
0x81FCC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8229B000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8F2E5000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8ED60000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x805D2000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8A117000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8E5A6000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D985000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x8F7BF000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8A56C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8077A000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x80706000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8A1DA000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8A593000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E53B000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8F3CA000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8A5C8000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8F20F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9BF8C000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9BFAC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8227D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9BF41000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x823D7000 C:\Windows\system32\drivers\AtihdLH3.sys 114688 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x8A2EC000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8F76B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8A34F000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x9BF5E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8A17C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9BFCB000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8A373000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8F6C6000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EDDA000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9BFE3000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9D9AD000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8F368000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8F273000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9BF77000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8E581000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9D95E000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8E56D000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F289000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8A38B000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9BEC1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F3A5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8A194000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8F600000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9D973000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8F262000 C:\Windows\system32\DRIVERS\avgfwd6x.sys 69632 bytes (AVG Technologies CZ, s.r.o., AVG Filter Driver)
0x8A5B7000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8F741000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8E5E7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A33F000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x822CD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9D9E5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9BEB1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82265000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8E596000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8F75C000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A55D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x807A1000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8E55E000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8A3F1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x807B0000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x97F00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8F37E000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F24B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82257000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8F721000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8E5DA000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8ED11000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x805C5000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8A000000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x9D948000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8F203000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9D855000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8F72E000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8A39E000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8E600000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8F240000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EDF1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8EDCF000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x9D9CC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x9D954000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x8F752000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E5D0000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F662000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9D93E000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A369000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8A3A9000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x9D9D7000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8A5F7000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x8A5E9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x823F3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9D9C3000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8F7F0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8F259000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x97EE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8A336000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8ED57000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806FD000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8F35F000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x82275000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80420000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8F739000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x80407000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8F719000 C:\Windows\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x9D9F7000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80772000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8F230000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F238000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A555000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x80600000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F619000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8E5F8000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9D84E000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x82250000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8F620000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8A5F2000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8E60B000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9D9F5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x851221F8 unknown_irp_handler 3592 bytes
0x8624B1F8 unknown_irp_handler 3592 bytes
0x851211F8 unknown_irp_handler 3592 bytes
0x871C61F8 unknown_irp_handler 3592 bytes
0x862231F8 unknown_irp_handler 3592 bytes
0x862251F8 unknown_irp_handler 3592 bytes
0x871181F8 unknown_irp_handler 3592 bytes
0x862511F8 unknown_irp_handler 3592 bytes
0x847941F8 unknown_irp_handler 3592 bytes
0x862241F8 unknown_irp_handler 3592 bytes
0x870B8500 unknown_irp_handler 2816 bytes
0x87470500 unknown_irp_handler 2816 bytes
0x87EC1500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x00BC0000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x87B0FD90 ] PID: 2756, 118784 bytes
0x00D70000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x87B0FD90 ] PID: 2756, 28672 bytes
0x00D90000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x87B0FD90 ] PID: 2756, 28672 bytes
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x00BA0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x87B0FD90 ] PID: 2756, 45056 bytes
0x00C40000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x87B0FD90 ] PID: 2756, 45056 bytes
0x00C50000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x87B0FD90 ] PID: 2756, 77824 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x81CC7EEA-->81CC7EF1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8F18, Type: Inline - RelativeJump 0x81CCBF18-->81CCBEA8 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000B8F78, Type: Inline - RelativeJump 0x81CCBF78-->81CCBFF7 [ntkrnlpa.exe]
[1508]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[1508]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[1508]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
[2564]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[2564]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[2564]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
[4632]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[4632]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[4632]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
[5048]explorer.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x766A98DD-->00000000 [unknown_code_page]
[5096]chrome.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x769F330C-->00000000 [unknown_code_page]
[5096]chrome.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x769F343A-->00000000 [unknown_code_page]
[5096]chrome.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x769F659B-->00000000 [unknown_code_page]
[5096]chrome.exe-->ws2_32.dll-->WSAGetOverlappedResult, Type: Inline - RelativeJump 0x769F8143-->00000000 [unknown_code_page]
[5096]chrome.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x769F8400-->00000000 [unknown_code_page]
[5096]chrome.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x769F4496-->00000000 [unknown_code_page]
[5180]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[5180]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[5180]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
[5924]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[5924]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[5924]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
[6004]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[6004]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[6004]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
[664]chrome.exe-->ntdll.dll-->NtOpenProcessToken, Type: Inline - RelativeCall 0x7703887E-->00000000 [usp10.dll]
[664]chrome.exe-->ntdll.dll-->NtOpenThreadTokenEx, Type: Inline - RelativeCall 0x770388FE-->00000000 [usp10.dll]
[664]chrome.exe-->ntdll.dll-->NtQueryFullAttributesFile, Type: Inline - RelativeCall 0x77038A3E-->00000000 [usp10.dll]
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby Cypher » October 31st, 2010, 3:12 pm

Hi AhF.
My pc is for personal use but I'm kinda shocked that it isn't a valid version. Even paid money for it and the shop is no longer there. Will try to find a solution? Any suggestions?
I suggest you visit the official Microsoft product site as they can provide a better solution regarding this problem.
But as mentioned it is a non-genuine copy and will need to be removed before we can proceed.

Did you have an active internet connection when you ran RSIT?
Please be sure you are connected to the internet, run RSIT again and post the resulting log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after search.

