Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware removal


  • Please log in to reply

#1
tostrye

tostrye

    Member

  • Member
  • PipPip
  • 17 posts
I get these pop-up ads all the time. heres the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 9:37:26 AM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tunebite\tunebite.exe
C:\PROGRA~1\WNSXS~1\alg.exe
C:\Documents and Settings\Oliver Clothesoff\Application Data\?asks\u?erinit.exe
C:\DOCUME~1\OLIVER~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Oliver Clothesoff\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9007264C-95FC-CB5D-FFEF-90FBF66329C7} - C:\WINDOWS\system32\cebrs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9007264C-95FC-CB5D-FFEF-90FBF66329C7} - C:\WINDOWS\system32\cebrs.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38D9D~1\Bar888.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38D9D~1\Bar888.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Program Files\ChrisTV Lite\ChrisTV_Agent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\Tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\WNSXS~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Brcpoot] "C:\Documents and Settings\Oliver Clothesoff\Application Data\?asks\u?erinit.exe" 99001122
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000046 (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T2xpdmVyIENsb3RoZXNvZmY\command.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

Advertisements


#2
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
tostrye,

Hi, and welcome back to Geeks to Go. I see you've been here before.

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com

* techsupportforum.com

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please post the combofix log and a new hijackthis log in your reply.

Thanks,

sari
  • 0

#3
tostrye

tostrye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:27:28 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\DOCUME~1\OLIVER~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PRISMSVC.EXE
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tunebite\tunebite.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Documents and Settings\Oliver Clothesoff\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {A63121E8-9405-9BF3-5D55-9B1BC8704291} - C:\WINDOWS\system32\vfdyd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A63121E8-9405-9BF3-5D55-9B1BC8704291} - C:\WINDOWS\system32\vfdyd.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38D9D~1\Bar888.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38D9D~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Program Files\ChrisTV Lite\ChrisTV_Agent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\Tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\WNSXS~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Brcpoot] "C:\Documents and Settings\Oliver Clothesoff\Application Data\?asks\u?erinit.exe" 99001122
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O20 - Winlogon Notify: PRISMAPI.DLL - C:\WINDOWS\SYSTEM32\PRISMAPI.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000046 (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe






Oliver Clothesoff - 07-02-08 13:21:41.98 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Oliver Clothesoff\Desktop"

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))




* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wnsintsv.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Inetget2
C:\Program Files\Common Files\{38D9DC5C-0C78-1033-0331-060506210001}
C:\WINDOWS\T2xpdmVyIENsb3RoZXNvZmY
C:\Program Files\Common Files\{78D9DC5C-0C78-1033-0331-060506210001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\WNSXS~1\alg.exe
C:\QooBox\Purity\Program Files\WNSXS~1\W?nSxS
C:\QooBox\Purity\WINDOWS\ASKS~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


2007-02-07 23:19 60,416 --a------ C:\WINDOWS\system32\vfdyd.dll
2007-02-04 22:56 36,864 --a------ C:\WINDOWS\system32\svchosts.exe
2007-02-04 22:56 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-08 13:24 -------- d-------- C:\Program Files\Common Files
2007-02-08 13:23 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\uTorrent
2007-02-08 13:20 -------- d-------- C:\Program Files\Mozilla Thunderbird
2007-02-08 13:20 -------- d-------- C:\Program Files\Mozilla Firefox
2007-02-08 13:18 -------- d-------- C:\Program Files\DC++
2007-02-08 00:24 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\dvdcss
2007-02-07 00:08 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\çasks
2007-02-06 20:03 -------- d-------- C:\Program Files\Ipwindows
2007-02-05 17:37 -------- d-------- C:\Program Files\Common Files\ouqq
2007-02-05 16:37 -------- d-------- C:\Program Files\City of Heroes
2007-02-05 02:24 -------- d-------- C:\Program Files\Outerinfo
2007-02-04 22:40 -------- d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2007-02-04 22:40 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2007-02-04 22:40 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\SmartFTP
2007-02-04 11:31 -------- d-------- C:\Program Files\Project64 1.6
2007-02-02 15:44 -------- d-------- C:\Program Files\tunebite
2007-02-02 15:44 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\RTPlayer
2007-02-02 15:40 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\tunebite
2007-01-29 23:43 -------- d-------- C:\Program Files\Winamp
2007-01-29 22:26 -------- d-------- C:\Program Files\Windows Media Player
2007-01-29 21:51 -------- d-------- C:\Program Files\Windows Media Connect 2
2007-01-26 21:11 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\Adobe
2007-01-24 19:42 -------- d-------- C:\Documents and Settings\Oliver Clothesoff\Application Data\U3
2007-01-14 09:07 -------- d-------- C:\Program Files\Cisco Systems
2007-01-09 16:18 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-09 16:17 -------- d-------- C:\Program Files\AltoMP3 Gold
2007-01-09 16:14 -------- d-------- C:\Program Files\XVideoConverter
2007-01-04 13:17 -------- d-------- C:\Program Files\Java
2006-12-25 13:46 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-25 13:38 -------- d-------- C:\Program Files\Maxis
2006-12-23 15:59 -------- d-------- C:\Program Files\Bonjour
2006-12-23 15:58 -------- d-------- C:\Program Files\Kodak
2006-12-23 15:57 -------- d-------- C:\Program Files\Common Files\Kodak
2006-12-20 16:01 -------- d-------- C:\Program Files\allTunes
2006-12-14 00:24 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 00:24 -------- d-------- C:\Program Files\Common Files\System
2006-11-16 10:33 3814 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"tunebite.exe"="C:\\Program Files\\Tunebite\\tunebite.exe -hidden"
"Sen"="\"C:\\PROGRA~1\\WNSXS~1\\alg.exe\" -vt yazb"
"Brcpoot"="\"C:\\Documents and Settings\\Oliver Clothesoff\\Application Data\\?asks\\u?erinit.exe\" 99001122"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"MBMon"="Rundll32 CTMBHA.DLL,MBMon"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"ChrisTV Agent"="\"C:\\Program Files\\ChrisTV Lite\\ChrisTV_Agent.exe\""
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"SigmatelSysTrayApp"="stsystra.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bluetooth Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TosBtMng.exe "
"item"="Bluetooth Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Wireless USB 2.0 WLAN Card Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DELLWI~1\\PRISMCFG.exe /START"
"item"="Wireless USB 2.0 WLAN Card Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Oliver Clothesoff^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Oliver Clothesoff\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QBReminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Intuit\\QuickBooks 2005\\Atom\\QBReminder.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService
Completion time: 07-02-08 13:24:13.84
C:\ComboFix.txt ... 07-02-08 13:24
C:\ComboFix2.txt ... 06-11-18 17:29
C:\ComboFix3.txt ... 06-11-18 17:28
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\WNSXS~1\alg.exe
C:\QooBox\Purity\Program Files\WNSXS~1\W?nSxS
C:\QooBox\Purity\WINDOWS\ASKS~1


((((((((((((((((((((((((((((((( Files Created from 2002-07-07 to 2002/08/2007 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2012/25/2006 01:46 PM 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2012/22/2004 06:58 AM 8704 --a------ C:\WINDOWS\system32\drivers\PFMODNT.SYS
2011/11/2005 09:34 PM 353728 --a------ C:\WINDOWS\system32\drivers\PRISMA02.sys
2011/03/2005 03:00 AM 2560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2011/03/2005 03:00 AM 2432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011/02/2006 10:33 AM 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2011/02/2005 03:47 PM 10368 -ra------ C:\WINDOWS\system32\drivers\pfc.sys
2011/02/2004 02:12 PM 19456 --a------ C:\WINDOWS\system32\drivers\iqvw32.sys
2010/25/2005 06:39 PM 27264 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2010/25/2005 06:39 PM 143104 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2010/18/2006 08:00 PM 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2010/16/2006 11:11 AM 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2010/14/2004 08:30 PM 155648 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2010/11/2005 11:04 PM 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2009/29/2004 05:28 PM 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2009/28/2006 07:00 PM 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
2009/28/2006 06:55 PM 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
2009/22/2004 05:41 PM 20608 --a------ C:\WINDOWS\system32\drivers\emAudio.sys
2009/21/2006 02:21 PM 112128 --a------ C:\WINDOWS\system32\drivers\tosrfbd.sys
2009/18/2006 11:54 AM 16640 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2009/14/2005 05:01 PM 824512 -ra------ C:\WINDOWS\system32\drivers\hcwPVRP2.sys
2009/11/2006 09:17 AM 53248 --a------ C:\WINDOWS\system32\drivers\tosrfsnd.sys
2009/10/2004 06:00 AM 84064 --a------ C:\WINDOWS\system32\drivers\sentinel.sys
2009/10/1999 06:06 AM 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2009/09/2006 04:31 AM 30988 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2009/09/2005 02:47 PM 9344 --a------ C:\WINDOWS\system32\drivers\tosrfec.sys
2009/07/2006 10:37 AM 40192 --a------ C:\WINDOWS\system32\drivers\tosrfusb.sys
2008/27/2006 03:41 AM 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2008/26/2006 08:03 PM 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2008/24/2006 10:47 PM 36528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008/21/2006 04:14 AM 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2008/18/2006 02:08 PM 46336 --a------ C:\WINDOWS\system32\drivers\tosporte.sys
2008/17/2001 12:59 PM 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008/17/2001 12:58 PM 35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008/17/2001 12:52 PM 7680 --a------ C:\WINDOWS\system32\drivers\cd20xrnt.sys
2008/17/2001 12:52 PM 49024 --a------ C:\WINDOWS\system32\drivers\ql1280.sys
2008/17/2001 12:52 PM 45312 --a------ C:\WINDOWS\system32\drivers\ql12160.sys
2008/17/2001 12:52 PM 40448 --a------ C:\WINDOWS\system32\drivers\ql1240.sys
2008/17/2001 12:52 PM 40320 --a------ C:\WINDOWS\system32\drivers\ql1080.sys
2008/17/2001 12:52 PM 36736 --a------ C:\WINDOWS\system32\drivers\ultra.sys
2008/17/2001 12:52 PM 33152 --a------ C:\WINDOWS\system32\drivers\ql10wnt.sys
2008/17/2001 12:52 PM 26496 --a------ C:\WINDOWS\system32\drivers\asc.sys
2008/17/2001 12:52 PM 23552 --a------ C:\WINDOWS\system32\drivers\ABP480N5.SYS
2008/17/2001 12:52 PM 22400 --a------ C:\WINDOWS\system32\drivers\asc3350p.sys
2008/17/2001 12:52 PM 179584 --a------ C:\WINDOWS\system32\drivers\dac2w2k.sys
2008/17/2001 12:52 PM 17280 --a------ C:\WINDOWS\system32\drivers\mraid35x.sys
2008/17/2001 12:52 PM 16000 --a------ C:\WINDOWS\system32\drivers\ini910u.sys
2008/17/2001 12:52 PM 14976 --a------ C:\WINDOWS\system32\drivers\cpqarray.sys
2008/17/2001 12:52 PM 14720 --a------ C:\WINDOWS\system32\drivers\dac960nt.sys
2008/17/2001 12:52 PM 13952 --a------ C:\WINDOWS\system32\drivers\cbidf2k.sys
2008/17/2001 12:52 PM 12800 --a------ C:\WINDOWS\system32\drivers\aha154x.sys
2008/17/2001 12:52 PM 125056 --a------ C:\WINDOWS\system32\drivers\ftdisk.sys
2008/17/2001 12:52 PM 12032 --a------ C:\WINDOWS\system32\drivers\amsint.sys
2008/17/2001 12:51 PM 6656 --a------ C:\WINDOWS\system32\drivers\cmdide.sys
2008/17/2001 12:51 PM 5248 --a------ C:\WINDOWS\system32\drivers\aliide.sys
2008/17/2001 12:51 PM 4992 --a------ C:\WINDOWS\system32\drivers\toside.sys
2008/17/2001 12:51 PM 3328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2008/17/2001 12:51 PM 14848 --a------ C:\WINDOWS\system32\drivers\asc3550.sys
2008/17/2001 12:48 PM 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008/17/2001 12:46 PM 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008/17/2001 01:07 PM 56960 --a------ C:\WINDOWS\system32\drivers\aic78xx.sys
2008/17/2001 01:07 PM 55168 --a------ C:\WINDOWS\system32\drivers\aic78u2.sys
2008/17/2001 01:07 PM 5504 --a------ C:\WINDOWS\system32\drivers\perc2hib.sys
2008/17/2001 01:07 PM 32640 --a------ C:\WINDOWS\system32\drivers\symc8xx.sys
2008/17/2001 01:07 PM 30688 --a------ C:\WINDOWS\system32\drivers\sym_u3.sys
2008/17/2001 01:07 PM 28384 --a------ C:\WINDOWS\system32\drivers\sym_hi.sys
2008/17/2001 01:07 PM 27296 --a------ C:\WINDOWS\system32\drivers\perc2.sys
2008/17/2001 01:07 PM 25952 --a------ C:\WINDOWS\system32\drivers\hpn.sys
2008/17/2001 01:07 PM 20192 --a------ C:\WINDOWS\system32\drivers\dpti2o.sys
2008/17/2001 01:07 PM 19072 --a------ C:\WINDOWS\system32\drivers\sparrow.sys
2008/17/2001 01:07 PM 16256 --a------ C:\WINDOWS\system32\drivers\symc810.sys
2008/17/2001 01:07 PM 101888 --a------ C:\WINDOWS\system32\drivers\adpu160m.sys
2008/17/2001 01:02 PM 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008/17/2001 01:00 PM 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008/16/2006 04:37 AM 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008/15/2005 11:08 AM 5888 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008/15/2005 11:08 AM 127488 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008/14/2006 05:34 AM 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2008/12/2004 04:45 PM 137728 --------- C:\WINDOWS\system32\drivers\Hdaudbus.sys
2008/12/2004 04:45 PM 113664 --------- C:\WINDOWS\system32\drivers\Hdaudio.sys
2008/04/2005 03:10 AM 1273344 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008/04/2004 12:01 AM 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008/04/2004 04:00 AM 96256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2008/04/2004 04:00 AM 9600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys
2008/04/2004 04:00 AM 92032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2008/04/2004 04:00 AM 91776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2008/04/2004 04:00 AM 88448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008/04/2004 04:00 AM 8832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys
2008/04/2004 04:00 AM 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2008/04/2004 04:00 AM 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2008/04/2004 04:00 AM 79744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2008/04/2004 04:00 AM 7936 --a------ C:\WINDOWS\system32\drivers\fs_rec.sys
2008/04/2004 04:00 AM 7680 --a------ C:\WINDOWS\system32\drivers\mcd.sys
2008/04/2004 04:00 AM 74752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2008/04/2004 04:00 AM 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2008/04/2004 04:00 AM 71552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2008/04/2004 04:00 AM 71040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2008/04/2004 04:00 AM 69120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2008/04/2004 04:00 AM 6784 --a------ C:\WINDOWS\system32\drivers\parvdm.sys
2008/04/2004 04:00 AM 67584 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2008/04/2004 04:00 AM 66176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2008/04/2004 04:00 AM 64896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2008/04/2004 04:00 AM 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2008/04/2004 04:00 AM 63744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2008/04/2004 04:00 AM 63232 --a------ C:\WINDOWS\system32\drivers\nwlnknb.sys
2008/04/2004 04:00 AM 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2008/04/2004 04:00 AM 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2008/04/2004 04:00 AM 59904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2008/04/2004 04:00 AM 5888 --a------ C:\WINDOWS\system32\drivers\rootmdm.sys
2008/04/2004 04:00 AM 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys
2008/04/2004 04:00 AM 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2008/04/2004 04:00 AM 574592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2008/04/2004 04:00 AM 55936 --a------ C:\WINDOWS\system32\drivers\nwlnkspx.sys
2008/04/2004 04:00 AM 55936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2008/04/2004 04:00 AM 52736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008/04/2004 04:00 AM 52352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2008/04/2004 04:00 AM 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2008/04/2004 04:00 AM 51328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2008/04/2004 04:00 AM 49664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2008/04/2004 04:00 AM 49536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2008/04/2004 04:00 AM 48384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2008/04/2004 04:00 AM 4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2008/04/2004 04:00 AM 4352 --a------ C:\WINDOWS\system32\drivers\wmilib.sys
2008/04/2004 04:00 AM 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2008/04/2004 04:00 AM 42240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2008/04/2004 04:00 AM 4224 --a------ C:\WINDOWS\system32\drivers\rdpcdd.sys
2008/04/2004 04:00 AM 4224 --a------ C:\WINDOWS\system32\drivers\mnmdd.sys
2008/04/2004 04:00 AM 4224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008/04/2004 04:00 AM 41856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2008/04/2004 04:00 AM 41472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2008/04/2004 04:00 AM 40320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2008/04/2004 04:00 AM 38016 --a------ C:\WINDOWS\system32\drivers\ndproxy.sys
2008/04/2004 04:00 AM 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2008/04/2004 04:00 AM 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2008/04/2004 04:00 AM 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2008/04/2004 04:00 AM 36352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2008/04/2004 04:00 AM 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008/04/2004 04:00 AM 36096 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2008/04/2004 04:00 AM 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2008/04/2004 04:00 AM 352256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys
2008/04/2004 04:00 AM 35072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2008/04/2004 04:00 AM 34944 --a------ C:\WINDOWS\system32\drivers\fips.sys
2008/04/2004 04:00 AM 34560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2008/04/2004 04:00 AM 34560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2008/04/2004 04:00 AM 3456 --a------ C:\WINDOWS\system32\drivers\oprghdlr.sys
2008/04/2004 04:00 AM 34432 --a------ C:\WINDOWS\system32\drivers\rawwan.sys
2008/04/2004 04:00 AM 3328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys
2008/04/2004 04:00 AM 32896 --a------ C:\WINDOWS\system32\drivers\ipfltdrv.sys
2008/04/2004 04:00 AM 32512 --a------ C:\WINDOWS\system32\drivers\nwlnkfwd.sys
2008/04/2004 04:00 AM 31360 --a------ C:\WINDOWS\system32\drivers\atmepvc.sys
2008/04/2004 04:00 AM 30848 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2008/04/2004 04:00 AM 30080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2008/04/2004 04:00 AM 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2008/04/2004 04:00 AM 2944 --a------ C:\WINDOWS\system32\drivers\null.sys
2008/04/2004 04:00 AM 29056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2008/04/2004 04:00 AM 27392 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2008/04/2004 04:00 AM 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2008/04/2004 04:00 AM 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2008/04/2004 04:00 AM 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008/04/2004 04:00 AM 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2008/04/2004 04:00 AM 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2008/04/2004 04:00 AM 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2008/04/2004 04:00 AM 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2008/04/2004 04:00 AM 20992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2008/04/2004 04:00 AM 20992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys
2008/04/2004 04:00 AM 209408 --a------ C:\WINDOWS\system32\drivers\update.sys
2008/04/2004 04:00 AM 20480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2008/04/2004 04:00 AM 19072 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2008/04/2004 04:00 AM 187776 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2008/04/2004 04:00 AM 18688 --a------ C:\WINDOWS\system32\drivers\partmgr.sys
2008/04/2004 04:00 AM 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2008/04/2004 04:00 AM 18560 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2008/04/2004 04:00 AM 182912 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2008/04/2004 04:00 AM 181248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2008/04/2004 04:00 AM 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys
2008/04/2004 04:00 AM 16512 --a------ C:\WINDOWS\system32\drivers\raspti.sys
2008/04/2004 04:00 AM 162816 --a------ C:\WINDOWS\system32\drivers\netbt.sys
2008/04/2004 04:00 AM 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2008/04/2004 04:00 AM 15488 --a------ C:\WINDOWS\system32\drivers\serenum.sys
2008/04/2004 04:00 AM 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2008/04/2004 04:00 AM 14976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2008/04/2004 04:00 AM 14592 --a------ C:\WINDOWS\system32\drivers\smclib.sys
2008/04/2004 04:00 AM 143360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys
2008/04/2004 04:00 AM 14336 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys
2008/04/2004 04:00 AM 14208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys
2008/04/2004 04:00 AM 138496 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008/04/2004 04:00 AM 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2008/04/2004 04:00 AM 12672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2008/04/2004 04:00 AM 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2008/04/2004 04:00 AM 12416 --a------ C:\WINDOWS\system32\drivers\nwlnkflt.sys
2008/04/2004 04:00 AM 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2008/04/2004 04:00 AM 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2008/04/2004 04:00 AM 12032 --a------ C:\WINDOWS\system32\drivers\ws2ifsl.sys
2008/04/2004 04:00 AM 12032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys
2008/04/2004 04:00 AM 12032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys
2008/04/2004 04:00 AM 12032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys
2008/04/2004 04:00 AM 119936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2008/04/2004 04:00 AM 11776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys
2008/04/2004 04:00 AM 11648 --a------ C:\WINDOWS\system32\drivers\acpiec.sys
2008/04/2004 04:00 AM 11392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys
2008/04/2004 04:00 AM 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008/04/2004 04:00 AM 11136 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys
2008/04/2004 04:00 AM 107904 --a------ C:\WINDOWS\system32\drivers\mup.sys
2008/04/2004 04:00 AM 10496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2008/04/2004 04:00 AM 10240 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys
2008/03/2004 11:15 PM 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2008/03/2004 11:10 PM 59648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2008/03/2004 11:10 PM 274304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008/03/2004 11:10 PM 18944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008/03/2004 11:10 PM 17024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2008/03/2004 11:08 PM 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008/03/2004 11:08 PM 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2008/03/2004 10:58 PM 100992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008/03/2004 10:15 PM 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008/03/2004 10:10 PM 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008/03/2004 10:10 PM 61056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008/03/2004 10:10 PM 53248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008/03/2004 10:10 PM 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008/03/2004 10:10 PM 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008/03/2004 10:10 PM 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008/03/2004 10:10 PM 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008/03/2004 10:10 PM 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008/03/2004 10:08 PM 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008/03/2004 10:08 PM 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008/03/2004 10:08 PM 26496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2008/03/2004 10:08 PM 20480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2008/03/2004 10:07 PM 68224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2008/03/2004 10:07 PM 59264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008/03/2004 10:07 PM 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008/03/2004 10:07 PM 44928 --a------ C:\WINDOWS\system32\drivers\AGPCPQ.SYS
2008/03/2004 10:07 PM 43008 --a------ C:\WINDOWS\system32\drivers\AMDAGP.SYS
2008/03/2004 10:07 PM 42752 --a------ C:\WINDOWS\system32\drivers\ALIM1541.SYS
2008/03/2004 10:07 PM 42368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008/03/2004 10:07 PM 42240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2008/03/2004 10:07 PM 41088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2008/03/2004 10:07 PM 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008/03/2004 10:07 PM 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2008/03/2004 10:01 PM 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008/03/2004 10:01 PM 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008/03/2004 10:00 PM 8192 --a------ C:\WINDOWS\system32\drivers\i2omgmt.sys
2008/03/2004 10:00 PM 18560 --a------ C:\WINDOWS\system32\drivers\i2omp.sys
2008/03/2004 09:59 PM 95360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2008/03/2004 09:59 PM 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008/03/2004 09:59 PM 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008/03/2004 09:59 PM 5376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2008/03/2004 09:59 PM 25088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2008/03/2004 09:58 PM 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008/03/2004 09:58 PM 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008/03/2004 09:58 PM 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008/03/2004 09:58 PM 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008/03/2004 09:58 PM 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2008/03/2004 09:58 PM 24576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008/03/2004 09:58 PM 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008/03/2004 09:58 PM 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008/03/2004 09:58 PM 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008/03/2004 09:29 PM 1897408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008/01/2005 04:45 PM 64896 --a------ C:\WINDOWS\system32\drivers\tosrfcom.sys
2008/01/2002 09:53 PM 160672 --a------ C:\WINDOWS\system32\drivers\tosrfpcc.sys
2007/14/2006 02:03 PM 14448 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2007/13/2006 03:48 AM 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2007/11/2005 06:58 PM 3712 --a------ C:\WINDOWS\system32\drivers\toshidpt.sys
2007/01/2003 12:52 PM 16320 --a------ C:\WINDOWS\system32\drivers\tostrans.sys
2006/14/2006 04:00 AM 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006/14/2006 03:47 AM 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006/14/2006 03:47 AM 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006/09/2005 11:09 PM 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006/06/2005 03:40 AM 180736 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2005/29/2006 01:11 PM 60672 --a------ C:\WINDOWS\system32\drivers\tosrfhid.sys
2005/25/2005 04:34 AM 158464 --a------ C:\WINDOWS\system32\drivers\CTUSFSYN.SYS
2005/07/2003 02:54 PM 8960 --a------ C:\WINDOWS\system32\drivers\usbbc2.sys
2005/05/2006 04:47 AM 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2005/05/2006 04:41 AM 453120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2004/25/2005 09:08 AM 168576 --a------ C:\WINDOWS\system32\drivers\emDevice.sys
2004/20/2006 06:51 AM 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2004/11/2005 09:50 AM 5248 --a------ C:\WINDOWS\system32\drivers\emFilter.sys
2004/11/2005 09:50 AM 5120 --a------ C:\WINDOWS\system32\drivers\emScan.sys
2004/07/2003 09:52 PM 21120 --a------ C:\WINDOWS\system32\drivers\tosbtsd2.sys
2003/24/2005 09:11 PM 1350272 --a------ C:\WINDOWS\system32\drivers\sigfilt.sys
2003/20/2006 03:52 PM 49664 --a------ C:\WINDOWS\system32\drivers\tosdbt.sys
2003/16/2006 10:45 AM 37632 --a------ C:\WINDOWS\system32\drivers\tosrfbnp.sys
2003/16/2006 07:33 PM 262784 --a------ C:\WINDOWS\system32\drivers\http.sys
2003/16/2004 10:58 AM 136960 --a------ C:\WINDOWS\system32\drivers\portcls.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Rootkey: 'AA.TXT'


Unknown Root
  • 0

#4
sari

sari

    GeekU Admin

  • Administrator
  • 21,803 posts
  • MVP
tostrye,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

I'd like you to delete the existing combofix you have and download and run it again - it didn't work quite right. Please delete C:\Documents and Settings\Oliver Clothesoff\Desktop.

1. Download ComboFix.exe using either of these links, and save it to your c:\drive - it should be at c:\combofix.exe:

* bleepingcomputer.com

* techsupportforum.com

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I need the sdfix report, the combofix log, and a new hijackthis log in your reply.

Thanks,

sari
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP