Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojans/Spyware trouble on XP computer

Started by Georgex , Jul 23 2010 10:09 AM

This topic is locked

#16
hammerman

Posted 27 July 2010 - 12:19 PM

Member 4k

Member
4,183 posts

Hi,

The OTL fix didn't run correctly. I suspect the first ":" character didn't get copied across.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

Then...

Please do an online scan with Kaspersky WebScanner

Click on Accept

You may be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on Settings
In the scan settings, select the following:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan spyware, adware, diallers and other riskware
Scan Archives
Scan E-mail databases
Click Save
Now under ScanSelect My Computer
This will start the scanning of your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on View Report and then Save Report
Save the file to your desktop as a text file.
Copy and paste that information in your next post.

Edited by hammerman, 27 July 2010 - 12:21 PM.

#17
Georgex

Posted 27 July 2010 - 04:27 PM

Member

Topic Starter
Member
36 posts

Hi,

here is a new OTL scan with the : included. Sorry I missed that...

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bill
->Temp folder emptied: 876698 bytes
->Temporary Internet Files folder emptied: 8456460 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 593 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16065 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 98181416 bytes

Total Files Cleaned = 103.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default User

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService

User: Melody
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07272010_181942

Files\Folders moved on Reboot...
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\Z4KTR1OX\like[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\Z4KTR1OX\like[2].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\Y7Q0LCND\like[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\WNXN931U\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\HNBA60Q2\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

--------- -------------------- -------------------- -------------------- -------------------- -----------
--------- -------------------- -------------------- -------------------- -------------------- -----------
Kapersky report...

KASPERSKY ONLINE SCANNER 7.0: scan reportKASPERSKY ONLINE SCANNER 7.0:
scan report
Tuesday, July 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build
2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, July 27, 2010 08:05:37
Records in database: 4196059

Scan settings
scan using the following databaseextended
Scan archivesyes
Scan e-mail databasesyes

Scan areaMy Computer
A:\
C:\
D:\
E:\

Scan statistics
Objects scanned89084
Threats found0
Infected objects found0
Suspicious objects found0
Scan duration02:53:07

No threats found. Scanned area is clean.
Selected area has been scanned.

Edited by Georgex, 27 July 2010 - 08:24 PM.

#18
hammerman

Posted 27 July 2010 - 11:14 PM

Member 4k

Member
4,183 posts

Hi,

Can you give me an update on how your computer's running.

#19
Georgex

Posted 28 July 2010 - 06:20 AM

Member

Topic Starter
Member
36 posts

Hi,

Outlook 2007 opens fine, and I can surf to geekstogo without any other redirect windows opening. I can also surf the net ok (get to google sci.tech news, for example).

However, even after uninstalling/reinstalling Avast successfully and running a scan with no viruses detected, I cannot get it to update! I checked all settings against another computer that has been running avast successfully for months and updating daily, and have a perfect match.

I just registered avast, even though not promted to yet, but that made no difference (didnt reboot after registering yet).

What happens is that I get a message saying avast didnt update and to manually do it, but when I do, it simply tells me error connecting to the server, continuously.

Any thoughts? This computer had AVG before and that didnt stop it from getting infected, and so I would like to try it with Avast. The Avast mail plug in splash screen even pops open when I open Outlook 2007 mail, so it seems to have installed all the way.

#20
hammerman

Posted 28 July 2010 - 06:32 AM

Member 4k

Member
4,183 posts

Hi,

Back later - work has intervened

#21
hammerman

Posted 28 July 2010 - 02:03 PM

Member 4k

Member
4,183 posts

Hi,

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files
ipconfig flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
This fix will produce a report. Please add this to your reply.

Then..

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

Are you able to update Avast now?

#22
Georgex

Posted 28 July 2010 - 02:47 PM

Member

Topic Starter
Member
36 posts

Hi,

Below is the latest custom scans/fix. from OTL.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig flushdns /c >
Error: unrecongnized or incomplete command line.
USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IP address for the specified adapter.
/renew Renew the IP address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\cmd.bat deleted successfully.
C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bill
->Temp folder emptied: 107350774 bytes
->Temporary Internet Files folder emptied: 6392479 bytes
->Java cache emptied: 133227 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 593 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Melody
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16065 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 109.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Bill
->Flash cache emptied: 0 bytes

User: Default User

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService

User: Melody
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.1 log created on 07282010_164229

Files\Folders moved on Reboot...
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\WV8MXWSE\like[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\WV8MXWSE\page__st__15[2].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\ONBCFA1R\like[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\E5LV45SK\like[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\E5LV45SK\page__st__15[1].htm moved successfully.
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

------- ---------- ------- ---------- ------- ----------
------- ---------- ------- ---------- ------- ----------
And here is the OTL runfix after the scan fix paste and reboot with log file....

OTL logfile created on: 7/28/2010 4:47:49 PM - Run 5
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 461.00 Mb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): D:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 87.45 Gb Free Space | 80.54% Space Free | Partition Type: NTFS
Drive D: | 37.05 Gb Total Space | 34.05 Gb Free Space | 91.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BR-95QW6B1
Current User Name: Bill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Linksys)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\DOCUME~1\Bill\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2010/03/27 12:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2010/07/22 16:03:40 | 000,000,000 | ---D | M]

[2006/11/02 10:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\extensions
[2008/09/01 22:07:05 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\searchplugins\siteadvisor.gif
[2008/09/01 22:07:05 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\ga8o288o.default\searchplugins\siteadvisor.src
[2010/07/25 21:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/02 10:36:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/25 21:33:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/09/24 21:15:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2008/09/30 15:28:15 | 000,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2008/09/30 15:28:15 | 000,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2008/09/30 15:28:16 | 000,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/11/18 00:33:49 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2008/11/18 00:33:49 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2008/11/18 00:33:48 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/25 21:32:55 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/30 17:35:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/30 15:28:25 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2008/09/30 15:28:25 | 000,000,741 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.src
[2008/09/30 15:28:25 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2008/09/30 15:28:25 | 000,000,539 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.src
[2008/09/30 15:28:25 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2008/09/30 15:28:25 | 000,001,007 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.src
[2008/09/30 15:28:25 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2008/09/30 15:28:25 | 000,001,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.src
[2008/09/30 15:28:25 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2008/09/30 15:28:25 | 000,000,733 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.src
[2008/09/30 15:28:25 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif
[2008/09/30 15:28:25 | 000,001,122 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2010/07/28 16:42:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://toysrus.webe...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/26 18:55:06 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/07/26 18:55:06 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/07/26 18:55:05 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/07/26 18:55:03 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/07/26 18:55:02 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/07/26 18:55:02 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/07/26 18:55:01 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/07/26 18:54:46 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/07/26 18:54:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/07/25 21:33:07 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 21:33:07 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 21:33:07 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 21:22:07 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/07/25 18:56:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/25 18:56:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe
[2010/07/25 18:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\combofix marraige
[2010/07/25 12:42:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/25 12:40:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/25 12:40:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/25 12:40:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/25 12:39:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/24 22:19:12 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/07/24 22:19:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/07/24 22:11:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow RegCleaner
[2010/07/23 15:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\TweakNow RegCleaner
[2010/07/23 13:30:21 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/07/23 11:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\George 7.2010 troubleshooting folder
[2010/07/22 19:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/22 16:38:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/07/22 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/22 16:03:40 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/22 13:16:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 13:16:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 13:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/22 11:18:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/21 22:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Desktop\index.php_files
[2010/07/21 21:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/07/21 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Application Data\GlarySoft
[2010/07/21 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Registry Repair
[2010/07/21 18:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/07/21 18:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/07/21 16:22:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/07/16 07:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 07:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/14 19:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/14 18:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 16:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/28 08:35:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bill\My Documents\cache
[2010/06/26 00:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/06/26 00:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/26 00:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/26 00:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft Help
[2010/06/26 00:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/06/26 00:00:43 | 000,000,000 | R--D | C] -- C:\MSOCache
[2006/07/24 09:41:19 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

========== Files - Modified Within 90 Days ==========

[2010/07/28 16:44:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 16:44:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 16:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 16:44:08 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 16:43:29 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Bill\ntuser.dat
[2010/07/28 16:43:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Bill\ntuser.ini
[2010/07/28 16:42:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/28 08:24:37 | 005,891,362 | -H-- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db
[2010/07/26 18:55:06 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/26 18:55:02 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/26 17:46:09 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\setup_av_free.exe
[2010/07/25 22:36:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/25 21:32:54 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/25 21:32:54 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/25 21:32:54 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/25 21:32:54 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/25 21:32:54 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/25 21:22:07 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\Bill\Desktop\jre-6u21-windows-i586.exe
[2010/07/25 18:56:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bill\Desktop\TFC.exe
[2010/07/25 18:43:40 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/25 12:42:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/23 11:45:37 | 000,012,443 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\alureon.h removal - Tech Support Guy Forums.url
[2010/07/22 19:10:17 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 13:16:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 12:53:35 | 000,000,707 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/22 12:53:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/22 11:18:16 | 000,000,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100722-191435.backup
[2010/07/21 22:05:59 | 000,153,522 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\index.php.htm
[2010/07/21 18:13:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/21 18:11:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 17:21:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\prvlcl.dat
[2010/07/21 16:59:30 | 000,470,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/21 16:59:30 | 000,402,426 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 16:59:30 | 000,062,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 15:08:38 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/14 16:22:08 | 002,004,649 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/07/07 21:05:56 | 000,019,602 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\CE Requirements for 220.docx
[2010/07/06 17:28:22 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Copy of June 10 Cypress Creek.xls
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 10:01:00 | 011,188,224 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Taleo Training for Stores - Manager WebTop.ppt
[2010/06/27 19:56:31 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/27 19:55:29 | 000,078,328 | ---- | M] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/26 12:30:22 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/22 00:48:08 | 000,691,712 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\RAFFIC CRASH PROBLEM.doc
[2010/06/22 00:48:08 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Bill\My Documents\~$FFIC CRASH PROBLEM.doc
[2010/06/19 08:36:38 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Elder Meeting Minutes.doc
[2010/06/18 09:05:57 | 000,003,350 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/06/14 23:32:19 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\Loretta.doc
[2010/05/21 16:03:02 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\Member%20Services[1].doc
[2010/05/09 22:18:05 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Bill\My Documents\spider.sav
[2010/05/08 10:26:46 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\public talk.doc
[2010/05/05 12:42:04 | 000,403,456 | ---- | M] () -- C:\Documents and Settings\Bill\Desktop\BRsconcept2.doc

========== Files Created - No Company Name ==========

[2010/07/26 18:55:06 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/07/26 17:46:07 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\setup_av_free.exe
[2010/07/25 12:42:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/25 12:42:37 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/25 12:40:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/25 12:40:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/25 12:40:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/24 22:19:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/22 22:01:34 | 000,012,443 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\alureon.h removal - Tech Support Guy Forums.url
[2010/07/22 19:10:17 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Spybot - Search & Destroy.lnk
[2010/07/22 13:16:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 22:05:58 | 000,153,522 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\index.php.htm
[2010/07/21 15:08:38 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/17 04:33:31 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/10 21:37:13 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\Bill\ntuser.dat
[2010/07/07 21:05:55 | 000,019,602 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\CE Requirements for 220.docx
[2010/07/04 15:09:52 | 000,117,760 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Copy of June 10 Cypress Creek.xls
[2010/06/28 10:01:00 | 011,188,224 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Taleo Training for Stores - Manager WebTop.ppt
[2010/06/26 00:19:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Bill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/06/22 00:48:08 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Bill\My Documents\~$FFIC CRASH PROBLEM.doc
[2010/06/22 00:48:07 | 000,691,712 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\RAFFIC CRASH PROBLEM.doc
[2010/06/15 23:45:50 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Elder Meeting Minutes.doc
[2010/06/14 23:32:19 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Bill\My Documents\Loretta.doc
[2010/05/21 16:03:02 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\Member%20Services[1].doc
[2010/05/10 12:58:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bill\Local Settings\Application Data\prvlcl.dat
[2010/05/04 22:25:52 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Bill\Desktop\public talk.doc
[2010/05/02 11:32:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/20 19:43:56 | 000,000,210 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/12 19:51:55 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/10/12 19:39:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/04/09 12:07:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2007/02/03 13:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UES07.INI
[2007/01/05 10:08:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/11/28 16:59:10 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/11/03 14:59:28 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2006/11/02 10:39:05 | 000,000,088 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/06 18:11:10 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2006/07/25 17:20:55 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2006/07/24 12:41:48 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/24 12:41:48 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3592AEE09E.sys
[2006/07/24 09:41:35 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[2006/07/24 09:41:21 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
[2006/07/24 09:41:21 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2006/07/24 09:41:21 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2006/07/24 09:41:20 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2006/07/24 09:41:20 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2006/07/22 15:27:09 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/06/23 10:23:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/23 10:18:01 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/23 10:13:17 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/06/23 10:08:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/23 09:46:42 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/07/21 18:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/01/17 15:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2006/06/23 10:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 22:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/07/31 14:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Broadlook Technologies
[2010/07/22 11:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\GlarySoft
[2006/09/28 14:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Leadertech
[2010/07/23 15:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\TweakNow RegCleaner
[2007/06/18 08:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Viewpoint
[2008/01/06 21:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\Watchtower
[2010/06/29 16:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bill\Application Data\webex

========== Purity Check ==========

< End of report >

Edited by Georgex, 28 July 2010 - 02:52 PM.

#23
Georgex

Posted 28 July 2010 - 02:56 PM

Member

Topic Starter
Member
36 posts

Thanks Hammerman, but I still cannot manually update the Avast virus definitions or engine with either the top or bottom choice. The full error after error connectign to the srever is "last encountered error: cannot connect to download657.avast.com (74.55.143.146:80). Total time 1:02

#24
hammerman

Posted 28 July 2010 - 03:37 PM

Member 4k

Member
4,183 posts

Hi,

Delete your copy of TDSSKiller, and then..

Download TDSSKiller and save it to your Desktop.

Extract the file and run it.
Once completed it will create a log in the root directory (usually C:\).
Please post the contents of that log in your next reply.

#25
Georgex

Posted 28 July 2010 - 04:34 PM

Member

Topic Starter
Member
36 posts

Hi,

TDSS scan with new TDSSkiller extraction after delete of old one...

2010/07/28 18:32:11.0875 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/28 18:32:11.0875 ================================================================================
2010/07/28 18:32:11.0875 SystemInfo:
2010/07/28 18:32:11.0875
2010/07/28 18:32:11.0875 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/28 18:32:11.0875 Product type: Workstation
2010/07/28 18:32:11.0875 ComputerName: BR-95QW6B1
2010/07/28 18:32:11.0875 UserName: Bill
2010/07/28 18:32:11.0875 Windows directory: C:\WINDOWS
2010/07/28 18:32:11.0875 System windows directory: C:\WINDOWS
2010/07/28 18:32:11.0875 Processor architecture: Intel x86
2010/07/28 18:32:11.0875 Number of processors: 2
2010/07/28 18:32:11.0875 Page size: 0x1000
2010/07/28 18:32:11.0875 Boot type: Normal boot
2010/07/28 18:32:11.0875 ================================================================================
2010/07/28 18:32:12.0203 Initialize success
2010/07/28 18:32:17.0656 ================================================================================
2010/07/28 18:32:17.0656 Scan started
2010/07/28 18:32:17.0656 Mode: Manual;
2010/07/28 18:32:17.0656 ================================================================================
2010/07/28 18:32:18.0796 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/07/28 18:32:18.0906 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/07/28 18:32:18.0953 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/28 18:32:18.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/28 18:32:19.0000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/07/28 18:32:19.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/28 18:32:19.0093 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/07/28 18:32:19.0140 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/28 18:32:19.0187 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/28 18:32:19.0203 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/07/28 18:32:19.0203 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/07/28 18:32:19.0218 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/07/28 18:32:19.0234 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/07/28 18:32:19.0250 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/07/28 18:32:19.0265 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/07/28 18:32:19.0281 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/07/28 18:32:19.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/07/28 18:32:19.0328 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/07/28 18:32:19.0343 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/07/28 18:32:19.0343 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/07/28 18:32:19.0421 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/07/28 18:32:19.0453 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/07/28 18:32:19.0468 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/07/28 18:32:19.0515 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/07/28 18:32:19.0546 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/07/28 18:32:19.0593 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/28 18:32:19.0625 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/28 18:32:19.0671 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/28 18:32:19.0687 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/28 18:32:19.0750 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/07/28 18:32:19.0781 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
2010/07/28 18:32:19.0843 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/28 18:32:20.0046 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/07/28 18:32:20.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/28 18:32:20.0156 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/07/28 18:32:20.0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/28 18:32:20.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/28 18:32:20.0218 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/28 18:32:20.0265 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/07/28 18:32:20.0296 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/07/28 18:32:20.0328 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/07/28 18:32:20.0359 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/07/28 18:32:20.0390 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/28 18:32:20.0437 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/07/28 18:32:20.0453 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/07/28 18:32:20.0453 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/07/28 18:32:20.0468 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/07/28 18:32:20.0484 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/07/28 18:32:20.0500 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/07/28 18:32:20.0515 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/07/28 18:32:20.0515 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/07/28 18:32:20.0531 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/07/28 18:32:20.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/28 18:32:20.0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/28 18:32:20.0656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/28 18:32:20.0671 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/28 18:32:20.0718 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/07/28 18:32:20.0765 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/28 18:32:20.0781 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/07/28 18:32:20.0812 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/07/28 18:32:20.0921 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/07/28 18:32:20.0968 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/07/28 18:32:21.0031 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/07/28 18:32:21.0078 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/28 18:32:21.0093 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/28 18:32:21.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/28 18:32:21.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/28 18:32:21.0218 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/28 18:32:21.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/28 18:32:21.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/28 18:32:21.0296 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/28 18:32:21.0359 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/28 18:32:21.0375 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/28 18:32:21.0390 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/28 18:32:21.0437 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/07/28 18:32:21.0484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/28 18:32:21.0500 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/28 18:32:21.0531 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/07/28 18:32:21.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/28 18:32:21.0625 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/07/28 18:32:21.0671 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/28 18:32:21.0718 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/07/28 18:32:21.0750 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/28 18:32:21.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/28 18:32:21.0843 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/28 18:32:21.0906 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/28 18:32:21.0921 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/28 18:32:21.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/28 18:32:22.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/28 18:32:22.0078 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/28 18:32:22.0093 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/28 18:32:22.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/28 18:32:22.0156 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/28 18:32:22.0203 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/28 18:32:22.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/28 18:32:22.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/28 18:32:22.0312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/28 18:32:22.0343 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/28 18:32:22.0359 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/28 18:32:22.0406 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/28 18:32:22.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/28 18:32:22.0468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/07/28 18:32:22.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/28 18:32:22.0546 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/28 18:32:22.0578 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/28 18:32:22.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/28 18:32:22.0640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/28 18:32:22.0656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/28 18:32:22.0703 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/28 18:32:22.0734 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/28 18:32:22.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/28 18:32:22.0812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/28 18:32:22.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/28 18:32:22.0843 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/28 18:32:22.0875 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/28 18:32:22.0890 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/28 18:32:22.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/28 18:32:23.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/28 18:32:23.0062 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/28 18:32:23.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/28 18:32:23.0187 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/28 18:32:23.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/28 18:32:23.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/28 18:32:23.0390 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/28 18:32:23.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/28 18:32:23.0453 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/28 18:32:23.0484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/28 18:32:23.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/28 18:32:23.0562 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/28 18:32:23.0609 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/07/28 18:32:23.0656 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/07/28 18:32:23.0703 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/28 18:32:23.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/28 18:32:23.0734 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/28 18:32:23.0765 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/28 18:32:23.0796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/07/28 18:32:23.0812 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/07/28 18:32:23.0828 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/07/28 18:32:23.0859 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/07/28 18:32:23.0890 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/07/28 18:32:23.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/28 18:32:23.0984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/28 18:32:24.0000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/28 18:32:24.0015 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/28 18:32:24.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/28 18:32:24.0140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/28 18:32:24.0156 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/28 18:32:24.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/28 18:32:24.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/28 18:32:24.0265 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/07/28 18:32:24.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/28 18:32:24.0375 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/28 18:32:24.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/28 18:32:24.0421 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/28 18:32:24.0484 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/07/28 18:32:24.0531 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/07/28 18:32:24.0562 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/28 18:32:24.0609 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/28 18:32:24.0656 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/28 18:32:24.0750 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2010/07/28 18:32:24.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/28 18:32:24.0843 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/28 18:32:24.0906 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/07/28 18:32:24.0921 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/07/28 18:32:24.0937 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/07/28 18:32:24.0937 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/07/28 18:32:24.0968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/28 18:32:25.0031 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/28 18:32:25.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/28 18:32:25.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/28 18:32:25.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/28 18:32:25.0265 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/07/28 18:32:25.0281 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/28 18:32:25.0312 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/07/28 18:32:25.0390 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/28 18:32:25.0453 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/07/28 18:32:25.0468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/28 18:32:25.0500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/28 18:32:25.0546 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/28 18:32:25.0609 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/28 18:32:25.0671 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/28 18:32:25.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/28 18:32:25.0750 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/07/28 18:32:25.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/28 18:32:25.0812 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/07/28 18:32:25.0843 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/28 18:32:25.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/28 18:32:25.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/28 18:32:25.0953 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/07/28 18:32:26.0015 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/28 18:32:26.0109 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/28 18:32:26.0171 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/28 18:32:26.0218 ================================================================================
2010/07/28 18:32:26.0218 Scan finished
2010/07/28 18:32:26.0218 ================================================================================

#26
hammerman

Posted 29 July 2010 - 12:27 AM

Member 4k

Member
4,183 posts

Hi,

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#27
Georgex

Posted 29 July 2010 - 08:13 PM

Member

Topic Starter
Member
36 posts

Hi Hammerman,

I think that I have attched the two files. I wont be able to work on the computer until Monday, but I do not want to close this case. I will be back on checking further Monday Morning (or maybe Sunday night).

I just wanted to let you know that I wont be posting again until sunday night at the earliest.

Attached Files

virusinfo_syscure.zip 19.55KB 81 downloads
virusinfo_syscheck.zip 19.4KB 76 downloads

#28
hammerman

Posted 30 July 2010 - 01:50 PM

Member 4k

Member
4,183 posts

Hi,

Download Dr.Web CureIt to the desktop.

Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, choose the Complete Scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

#29
Georgex

Posted 02 August 2010 - 02:31 PM

Member

Topic Starter
Member
36 posts

Hi Hammerman,

Sorry I havent replied sooner, but the Dr Web scanner has been running all afternoon on complete scan!
However, so far I cured 2 trojans, RegUBP2b-Bill.reg and A0193616.reg.

If this doesnt fix the computer, should I just consider reimaging it and starting over?

#30
hammerman

Posted 02 August 2010 - 03:10 PM

Member 4k

Member
4,183 posts

Hi,

A reinstall would certainly mean a clean start and there's some information here that may prove useful if you decide to go that route. Alternatively, I'll help you clean up your machine for as long as you want. Let me know how you want to proceed.