Unread postby AhF » October 31st, 2010, 3:31 pm

Running the scan halfway i got a windows cannot access specified file. You do not have the permission to access item. Ran it in administrator mode too.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Joshua at 2010-11-01 03:33:55
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 64 GB (36%) free of 177 GB
Total RAM: 3070 MB (64% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017631574-1566193767-2575401280-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017631574-1566193767-2575401280-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Google Update"=C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 136176]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7YTWeSeMfD]
C:\Users\Joshua\AppData\Roaming\wscntfy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internetexplorer]
C:\Program Files\Flash\FlashUpdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOO9RV9K4Z]
C:\Users\Joshua\AppData\Local\Temp\Flx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Metropolis]
C:\Windows\system32\sshnas21.dll,GetHandle []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
C:\Users\Joshua\AppData\Roaming\Microsoft\svchost.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-11-01 03:30:24 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_03.30.24_log.txt
2010-11-01 03:28:36 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_03.28.36_log.txt
2010-11-01 03:24:11 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_03.24.11_log.txt
2010-11-01 03:03:36 ----D---- C:\rsit
2010-11-01 02:22:47 ----D---- C:\Users\Joshua\AppData\Roaming\Malwarebytes
2010-11-01 02:22:20 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-01 02:22:19 ----D---- C:\ProgramData\Malwarebytes
2010-11-01 02:22:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-01 02:22:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-31 22:50:40 ----D---- C:\MGADiagToolOutput
2010-10-31 22:43:06 ----D---- C:\ProgramData\Office Genuine Advantage
2010-10-31 03:43:24 ----D---- C:\Program Files\Capcom
2010-10-30 04:16:27 ----D---- C:\Windows\system32\Macromed
2010-10-28 04:27:11 ----D---- C:\ProgramData\NOS
2010-10-28 04:27:11 ----D---- C:\Program Files\NOS
2010-10-28 01:11:01 ----D---- C:\Users\Joshua\AppData\Roaming\SUPERAntiSpyware.com
2010-10-28 01:11:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-28 01:10:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-27 13:15:52 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 13:15:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-25 11:49:08 ----D---- C:\Program Files\Trend Micro
2010-10-25 11:29:28 ----D---- C:\Users\Joshua\AppData\Roaming\AVG
2010-10-24 23:47:08 ----D---- C:\Program Files\Garena
2010-10-24 01:00:48 ----D---- C:\ProgramData\MumboJumbo
2010-10-24 01:00:31 ----D---- C:\ProgramData\Rare Treasures - Dinnerware Trading Company
2010-10-23 16:41:15 ----D---- C:\Windows\Sun
2010-10-21 21:17:38 ----HD---- C:\$AVG
2010-10-21 20:22:51 ----D---- C:\Users\Joshua\AppData\Roaming\AVG10
2010-10-21 20:21:59 ----HD---- C:\ProgramData\Common Files
2010-10-21 20:19:02 ----D---- C:\Windows\system32\drivers\AVG
2010-10-21 20:19:02 ----D---- C:\ProgramData\AVG10
2010-10-21 20:15:55 ----D---- C:\Program Files\AVG
2010-10-21 20:14:10 ----D---- C:\ProgramData\MFAData
2010-10-21 19:44:03 ----D---- C:\Program Files\Electronic Arts
2010-10-21 12:53:15 ----D---- C:\Windows\Youda Sushi Chef
2010-10-21 12:53:15 ----D---- C:\Program Files\Youda Sushi Chef
2010-10-21 12:53:09 ----A---- C:\Windows\Youda Sushi Chef Setup Log.txt
2010-10-21 12:11:46 ----A---- C:\Users\Joshua\AppData\Roaming\Joshua3SQLite3.dll
2010-10-21 12:02:21 ----D---- C:\Program Files\Games
2010-10-21 03:44:15 ----D---- C:\Windows\Minidump
2010-10-20 15:53:37 ----D---- C:\Users\Joshua\AppData\Roaming\UClick
2010-10-20 15:53:37 ----D---- C:\ProgramData\UClick
2010-10-20 13:07:35 ----D---- C:\Users\Joshua\AppData\Roaming\YoudaGames
2010-10-18 14:41:50 ----D---- C:\Program Files\Patrician III
2010-10-17 21:16:10 ----D---- C:\Users\Joshua\AppData\Roaming\ImgBurn
2010-10-17 21:04:47 ----D---- C:\Program Files\ImgBurn
2010-10-15 03:01:27 ----A---- C:\Windows\system32\msshsq.dll
2010-10-14 03:58:23 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 03:58:19 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 03:58:12 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 03:58:12 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 03:58:08 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 03:58:06 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 03:58:00 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 03:58:00 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 03:57:59 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 03:57:57 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 03:57:57 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 03:57:55 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 03:57:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 03:57:51 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\ieapfltr.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\ieaksie.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\occache.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\ieencode.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-11 11:27:04 ----D---- C:\Program Files\Common Files\Adobe
2010-10-11 11:27:04 ----D---- C:\Program Files\Adobe
2010-10-11 02:06:49 ----D---- C:\Program Files\Darksiders
2010-10-11 02:02:24 ----D---- C:\Program Files\THQ
2010-10-10 17:04:46 ----D---- C:\Program Files\Team17
2010-10-07 18:45:20 ----A---- C:\Windows\HMHud.INI
2010-10-07 13:54:22 ----D---- C:\Users\Joshua\AppData\Roaming\HEM Data
2010-10-07 13:02:17 ----A---- C:\Program Files\hminstalllog.txt
2010-10-07 12:58:26 ----D---- C:\Program Files\PostgreSQL
2010-10-07 12:56:55 ----D---- C:\Program Files\PSQLINSTALL
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-10-05 14:05:13 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-10-05 14:05:00 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-10-05 14:05:00 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-10-05 14:04:56 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-10-05 14:04:56 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-10-05 14:04:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-10-05 14:04:54 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xinput1_3.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xinput1_2.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xinput1_1.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx10.dll
2010-10-05 14:04:49 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-10-05 14:04:42 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-10-05 13:57:39 ----D---- C:\Program Files\PokerStars
2010-10-05 13:54:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-10-05 13:27:39 ----D---- C:\ProgramData\XHEO INC
2010-10-05 13:25:01 ----D---- C:\Program Files\RVG Software
2010-10-04 03:07:38 ----D---- C:\Users\Joshua\AppData\Roaming\Gogii
2010-10-04 03:05:10 ----AD---- C:\ProgramData\TEMP
2010-10-04 02:41:30 ----D---- C:\ProgramData\Trymedia
2010-10-04 02:40:48 ----D---- C:\Program Files\Google
2010-10-03 20:35:05 ----D---- C:\Windows\system32\EventProviders
2010-10-03 19:50:41 ----D---- C:\Users\Joshua\AppData\Roaming\ATI
2010-10-03 19:50:41 ----D---- C:\ProgramData\ATI
2010-10-03 19:43:18 ----D---- C:\Program Files\ATI Technologies
2010-10-03 19:43:15 ----D---- C:\Program Files\ATI
2010-10-03 19:23:41 ----D---- C:\Windows\system32\directx
2010-10-03 19:13:01 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-10-03 19:12:48 ----D---- C:\Program Files\DAEMON Tools Lite
2010-10-03 19:12:31 ----D---- C:\Users\Joshua\AppData\Roaming\DAEMON Tools Lite
2010-10-03 19:12:29 ----D---- C:\ProgramData\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-11-01 03:33:56 ----D---- C:\Windows\Temp
2010-11-01 03:30:34 ----D---- C:\Windows\System32
2010-11-01 03:30:25 ----D---- C:\Windows\system32\drivers
2010-11-01 03:28:08 ----D---- C:\Windows\Prefetch
2010-11-01 03:08:26 ----D---- C:\Windows\inf
2010-11-01 03:08:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-01 03:01:17 ----D---- C:\Windows\nap
2010-11-01 02:22:25 ----RD---- C:\Program Files
2010-11-01 02:22:19 ----HD---- C:\ProgramData
2010-11-01 01:36:47 ----SHD---- C:\System Volume Information
2010-10-31 22:11:31 ----D---- C:\Windows\Logs
2010-10-31 20:07:43 ----D---- C:\Windows\system32\Tasks
2010-10-31 20:04:26 ----SHD---- C:\Windows\Installer
2010-10-31 02:55:37 ----D---- C:\Users\Joshua\AppData\Roaming\tixati
2010-10-31 02:45:11 ----SD---- C:\ProgramData\Microsoft
2010-10-30 04:16:29 ----SD---- C:\Windows\Downloaded Program Files
2010-10-29 11:44:27 ----D---- C:\Windows
2010-10-29 02:58:09 ----D---- C:\Program Files\Common Files
2010-10-28 04:28:45 ----D---- C:\Windows\AppPatch
2010-10-28 03:01:13 ----D---- C:\Windows\winsxs
2010-10-27 13:14:25 ----D---- C:\Windows\system32\catroot
2010-10-27 13:14:24 ----D---- C:\Windows\system32\catroot2
2010-10-25 11:29:29 ----D---- C:\Windows\Tasks
2010-10-24 22:24:29 ----D---- C:\Windows\Debug
2010-10-21 21:01:17 ----D---- C:\Windows\system32\NDF
2010-10-21 20:27:10 ----SD---- C:\Users\Joshua\AppData\Roaming\Microsoft
2010-10-21 19:43:34 ----RSD---- C:\Windows\assembly
2010-10-21 19:23:04 ----D---- C:\Windows\system32\WDI
2010-10-17 21:17:36 ----D---- C:\Program Files\Full Tilt Poker
2010-10-17 21:13:45 ----D---- C:\Users\Joshua\AppData\Roaming\vlc
2010-10-15 03:39:02 ----D---- C:\Windows\rescache
2010-10-15 03:21:44 ----D---- C:\Windows\system32\en-US
2010-10-15 03:21:44 ----D---- C:\Program Files\Windows Media Player
2010-10-15 03:21:43 ----D---- C:\Program Files\Internet Explorer
2010-10-15 03:05:09 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 03:01:44 ----A---- C:\Windows\system32\mrt.exe
2010-10-13 00:24:08 ----D---- C:\Program Files\InstallShield Installation Information
2010-10-11 11:27:08 ----D---- C:\ProgramData\Adobe
2010-10-10 17:37:25 ----D---- C:\Windows\Microsoft.NET
2010-10-07 13:00:59 ----RD---- C:\Users
2010-10-05 13:54:58 ----D---- C:\Program Files\NVIDIA Corporation
2010-10-05 13:54:02 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-04 03:22:15 ----D---- C:\ChartNexus
2010-10-03 19:35:49 ----D---- C:\Program Files\PokerEdge

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-20 145464]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-03 691696]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6380032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-25 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 ahxupuqr;ahxupuqr; C:\Windows\system32\drivers\ahxupuqr.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6380032]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Joshua\AppData\Local\Temp\JFDF354.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-25 176128]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-12-18 457248]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-12-18 191008]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-13 1956136]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-04 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby Cypher » October 31st, 2010, 4:13 pm

Hi AhF.
I see TDSSKiller has been run on this PC.
Did you run it yourself or receive help at another forum?


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Right Click on the erunt-setup.exe and select " Run as administrator " to run it.
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    ahxupuqr
    GarenaPEngine
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7YTWeSeMfD]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internetexplorer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOO9RV9K4Z]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Metropolis]
    
    :Files
    C:\Windows\system32\drivers\ahxupuqr.sys
    C:\Users\Joshua\AppData\Local\Temp\JFDF354.tmp
    
    :Commands
    [resethosts]
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)


Next.

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
C:\Users\Joshua\AppData\Roaming\Joshua3SQLite3.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.



Logs/Information to Post in your Next Reply

  • TDSSKiller did you run it yourself?
  • OTM log.
  • RSIT log.txt.
  • Virustotal or jotti results.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after search.

Unread postby AhF » November 1st, 2010, 2:07 am

Hey. Yea I did run TDSSkiller by myself as one of my friends recommended but the file which was removed, an Alureon, keeps coming back when the computer is restarted. Did nothing to change or solve the problem. For RSIT same problem. Still getting the windows cannot access specified file.


All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named ahxupuqr was found to stop!
Service\Driver key ahxupuqr not found.
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7YTWeSeMfD\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internetexplorer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KOO9RV9K4Z\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Metropolis\ deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\drivers\ahxupuqr.sys not found.
File/Folder C:\Users\Joshua\AppData\Local\Temp\JFDF354.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joshua
->Temp folder emptied: 3542262 bytes
->Temporary Internet Files folder emptied: 4539669 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 270138685 bytes
->Flash cache emptied: 19828 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1983192 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 2478370 bytes

Total Files Cleaned = 270.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 11012010_140008


Logfile of random's system information tool 1.08 (written by random/random)
Run by Joshua at 2010-11-01 14:05:35
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 64 GB (36%) free of 177 GB
Total RAM: 3070 MB (64% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017631574-1566193767-2575401280-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017631574-1566193767-2575401280-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2010-10-20 2922848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"Google Update"=C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-24 136176]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
C:\Users\Joshua\AppData\Roaming\Microsoft\svchost.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-11-01 14:00:08 ----D---- C:\_OTM
2010-11-01 13:59:18 ----D---- C:\Windows\ERDNT
2010-11-01 13:58:42 ----D---- C:\Program Files\ERUNT
2010-11-01 03:30:24 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_03.30.24_log.txt
2010-11-01 03:28:36 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_03.28.36_log.txt
2010-11-01 03:24:11 ----A---- C:\TDSSKiller.2.4.5.1_01.11.2010_03.24.11_log.txt
2010-11-01 03:03:36 ----D---- C:\rsit
2010-11-01 02:22:47 ----D---- C:\Users\Joshua\AppData\Roaming\Malwarebytes
2010-11-01 02:22:20 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-01 02:22:19 ----D---- C:\ProgramData\Malwarebytes
2010-11-01 02:22:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-01 02:22:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-31 22:50:40 ----D---- C:\MGADiagToolOutput
2010-10-31 22:43:06 ----D---- C:\ProgramData\Office Genuine Advantage
2010-10-31 03:43:24 ----D---- C:\Program Files\Capcom
2010-10-30 04:16:27 ----D---- C:\Windows\system32\Macromed
2010-10-28 04:27:11 ----D---- C:\ProgramData\NOS
2010-10-28 04:27:11 ----D---- C:\Program Files\NOS
2010-10-28 01:11:01 ----D---- C:\Users\Joshua\AppData\Roaming\SUPERAntiSpyware.com
2010-10-28 01:11:01 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-28 01:10:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-27 13:15:52 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 13:15:51 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-25 11:49:08 ----D---- C:\Program Files\Trend Micro
2010-10-25 11:29:28 ----D---- C:\Users\Joshua\AppData\Roaming\AVG
2010-10-24 23:47:08 ----D---- C:\Program Files\Garena
2010-10-24 01:00:48 ----D---- C:\ProgramData\MumboJumbo
2010-10-24 01:00:31 ----D---- C:\ProgramData\Rare Treasures - Dinnerware Trading Company
2010-10-23 16:41:15 ----D---- C:\Windows\Sun
2010-10-21 21:17:38 ----HD---- C:\$AVG
2010-10-21 20:22:51 ----D---- C:\Users\Joshua\AppData\Roaming\AVG10
2010-10-21 20:21:59 ----HD---- C:\ProgramData\Common Files
2010-10-21 20:19:02 ----D---- C:\Windows\system32\drivers\AVG
2010-10-21 20:19:02 ----D---- C:\ProgramData\AVG10
2010-10-21 20:15:55 ----D---- C:\Program Files\AVG
2010-10-21 20:14:10 ----D---- C:\ProgramData\MFAData
2010-10-21 19:44:03 ----D---- C:\Program Files\Electronic Arts
2010-10-21 12:53:15 ----D---- C:\Windows\Youda Sushi Chef
2010-10-21 12:53:15 ----D---- C:\Program Files\Youda Sushi Chef
2010-10-21 12:53:09 ----A---- C:\Windows\Youda Sushi Chef Setup Log.txt
2010-10-21 12:11:46 ----A---- C:\Users\Joshua\AppData\Roaming\Joshua3SQLite3.dll
2010-10-21 12:02:21 ----D---- C:\Program Files\Games
2010-10-21 03:44:15 ----D---- C:\Windows\Minidump
2010-10-20 15:53:37 ----D---- C:\Users\Joshua\AppData\Roaming\UClick
2010-10-20 15:53:37 ----D---- C:\ProgramData\UClick
2010-10-20 13:07:35 ----D---- C:\Users\Joshua\AppData\Roaming\YoudaGames
2010-10-18 14:41:50 ----D---- C:\Program Files\Patrician III
2010-10-17 21:16:10 ----D---- C:\Users\Joshua\AppData\Roaming\ImgBurn
2010-10-17 21:04:47 ----D---- C:\Program Files\ImgBurn
2010-10-15 03:01:27 ----A---- C:\Windows\system32\msshsq.dll
2010-10-14 03:58:23 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 03:58:19 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 03:58:12 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 03:58:12 ----A---- C:\Windows\system32\netevent.dll
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 03:58:12 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 03:58:08 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 03:58:06 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 03:58:00 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 03:58:00 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 03:57:59 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 03:57:57 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 03:57:57 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 03:57:55 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 03:57:51 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 03:57:51 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\ieapfltr.dll
2010-10-14 03:57:50 ----A---- C:\Windows\system32\ieaksie.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\occache.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\ieencode.dll
2010-10-14 03:57:49 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-11 11:27:04 ----D---- C:\Program Files\Common Files\Adobe
2010-10-11 11:27:04 ----D---- C:\Program Files\Adobe
2010-10-11 02:06:49 ----D---- C:\Program Files\Darksiders
2010-10-11 02:02:24 ----D---- C:\Program Files\THQ
2010-10-10 17:04:46 ----D---- C:\Program Files\Team17
2010-10-07 18:45:20 ----A---- C:\Windows\HMHud.INI
2010-10-07 13:54:22 ----D---- C:\Users\Joshua\AppData\Roaming\HEM Data
2010-10-07 13:02:17 ----A---- C:\Program Files\hminstalllog.txt
2010-10-07 12:58:26 ----D---- C:\Program Files\PostgreSQL
2010-10-07 12:56:55 ----D---- C:\Program Files\PSQLINSTALL
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-10-05 14:05:15 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-10-05 14:05:14 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-10-05 14:05:13 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-10-05 14:05:00 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-10-05 14:05:00 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-10-05 14:04:59 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-10-05 14:04:58 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-10-05 14:04:57 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-10-05 14:04:56 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-10-05 14:04:56 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-10-05 14:04:55 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-10-05 14:04:54 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-10-05 14:04:54 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-10-05 14:04:53 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xinput1_3.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-10-05 14:04:52 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xinput1_2.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xinput1_1.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-10-05 14:04:51 ----A---- C:\Windows\system32\d3dx10.dll
2010-10-05 14:04:49 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-10-05 14:04:43 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-10-05 14:04:42 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-10-05 13:57:39 ----D---- C:\Program Files\PokerStars
2010-10-05 13:54:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-10-05 13:27:39 ----D---- C:\ProgramData\XHEO INC
2010-10-05 13:25:01 ----D---- C:\Program Files\RVG Software
2010-10-04 03:07:38 ----D---- C:\Users\Joshua\AppData\Roaming\Gogii
2010-10-04 03:05:10 ----AD---- C:\ProgramData\TEMP
2010-10-04 02:41:30 ----D---- C:\ProgramData\Trymedia
2010-10-04 02:40:48 ----D---- C:\Program Files\Google
2010-10-03 20:35:05 ----D---- C:\Windows\system32\EventProviders
2010-10-03 19:50:41 ----D---- C:\Users\Joshua\AppData\Roaming\ATI
2010-10-03 19:50:41 ----D---- C:\ProgramData\ATI
2010-10-03 19:43:18 ----D---- C:\Program Files\ATI Technologies
2010-10-03 19:43:15 ----D---- C:\Program Files\ATI
2010-10-03 19:23:41 ----D---- C:\Windows\system32\directx
2010-10-03 19:13:01 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-10-03 19:12:48 ----D---- C:\Program Files\DAEMON Tools Lite
2010-10-03 19:12:31 ----D---- C:\Users\Joshua\AppData\Roaming\DAEMON Tools Lite
2010-10-03 19:12:29 ----D---- C:\ProgramData\DAEMON Tools Lite

======List of files/folders modified in the last 1 months======

2010-11-01 14:05:44 ----D---- C:\Windows\Prefetch
2010-11-01 14:05:39 ----D---- C:\Windows\Temp
2010-11-01 14:02:07 ----D---- C:\Windows\System32
2010-11-01 14:00:11 ----D---- C:\Windows\system32\drivers\etc
2010-11-01 13:59:18 ----D---- C:\Windows
2010-11-01 13:58:42 ----RD---- C:\Program Files
2010-11-01 04:05:41 ----D---- C:\Windows\inf
2010-11-01 04:05:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-01 03:30:25 ----D---- C:\Windows\system32\drivers
2010-11-01 03:01:17 ----D---- C:\Windows\nap
2010-11-01 02:22:19 ----HD---- C:\ProgramData
2010-11-01 01:36:47 ----SHD---- C:\System Volume Information
2010-10-31 22:11:31 ----D---- C:\Windows\Logs
2010-10-31 20:07:43 ----D---- C:\Windows\system32\Tasks
2010-10-31 20:04:26 ----SHD---- C:\Windows\Installer
2010-10-31 02:55:37 ----D---- C:\Users\Joshua\AppData\Roaming\tixati
2010-10-31 02:45:11 ----SD---- C:\ProgramData\Microsoft
2010-10-30 04:16:29 ----SD---- C:\Windows\Downloaded Program Files
2010-10-29 02:58:09 ----D---- C:\Program Files\Common Files
2010-10-28 04:28:45 ----D---- C:\Windows\AppPatch
2010-10-28 03:01:13 ----D---- C:\Windows\winsxs
2010-10-27 13:14:25 ----D---- C:\Windows\system32\catroot
2010-10-27 13:14:24 ----D---- C:\Windows\system32\catroot2
2010-10-25 11:29:29 ----D---- C:\Windows\Tasks
2010-10-24 22:24:29 ----D---- C:\Windows\Debug
2010-10-21 21:01:17 ----D---- C:\Windows\system32\NDF
2010-10-21 20:27:10 ----SD---- C:\Users\Joshua\AppData\Roaming\Microsoft
2010-10-21 19:43:34 ----RSD---- C:\Windows\assembly
2010-10-21 19:23:04 ----D---- C:\Windows\system32\WDI
2010-10-17 21:17:36 ----D---- C:\Program Files\Full Tilt Poker
2010-10-17 21:13:45 ----D---- C:\Users\Joshua\AppData\Roaming\vlc
2010-10-15 03:39:02 ----D---- C:\Windows\rescache
2010-10-15 03:21:44 ----D---- C:\Windows\system32\en-US
2010-10-15 03:21:44 ----D---- C:\Program Files\Windows Media Player
2010-10-15 03:21:43 ----D---- C:\Program Files\Internet Explorer
2010-10-15 03:05:09 ----D---- C:\ProgramData\Microsoft Help
2010-10-15 03:01:44 ----A---- C:\Windows\system32\mrt.exe
2010-10-13 00:24:08 ----D---- C:\Program Files\InstallShield Installation Information
2010-10-11 11:27:08 ----D---- C:\ProgramData\Adobe
2010-10-10 17:37:25 ----D---- C:\Windows\Microsoft.NET
2010-10-07 13:00:59 ----RD---- C:\Users
2010-10-05 13:54:58 ----D---- C:\Program Files\NVIDIA Corporation
2010-10-05 13:54:02 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-04 03:22:15 ----D---- C:\ChartNexus
2010-10-03 19:35:49 ----D---- C:\Program Files\PokerEdge

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2008-01-20 145464]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-03 691696]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6380032]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-25 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 27216]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 amiy2ekq;amiy2ekq; C:\Windows\system32\drivers\amiy2ekq.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-25 6380032]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-25 176128]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2010-09-10 3210176]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-12-18 457248]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-12-18 191008]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-13 1956136]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-04 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

I used jotti's

2010-11-01 Found nothing

2010-11-01 Found nothing

2010-10-31 Found nothing

2010-11-01 Found nothing

2010-10-31 Found nothing

2010-10-31 Found nothing

2010-10-31 Found nothing

2010-10-31 Found nothing

2010-11-01 Found nothing

2010-10-31 Found nothing

2010-10-31 Found nothing

2010-11-01 Found nothing

2010-11-01 Found nothing

2010-11-01 Found nothing

2010-11-01 Found nothing

2010-10-29 Found nothing

2010-10-31 Found nothing

2010-10-31 Found nothing

2010-11-01 Found nothing
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby Cypher » November 1st, 2010, 6:43 am

Hi AhF.
Yea I did run TDSSkiller by myself as one of my friends recommended but the file which was removed.

A word of warning tools like TDSSKiller are not for everyday use, used incorrectly it can leave your computer unbootable.

I would like to see the TDSSKiller logs on your C drive, post them in your next reply.
To find them go to Start > Computer > C:, there should be three of them.

Next.

Please post a new Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.

Next.

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.



Logs/Information to Post in your Next Reply

  • TDSSKiller logs.
  • Uninstall list.
  • MBRCheck log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after search.

Unread postby AhF » November 1st, 2010, 3:31 pm

Computer updates, the computer still faces the same problems. Not much changes noticed honestly.


2010/11/01 03:24:11.0631 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 03:24:11.0631 ================================================================================
2010/11/01 03:24:11.0631 SystemInfo:
2010/11/01 03:24:11.0631
2010/11/01 03:24:11.0631 OS Version: 6.0.6001 ServicePack: 1.0
2010/11/01 03:24:11.0631 Product type: Workstation
2010/11/01 03:24:11.0632 ComputerName: JOSHUA-PC
2010/11/01 03:24:11.0632 UserName: Joshua
2010/11/01 03:24:11.0632 Windows directory: C:\Windows
2010/11/01 03:24:11.0632 System windows directory: C:\Windows
2010/11/01 03:24:11.0632 Processor architecture: Intel x86
2010/11/01 03:24:11.0632 Number of processors: 2
2010/11/01 03:24:11.0632 Page size: 0x1000
2010/11/01 03:24:11.0632 Boot type: Normal boot
2010/11/01 03:24:11.0632 ================================================================================
2010/11/01 03:24:12.0408 Initialize success
2010/11/01 03:24:31.0608 ================================================================================
2010/11/01 03:24:31.0608 Scan started
2010/11/01 03:24:31.0608 Mode: Manual;
2010/11/01 03:24:31.0608 ================================================================================
2010/11/01 03:24:32.0310 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/11/01 03:24:32.0341 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/01 03:24:32.0357 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/01 03:24:32.0383 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/01 03:24:32.0403 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/01 03:24:32.0435 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/11/01 03:24:32.0472 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/01 03:24:32.0501 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/01 03:24:32.0547 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/01 03:24:32.0595 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/01 03:24:32.0626 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/01 03:24:32.0654 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/01 03:24:32.0678 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/01 03:24:32.0858 amdkmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/01 03:24:33.0043 amdkmdap (46a3f55772fd2d1526994693ae352579) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/01 03:24:33.0102 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/01 03:24:33.0136 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/01 03:24:33.0173 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/01 03:24:33.0197 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/11/01 03:24:33.0239 AtiHDAudioService (8579387516ec86d76404ddffc22214c4) C:\Windows\system32\drivers\AtihdLH3.sys
2010/11/01 03:24:33.0361 atikmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/01 03:24:33.0497 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2010/11/01 03:24:33.0575 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/01 03:24:33.0606 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/11/01 03:24:33.0653 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/01 03:24:33.0684 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2010/11/01 03:24:33.0715 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/11/01 03:24:33.0731 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/11/01 03:24:33.0777 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2010/11/01 03:24:33.0809 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\Windows\system32\DRIVERS\avgtdix.sys
2010/11/01 03:24:33.0871 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/01 03:24:34.0058 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/01 03:24:34.0105 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/01 03:24:34.0136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/01 03:24:34.0167 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/01 03:24:34.0214 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/01 03:24:34.0245 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/01 03:24:34.0261 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/01 03:24:34.0292 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/01 03:24:34.0308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/01 03:24:34.0323 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/01 03:24:34.0355 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/01 03:24:34.0386 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/01 03:24:34.0433 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/11/01 03:24:34.0464 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/01 03:24:34.0511 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/11/01 03:24:34.0526 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/01 03:24:34.0557 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/01 03:24:34.0589 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2010/11/01 03:24:34.0620 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/11/01 03:24:34.0682 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/11/01 03:24:34.0760 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/01 03:24:34.0823 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/01 03:24:34.0869 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/01 03:24:34.0932 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/11/01 03:24:34.0963 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/01 03:24:35.0010 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/01 03:24:35.0041 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/11/01 03:24:35.0057 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/11/01 03:24:35.0072 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/01 03:24:35.0103 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/01 03:24:35.0135 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/01 03:24:35.0150 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/01 03:24:35.0181 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/11/01 03:24:35.0213 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/01 03:24:35.0228 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/01 03:24:35.0259 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/01 03:24:35.0525 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/01 03:24:35.0571 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/01 03:24:35.0681 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/01 03:24:35.0727 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/01 03:24:35.0774 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/01 03:24:35.0821 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/01 03:24:35.0883 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/11/01 03:24:35.0915 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/01 03:24:35.0946 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/01 03:24:35.0977 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/01 03:24:36.0008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/01 03:24:36.0055 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/01 03:24:36.0086 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/01 03:24:36.0117 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/01 03:24:36.0164 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/01 03:24:36.0180 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/01 03:24:36.0211 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/01 03:24:36.0242 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/01 03:24:36.0258 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/01 03:24:36.0289 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/01 03:24:36.0320 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/01 03:24:36.0336 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/01 03:24:36.0351 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/11/01 03:24:36.0414 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/01 03:24:36.0461 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/01 03:24:36.0507 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/01 03:24:36.0539 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/01 03:24:36.0585 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/01 03:24:36.0617 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/01 03:24:36.0648 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/01 03:24:36.0679 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/01 03:24:36.0726 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/01 03:24:36.0757 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/01 03:24:36.0773 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/01 03:24:36.0788 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/01 03:24:36.0804 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/01 03:24:36.0835 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/01 03:24:36.0866 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/01 03:24:36.0882 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/01 03:24:36.0913 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/11/01 03:24:36.0975 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/01 03:24:36.0991 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/01 03:24:37.0022 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/01 03:24:37.0038 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/01 03:24:37.0053 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/01 03:24:37.0085 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/01 03:24:37.0116 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/01 03:24:37.0163 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/01 03:24:37.0194 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/01 03:24:37.0209 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/01 03:24:37.0241 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/11/01 03:24:37.0256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/01 03:24:37.0287 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/01 03:24:37.0303 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/11/01 03:24:37.0350 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/01 03:24:37.0397 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/11/01 03:24:37.0428 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/01 03:24:37.0443 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/01 03:24:37.0475 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/01 03:24:37.0506 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/01 03:24:37.0521 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/01 03:24:37.0553 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/01 03:24:37.0599 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/01 03:24:37.0615 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/11/01 03:24:37.0646 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/01 03:24:37.0693 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/11/01 03:24:37.0740 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/01 03:24:37.0755 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/01 03:24:37.0849 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/11/01 03:24:37.0911 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/01 03:24:37.0958 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/01 03:24:37.0974 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/01 03:24:38.0036 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/01 03:24:38.0114 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/11/01 03:24:38.0145 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/11/01 03:24:38.0177 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/01 03:24:38.0208 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/11/01 03:24:38.0255 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/01 03:24:38.0286 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/01 03:24:38.0333 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/01 03:24:38.0442 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/01 03:24:38.0457 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/01 03:24:38.0551 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/01 03:24:38.0598 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/01 03:24:38.0660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/01 03:24:38.0707 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/01 03:24:38.0754 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/01 03:24:38.0769 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/01 03:24:38.0801 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/01 03:24:38.0816 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/01 03:24:38.0847 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/01 03:24:38.0879 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/01 03:24:38.0910 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/01 03:24:38.0925 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/01 03:24:38.0957 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/11/01 03:24:39.0003 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/01 03:24:39.0097 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/01 03:24:39.0113 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/01 03:24:39.0144 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/01 03:24:39.0175 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/01 03:24:39.0222 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/01 03:24:39.0269 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/11/01 03:24:39.0300 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/01 03:24:39.0331 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/01 03:24:39.0347 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/01 03:24:39.0378 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/01 03:24:39.0393 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/01 03:24:39.0425 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/01 03:24:39.0440 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/01 03:24:39.0471 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/01 03:24:39.0503 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/11/01 03:24:39.0534 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/01 03:24:39.0612 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/11/01 03:24:39.0612 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/11/01 03:24:39.0612 sptd - detected Locked file (1)
2010/11/01 03:24:39.0643 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/11/01 03:24:39.0690 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/01 03:24:39.0705 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/01 03:24:39.0737 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/01 03:24:39.0768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/01 03:24:39.0799 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/01 03:24:39.0815 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/01 03:24:39.0893 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/11/01 03:24:39.0955 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/01 03:24:39.0971 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/01 03:24:40.0002 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/01 03:24:40.0017 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/01 03:24:40.0049 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/01 03:24:40.0080 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/01 03:24:40.0142 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/01 03:24:40.0158 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/01 03:24:40.0173 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/01 03:24:40.0205 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/01 03:24:40.0236 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/01 03:24:40.0267 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/01 03:24:40.0298 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/01 03:24:40.0329 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/01 03:24:40.0361 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/01 03:24:40.0392 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/01 03:24:40.0439 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/01 03:24:40.0470 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/01 03:24:40.0501 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/01 03:24:40.0532 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/01 03:24:40.0579 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/01 03:24:40.0590 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/01 03:24:40.0636 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/01 03:24:40.0660 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/01 03:24:40.0715 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/01 03:24:40.0744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/01 03:24:40.0773 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/01 03:24:40.0797 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/01 03:24:40.0815 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/01 03:24:40.0854 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/01 03:24:40.0920 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/11/01 03:24:40.0955 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/11/01 03:24:41.0013 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/01 03:24:41.0079 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/01 03:24:41.0093 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 03:24:41.0116 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 03:24:41.0147 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/01 03:24:41.0179 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/01 03:24:41.0269 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/01 03:24:41.0310 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/01 03:24:41.0361 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/01 03:24:41.0407 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/01 03:24:41.0430 ================================================================================
2010/11/01 03:24:41.0430 Scan finished
2010/11/01 03:24:41.0430 ================================================================================
2010/11/01 03:24:41.0443 Detected object count: 2
2010/11/01 03:24:58.0601 Locked file(sptd) - User select action: Skip
2010/11/01 03:24:58.0648 \HardDisk0\MBR - will be cured after reboot
2010/11/01 03:24:58.0648 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/11/01 03:25:02.0173 Deinitialize success

2010/11/01 03:28:36.0036 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 03:28:36.0036 ================================================================================
2010/11/01 03:28:36.0036 SystemInfo:
2010/11/01 03:28:36.0036
2010/11/01 03:28:36.0036 OS Version: 6.0.6001 ServicePack: 1.0
2010/11/01 03:28:36.0036 Product type: Workstation
2010/11/01 03:28:36.0036 ComputerName: JOSHUA-PC
2010/11/01 03:28:36.0036 UserName: Joshua
2010/11/01 03:28:36.0036 Windows directory: C:\Windows
2010/11/01 03:28:36.0036 System windows directory: C:\Windows
2010/11/01 03:28:36.0036 Processor architecture: Intel x86
2010/11/01 03:28:36.0036 Number of processors: 2
2010/11/01 03:28:36.0036 Page size: 0x1000
2010/11/01 03:28:36.0036 Boot type: Normal boot
2010/11/01 03:28:36.0036 ================================================================================
2010/11/01 03:28:36.0602 Initialize success
2010/11/01 03:28:38.0547 ================================================================================
2010/11/01 03:28:38.0547 Scan started
2010/11/01 03:28:38.0547 Mode: Manual;
2010/11/01 03:28:38.0547 ================================================================================
2010/11/01 03:28:39.0933 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/11/01 03:28:39.0985 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/01 03:28:40.0038 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/01 03:28:40.0065 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/01 03:28:40.0116 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/01 03:28:40.0162 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/11/01 03:28:40.0198 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/01 03:28:40.0249 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/01 03:28:40.0285 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/01 03:28:40.0321 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/01 03:28:40.0386 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/01 03:28:40.0413 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/01 03:28:40.0438 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/01 03:28:41.0123 amdkmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/01 03:28:41.0280 amdkmdap (46a3f55772fd2d1526994693ae352579) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/01 03:28:41.0372 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/01 03:28:41.0408 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/01 03:28:41.0444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/01 03:28:41.0489 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/11/01 03:28:41.0554 AtiHDAudioService (8579387516ec86d76404ddffc22214c4) C:\Windows\system32\drivers\AtihdLH3.sys
2010/11/01 03:28:41.0701 atikmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/01 03:28:41.0805 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2010/11/01 03:28:41.0852 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/01 03:28:41.0918 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/11/01 03:28:41.0974 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/01 03:28:42.0017 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2010/11/01 03:28:42.0061 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/11/01 03:28:42.0076 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/11/01 03:28:42.0110 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2010/11/01 03:28:42.0156 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\Windows\system32\DRIVERS\avgtdix.sys
2010/11/01 03:28:42.0245 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/01 03:28:42.0298 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/01 03:28:42.0338 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/01 03:28:42.0368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/01 03:28:42.0398 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/01 03:28:42.0427 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/01 03:28:42.0456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/01 03:28:42.0553 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/01 03:28:42.0614 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/01 03:28:42.0667 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/01 03:28:42.0683 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/01 03:28:42.0685 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/01 03:28:42.0711 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/01 03:28:42.0760 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/11/01 03:28:42.0838 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/01 03:28:42.0873 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/11/01 03:28:42.0895 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/01 03:28:42.0927 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/01 03:28:42.0977 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2010/11/01 03:28:43.0014 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/11/01 03:28:43.0111 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/11/01 03:28:43.0248 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/01 03:28:43.0350 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/01 03:28:43.0391 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/01 03:28:43.0455 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/11/01 03:28:43.0528 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/01 03:28:43.0573 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/01 03:28:43.0652 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/11/01 03:28:43.0737 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/11/01 03:28:43.0804 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/01 03:28:43.0859 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/01 03:28:43.0899 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/01 03:28:43.0924 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/01 03:28:44.0012 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/11/01 03:28:44.0063 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/01 03:28:44.0090 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/01 03:28:44.0121 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/01 03:28:44.0759 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/01 03:28:44.0890 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/01 03:28:44.0906 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/01 03:28:44.0937 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/01 03:28:44.0968 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/01 03:28:45.0031 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/01 03:28:45.0093 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/11/01 03:28:45.0140 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/01 03:28:45.0187 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/01 03:28:45.0218 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/01 03:28:45.0249 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/01 03:28:45.0296 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/01 03:28:45.0327 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/01 03:28:45.0358 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/01 03:28:45.0405 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/01 03:28:45.0436 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/01 03:28:45.0452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/01 03:28:45.0483 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/01 03:28:45.0530 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/01 03:28:45.0561 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/01 03:28:45.0577 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/01 03:28:45.0592 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/01 03:28:45.0623 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/11/01 03:28:45.0670 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/01 03:28:45.0733 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/01 03:28:45.0779 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/01 03:28:45.0857 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/01 03:28:45.0889 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/01 03:28:45.0920 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/01 03:28:45.0951 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/01 03:28:45.0982 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/01 03:28:46.0029 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/01 03:28:46.0076 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/01 03:28:46.0107 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/01 03:28:46.0138 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/01 03:28:46.0154 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/01 03:28:46.0216 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/01 03:28:46.0232 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/01 03:28:46.0279 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/01 03:28:46.0310 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/11/01 03:28:46.0372 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/01 03:28:46.0388 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/01 03:28:46.0403 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/01 03:28:46.0435 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/01 03:28:46.0466 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/01 03:28:46.0497 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/01 03:28:46.0528 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/01 03:28:46.0575 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/01 03:28:46.0606 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/01 03:28:46.0622 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/01 03:28:46.0653 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/11/01 03:28:46.0669 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/01 03:28:46.0700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/01 03:28:46.0715 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/11/01 03:28:46.0778 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/01 03:28:46.0825 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/11/01 03:28:46.0840 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/01 03:28:46.0871 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/01 03:28:46.0918 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/01 03:28:46.0934 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/01 03:28:46.0996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/01 03:28:47.0074 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/01 03:28:47.0137 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/01 03:28:47.0168 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/11/01 03:28:47.0215 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/01 03:28:47.0261 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/11/01 03:28:47.0293 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/01 03:28:47.0308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/01 03:28:47.0433 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/11/01 03:28:47.0495 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/01 03:28:47.0573 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/01 03:28:47.0651 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/01 03:28:47.0745 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/01 03:28:47.0870 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/11/01 03:28:47.0901 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/11/01 03:28:47.0932 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/01 03:28:47.0963 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/11/01 03:28:47.0995 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/01 03:28:48.0026 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/01 03:28:48.0073 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/01 03:28:48.0213 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/01 03:28:48.0322 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/01 03:28:48.0416 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/01 03:28:48.0665 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/01 03:28:48.0728 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/01 03:28:48.0806 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/01 03:28:48.0853 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/01 03:28:48.0931 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/01 03:28:49.0024 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/01 03:28:49.0133 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/01 03:28:49.0211 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/01 03:28:49.0243 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/01 03:28:49.0383 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/01 03:28:49.0477 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/01 03:28:49.0601 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/11/01 03:28:49.0711 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/01 03:28:49.0867 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/01 03:28:49.0913 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/01 03:28:49.0991 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/01 03:28:50.0147 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/01 03:28:50.0257 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/01 03:28:50.0319 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/11/01 03:28:50.0366 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/01 03:28:50.0506 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/01 03:28:50.0584 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/01 03:28:50.0678 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/01 03:28:50.0725 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/01 03:28:50.0849 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/01 03:28:50.0974 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/01 03:28:51.0099 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/01 03:28:51.0146 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/11/01 03:28:51.0193 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/01 03:28:51.0271 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/11/01 03:28:51.0271 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/11/01 03:28:51.0286 sptd - detected Locked file (1)
2010/11/01 03:28:51.0333 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/11/01 03:28:51.0380 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/01 03:28:51.0411 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/01 03:28:51.0520 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/01 03:28:51.0629 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/01 03:28:51.0785 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/01 03:28:51.0832 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/01 03:28:52.0082 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/11/01 03:28:52.0160 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/01 03:28:52.0191 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/01 03:28:52.0238 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/01 03:28:52.0253 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/01 03:28:52.0300 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/01 03:28:52.0331 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/01 03:28:52.0487 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/01 03:28:52.0534 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/01 03:28:52.0565 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/01 03:28:52.0628 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/01 03:28:52.0659 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/01 03:28:52.0784 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/01 03:28:52.0893 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/01 03:28:53.0033 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/01 03:28:53.0143 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/01 03:28:53.0189 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/01 03:28:53.0345 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/01 03:28:53.0392 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/01 03:28:53.0439 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/01 03:28:53.0501 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/01 03:28:53.0689 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/01 03:28:53.0813 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/01 03:28:54.0016 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/01 03:28:54.0141 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/01 03:28:54.0203 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/01 03:28:54.0219 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/01 03:28:54.0250 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/01 03:28:54.0281 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/01 03:28:54.0297 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/01 03:28:54.0328 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/01 03:28:54.0515 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/11/01 03:28:55.0046 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/11/01 03:28:55.0139 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/01 03:28:55.0217 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/01 03:28:55.0249 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 03:28:55.0264 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 03:28:55.0311 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/01 03:28:55.0358 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/01 03:28:55.0436 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/01 03:28:55.0483 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/01 03:28:55.0545 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/01 03:28:55.0592 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/01 03:28:55.0607 ================================================================================
2010/11/01 03:28:55.0607 Scan finished
2010/11/01 03:28:55.0607 ================================================================================
2010/11/01 03:28:55.0623 Detected object count: 2
2010/11/01 03:29:07.0978 Locked file(sptd) - User select action: Skip
2010/11/01 03:29:08.0119 \HardDisk0\MBR - will be cured after reboot
2010/11/01 03:29:08.0119 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/11/01 03:29:13.0781 Deinitialize success

2010/11/01 03:30:24.0709 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 03:30:24.0725 ================================================================================
2010/11/01 03:30:24.0725 SystemInfo:
2010/11/01 03:30:24.0725
2010/11/01 03:30:24.0725 OS Version: 6.0.6001 ServicePack: 1.0
2010/11/01 03:30:24.0725 Product type: Workstation
2010/11/01 03:30:24.0725 ComputerName: JOSHUA-PC
2010/11/01 03:30:24.0725 UserName: Joshua
2010/11/01 03:30:24.0725 Windows directory: C:\Windows
2010/11/01 03:30:24.0725 System windows directory: C:\Windows
2010/11/01 03:30:24.0725 Processor architecture: Intel x86
2010/11/01 03:30:24.0725 Number of processors: 2
2010/11/01 03:30:24.0725 Page size: 0x1000
2010/11/01 03:30:24.0725 Boot type: Normal boot
2010/11/01 03:30:24.0725 ================================================================================
2010/11/01 03:30:31.0760 Initialize success
2010/11/01 03:30:41.0588 ================================================================================
2010/11/01 03:30:41.0588 Scan started
2010/11/01 03:30:41.0588 Mode: Manual;
2010/11/01 03:30:41.0588 ================================================================================
2010/11/01 03:30:43.0210 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/11/01 03:30:43.0257 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/11/01 03:30:43.0304 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/11/01 03:30:43.0335 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/11/01 03:30:43.0397 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/11/01 03:30:43.0444 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/11/01 03:30:43.0491 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/11/01 03:30:43.0538 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/01 03:30:43.0569 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/11/01 03:30:43.0616 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/11/01 03:30:43.0647 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/11/01 03:30:43.0662 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/11/01 03:30:43.0709 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/01 03:30:43.0850 amdkmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/01 03:30:43.0928 amdkmdap (46a3f55772fd2d1526994693ae352579) C:\Windows\system32\DRIVERS\atikmpag.sys
2010/11/01 03:30:43.0974 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/11/01 03:30:44.0006 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/11/01 03:30:44.0037 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/01 03:30:44.0068 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2010/11/01 03:30:44.0115 AtiHDAudioService (8579387516ec86d76404ddffc22214c4) C:\Windows\system32\drivers\AtihdLH3.sys
2010/11/01 03:30:44.0255 atikmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/01 03:30:44.0349 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2010/11/01 03:30:44.0396 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/01 03:30:44.0442 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/11/01 03:30:44.0458 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/01 03:30:44.0489 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2010/11/01 03:30:44.0520 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/11/01 03:30:44.0536 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/11/01 03:30:44.0567 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2010/11/01 03:30:44.0598 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\Windows\system32\DRIVERS\avgtdix.sys
2010/11/01 03:30:44.0645 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/11/01 03:30:44.0708 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/11/01 03:30:44.0754 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/01 03:30:44.0770 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/01 03:30:44.0801 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/01 03:30:44.0848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/01 03:30:44.0879 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/01 03:30:44.0910 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/01 03:30:44.0942 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/01 03:30:44.0957 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/11/01 03:30:45.0004 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/01 03:30:45.0035 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/01 03:30:45.0066 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/11/01 03:30:45.0113 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/11/01 03:30:45.0160 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/11/01 03:30:45.0176 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2010/11/01 03:30:45.0207 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/11/01 03:30:45.0238 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/11/01 03:30:45.0285 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2010/11/01 03:30:45.0332 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/11/01 03:30:45.0394 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/11/01 03:30:45.0472 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/11/01 03:30:45.0534 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/01 03:30:45.0581 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/01 03:30:45.0612 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/11/01 03:30:45.0675 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/11/01 03:30:45.0706 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/11/01 03:30:45.0753 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/11/01 03:30:45.0784 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/11/01 03:30:45.0815 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/01 03:30:45.0862 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/11/01 03:30:45.0893 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/11/01 03:30:45.0909 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/01 03:30:45.0940 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/11/01 03:30:45.0971 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/01 03:30:45.0987 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/01 03:30:46.0018 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/01 03:30:46.0252 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/01 03:30:46.0299 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/01 03:30:46.0314 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/11/01 03:30:46.0330 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/01 03:30:46.0377 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/01 03:30:46.0408 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/11/01 03:30:46.0470 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/11/01 03:30:46.0502 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/11/01 03:30:46.0533 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/01 03:30:46.0564 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/11/01 03:30:46.0595 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/01 03:30:46.0642 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/11/01 03:30:46.0673 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/01 03:30:46.0704 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/01 03:30:46.0751 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/01 03:30:46.0782 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/01 03:30:46.0798 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/11/01 03:30:46.0829 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/11/01 03:30:46.0860 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/01 03:30:46.0876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/01 03:30:46.0907 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/01 03:30:46.0923 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/01 03:30:46.0954 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/11/01 03:30:47.0016 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/01 03:30:47.0063 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/01 03:30:47.0094 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/01 03:30:47.0126 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/01 03:30:47.0157 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/01 03:30:47.0188 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/11/01 03:30:47.0204 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/11/01 03:30:47.0235 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/11/01 03:30:47.0282 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/11/01 03:30:47.0313 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/01 03:30:47.0328 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/01 03:30:47.0344 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/01 03:30:47.0360 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/11/01 03:30:47.0391 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/11/01 03:30:47.0422 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/01 03:30:47.0453 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/01 03:30:47.0469 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/11/01 03:30:47.0516 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/01 03:30:47.0531 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/01 03:30:47.0547 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/01 03:30:47.0562 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/11/01 03:30:47.0609 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/11/01 03:30:47.0656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/11/01 03:30:47.0687 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/11/01 03:30:47.0750 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/01 03:30:47.0765 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/01 03:30:47.0781 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/11/01 03:30:47.0812 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/11/01 03:30:47.0843 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/01 03:30:47.0874 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/11/01 03:30:47.0890 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/11/01 03:30:47.0952 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/01 03:30:47.0999 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/11/01 03:30:48.0030 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/01 03:30:48.0046 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/01 03:30:48.0093 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/01 03:30:48.0108 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/11/01 03:30:48.0140 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/01 03:30:48.0155 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/01 03:30:48.0218 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/01 03:30:48.0233 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/11/01 03:30:48.0280 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/01 03:30:48.0327 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/11/01 03:30:48.0358 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/01 03:30:48.0389 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/11/01 03:30:48.0467 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2010/11/01 03:30:48.0498 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/11/01 03:30:48.0530 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/11/01 03:30:48.0545 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/11/01 03:30:48.0608 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/11/01 03:30:48.0686 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2010/11/01 03:30:48.0701 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/11/01 03:30:48.0717 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2010/11/01 03:30:48.0764 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/11/01 03:30:48.0795 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/11/01 03:30:48.0826 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/01 03:30:48.0873 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/01 03:30:48.0951 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/01 03:30:48.0982 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/11/01 03:30:49.0029 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/01 03:30:49.0076 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/11/01 03:30:49.0122 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/01 03:30:49.0154 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/01 03:30:49.0185 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/01 03:30:49.0216 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/01 03:30:49.0232 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/01 03:30:49.0247 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/01 03:30:49.0294 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/01 03:30:49.0310 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/01 03:30:49.0341 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2010/11/01 03:30:49.0356 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/01 03:30:49.0403 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/11/01 03:30:49.0450 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/01 03:30:49.0528 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/01 03:30:49.0544 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/01 03:30:49.0575 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/01 03:30:49.0622 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/01 03:30:49.0668 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/01 03:30:49.0731 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2010/11/01 03:30:49.0762 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/11/01 03:30:49.0793 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/11/01 03:30:49.0824 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/01 03:30:49.0840 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/11/01 03:30:49.0856 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/11/01 03:30:49.0887 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/11/01 03:30:49.0902 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/11/01 03:30:49.0934 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/11/01 03:30:49.0980 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/11/01 03:30:50.0012 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/11/01 03:30:50.0058 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2010/11/01 03:30:50.0058 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/11/01 03:30:50.0074 sptd - detected Locked file (1)
2010/11/01 03:30:50.0105 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2010/11/01 03:30:50.0136 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/01 03:30:50.0168 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/01 03:30:50.0183 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/01 03:30:50.0230 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/01 03:30:50.0246 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/01 03:30:50.0277 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/01 03:30:50.0355 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2010/11/01 03:30:50.0402 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/01 03:30:50.0417 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/01 03:30:50.0448 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/11/01 03:30:50.0464 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/11/01 03:30:50.0495 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/01 03:30:50.0526 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/01 03:30:50.0573 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/01 03:30:50.0589 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/01 03:30:50.0620 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/01 03:30:50.0651 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/11/01 03:30:50.0682 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/01 03:30:50.0714 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/01 03:30:50.0745 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/11/01 03:30:50.0776 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/01 03:30:50.0792 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/01 03:30:50.0823 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/01 03:30:50.0885 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/01 03:30:50.0916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/01 03:30:50.0948 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/01 03:30:50.0963 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/01 03:30:51.0010 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/01 03:30:51.0041 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/01 03:30:51.0057 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/01 03:30:51.0088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/01 03:30:51.0135 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/01 03:30:51.0150 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/11/01 03:30:51.0182 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/11/01 03:30:51.0213 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/11/01 03:30:51.0228 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/11/01 03:30:51.0260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/11/01 03:30:51.0275 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/11/01 03:30:51.0291 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/11/01 03:30:51.0322 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/11/01 03:30:51.0353 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/01 03:30:51.0369 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 03:30:51.0400 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/01 03:30:51.0431 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/11/01 03:30:51.0462 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/01 03:30:51.0540 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/01 03:30:51.0587 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/01 03:30:51.0634 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/01 03:30:51.0681 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/01 03:30:51.0712 ================================================================================
2010/11/01 03:30:51.0712 Scan finished
2010/11/01 03:30:51.0712 ================================================================================
2010/11/01 03:30:51.0728 Detected object count: 2
2010/11/01 03:30:57.0578 Locked file(sptd) - User select action: Skip
2010/11/01 03:30:57.0624 \HardDisk0\MBR - will be cured after reboot
2010/11/01 03:30:57.0624 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/11/01 03:31:07.0842 Deinitialize success
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby AhF » November 1st, 2010, 3:32 pm

Post was too long. Here is the Uninstall List and MDRCheck.


Uninstall List:
AAA Logo Business Edition 3.10
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
ATI Catalyst Install Manager
ATI Catalyst Registration
AVG 2011
AVG 2011
AVG 2011
AVG PC Tuneup 2011
Battlefield: Bad Company™ 2
Catalyst Control Center - Branding
DarksidersInstaller
Dead Rising 2
Dead Rising 2
ERUNT 1.1j
Full Tilt Poker
Garena
Google Update Helper
HijackThis 2.0.2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn (Remove Only)
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
OpenOffice.org 3.2
PostgreSQL 8.4
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SUPERAntiSpyware
TeamViewer 5
The Lord of the Rings FREE Trial
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Vista Codec Package
VLC media player 1.1.4
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Youda Survivor BFG 1.00
Youda Sushi Chef
YouTube Downloader 2.6

MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: nVIDIA
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Unknow
System Product Name: Unknow
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 154):
0x81C4E000 \SystemRoot\system32\ntkrnlpa.exe
0x81C1B000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\System32\Drivers\spcw.sys
0x806FA000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80703000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80729000 \SystemRoot\system32\drivers\acpi.sys
0x8076F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80777000 \SystemRoot\system32\drivers\pci.sys
0x8079E000 \SystemRoot\System32\drivers\partmgr.sys
0x807AD000 \SystemRoot\system32\drivers\volmgr.sys
0x82202000 \SystemRoot\System32\drivers\volmgrx.sys
0x8224C000 \SystemRoot\system32\drivers\pciide.sys
0x82253000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82261000 \SystemRoot\System32\drivers\mountmgr.sys
0x82271000 \SystemRoot\system32\drivers\atapi.sys
0x82279000 \SystemRoot\system32\drivers\ataport.SYS
0x82297000 \SystemRoot\system32\drivers\fltmgr.sys
0x822C9000 \SystemRoot\system32\drivers\fileinfo.sys
0x822D9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A00A000 \SystemRoot\system32\drivers\ndis.sys
0x8A115000 \SystemRoot\system32\drivers\msrpc.sys
0x8A140000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A20A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A517000 \SystemRoot\system32\drivers\volsnap.sys
0x8A550000 \SystemRoot\System32\Drivers\spldr.sys
0x8A558000 \SystemRoot\System32\Drivers\mup.sys
0x8A567000 \SystemRoot\System32\drivers\ecache.sys
0x8A58E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8A5B2000 \SystemRoot\system32\drivers\disk.sys
0x8A5C3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5E4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5ED000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A5F2000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8A337000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A342000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A34B000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A35B000 \SystemRoot\system32\DRIVERS\serial.sys
0x8A375000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8A37F000 \SystemRoot\system32\DRIVERS\parport.sys
0x8A397000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A3AA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A3B5000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A3BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A17A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A189000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A1A1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E403000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8E503000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x8E607000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EC6B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ED0A000 \SystemRoot\System32\drivers\watchdog.sys
0x8ED17000 \SystemRoot\System32\Drivers\a80dt6gb.SYS
0x8ED50000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ED59000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ED87000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDC8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E53E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E561000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E570000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E584000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8234A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8E599000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDF5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E600000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E5A9000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E5D3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E5DD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A1B3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E5EA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x807BC000 \SystemRoot\system32\drivers\HdAudio.sys
0x823D3000 \SystemRoot\system32\drivers\portcls.sys
0x805D1000 \SystemRoot\system32\drivers\drmk.sys
0x8F008000 \SystemRoot\system32\drivers\AtihdLH3.sys
0x8F024000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8F030000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F039000 \SystemRoot\System32\Drivers\Null.SYS
0x8F040000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F047000 \SystemRoot\System32\drivers\vga.sys
0x8F053000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F074000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F07C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F084000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F08F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F09D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F0A6000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x8F0B7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F0CD000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F0E1000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x8F129000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F15B000 \SystemRoot\system32\drivers\afd.sys
0x8F1A3000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F1AC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F1C2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F1D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F601000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F623000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F629000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F665000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F66F000 \SystemRoot\system32\drivers\csc.sys
0x8F6C9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F6E0000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x8F71C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F733000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F735000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8F747000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F750000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F760000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F767000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F76F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F77C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F787000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8F78F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97E40000 \SystemRoot\System32\win32k.sys
0x8F7A0000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F7AA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98060000 \SystemRoot\System32\TSDDD.dll
0x98080000 \SystemRoot\System32\cdd.dll
0x8F7B9000 \SystemRoot\system32\drivers\luafv.sys
0x9C004000 \SystemRoot\system32\drivers\spsys.sys
0x9C0B3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9C0C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C0D6000 \SystemRoot\system32\drivers\HTTP.sys
0x9C143000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C160000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C179000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C18E000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C1AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D604000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D63D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D655000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D67D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D6CB000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9D6D2000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0x9D6DD000 \SystemRoot\system32\drivers\peauth.sys
0x9D7BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D7C5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9D7D1000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x9D7DB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9C1CD000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x8F7D4000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x9C1DF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77140000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 74):
0 System Idle Process
4 System
436 C:\Windows\System32\smss.exe
468 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
728 csrss.exe
800 C:\Windows\System32\wininit.exe
812 csrss.exe
852 C:\Windows\System32\services.exe
864 C:\Windows\System32\lsass.exe
872 C:\Windows\System32\lsm.exe
956 C:\Windows\System32\winlogon.exe
1076 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\atiesrxx.exe
1300 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\audiodg.exe
1492 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\SLsvc.exe
1572 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\atieclxx.exe
1788 C:\Windows\System32\svchost.exe
272 C:\Windows\System32\spoolsv.exe
312 C:\Windows\System32\taskeng.exe
456 C:\Windows\System32\dwm.exe
464 C:\Windows\System32\svchost.exe
516 C:\Windows\explorer.exe
704 C:\Windows\System32\taskeng.exe
2204 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2300 C:\Program Files\AVG\AVG10\avgtray.exe
2316 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2348 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2536 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2676 C:\Program Files\AVG\AVG10\avgfws.exe
2724 C:\Program Files\AVG\AVG10\avgwdsvc.exe
2776 C:\Windows\System32\svchost.exe
3148 C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
3168 C:\Windows\System32\svchost.exe
3196 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
3252 C:\Windows\System32\svchost.exe
3276 postgres.exe
3324 C:\Windows\System32\SearchIndexer.exe
3408 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
3492 postgres.exe
3500 postgres.exe
3508 postgres.exe
3516 postgres.exe
3560 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
3608 C:\Program Files\AVG\AVG10\avgam.exe
3632 C:\Program Files\AVG\AVG10\avgnsx.exe
3928 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3936 WUDFHost.exe
4080 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2952 C:\Program Files\AVG\AVG10\avgemcx.exe
2156 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3392 C:\Windows\System32\mobsync.exe
4692 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
4848 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
4860 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
4984 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
5724 C:\Windows\System32\wuauclt.exe
6080 C:\Windows\servicing\TrustedInstaller.exe
4448 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
5332 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
5212 C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
5840 WmiPrvSE.exe
5460 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
5512 C:\Program Files\AVG\AVG10\avgcsrvx.exe
4892 C:\Windows\System32\SearchProtocolHost.exe
4340 C:\Windows\System32\SearchFilterHost.exe
2484 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
4824 C:\Windows\System32\notepad.exe
3628 C:\Users\Joshua\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x0000002b`31ed3400 (NTFS)

PhysicalDrive1 Model Number: WDCWD5000AACS-00G8B1, Rev: 05.04C05
PhysicalDrive0 Model Number: ST3250620AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
AhF
Active Member
 
Posts: 9
Joined: October 28th, 2010, 12:52 am

Re: Redirected after search.

Unread postby Cypher » November 1st, 2010, 3:45 pm

Hi AhF.
It seems you failed to uninstall Microsoft Office Enterprise 2007.
Uninstall it now please then post new MGADiag log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected after search.

Unread postby Gary R » November 4th, 2010, 4:22 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware