Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware - personal files and apps disappeared

Started by Shaney , Nov 24 2010 05:10 AM

  • Please log in to reply

#1
Shaney
Posted 24 November 2010 - 05:10 AM

Shaney

    Member

  • Member
  • PipPip
  • 26 posts
Hi,

I'm really stumped and hope you can help me.

OS - Windows Vista
HDD 60 Gb
Symptoms - All personal files missing
All installed apps missing
AVG virus checker finds little
Date problem was noticed 4th November at about 21:00
Recovery tool getdataback for NTFS

The problem:

My parents have dropped their PC over to me, as I work in IT they think I can fix anything :-)
They are not the most IT savvy people and I expect they have allowed some malware to run thinking it was a virus killer.

I can log on to the PC exactly the same as usual and it runs fine and accesses the internet OK.
The problem is that the computer has none of their personal files on either the desktop or in my documents or anywhere. I have also noticed that none of the their personal apps like skype or Office or email or Mozilla or favourites are there either.

It's like the computer was pretty much when they first got it.

I have had a look around their harddrive and noticed that some folders have access denied.
The next step I did was to run a virus scan, which did not show much info bar a couple of tracking cookies.

I have now put on a file recovery application and have found all of the folders like 'my docs' and 'xyz docs', but there is about 11 copies of the same file.
Also there is about 7 different NTFS instances to choose from and they all contain the same files. Given that the HDD is only 60 Gb the recovery estimation is in the terabytes, which seems a bit strange. I recovered their my documents from one of the NTFS instances but nearly all of the word documents are unreadable along with most of their pictures

It's like a virus has installed itself hidden/courrpted/encrypted all the my docs files and then deleted itself.

I have searched and searched the internet for a similar problem but to no avail, so any help or pointers you can give me would really help as I am out of ideas.

Thanks in advance,


Shane.

Data below – OTL.TXT

OTL logfile created on: 23/11/2010 23:06:15 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Louroy\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 370.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49.46 Gb Total Space | 30.51 Gb Free Space | 61.68% Space Free | Partition Type: NTFS
Drive D: | 11.40 Gb Total Space | 11.31 Gb Free Space | 99.17% Space Free | Partition Type: NTFS
Drive E: | 178.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LOUROY-PC | User Name: Louroy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Louroy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Program Files\Launch Manager\WButton.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Louroy\AppData\Local\Temp\GDB4NTFS.exe ()
PRC - C:\Program Files\Launch Manager\OSDCtrl.exe ()
PRC - C:\Program Files\Launch Manager\LaunchAp.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Louroy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (OJRVCRBIEDHN) -- C:\Users\Louroy\AppData\Local\Temp\OJRVCRBIEDHN.exe (Sysinternals - www.sysinternals.com)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (IviRegMgr) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvraid) NVIDIA nForce™ -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\Windows\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/06 13:47:30 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Louroy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/09 21:58:56 | 000,000,202 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{40af2356-e862-11df-881a-0016d363e5bc}\Shell - "" = AutoRun
O33 - MountPoints2\{40af2356-e862-11df-881a-0016d363e5bc}\Shell\AutoRun\command - "" = G:\Password.exe -- File not found
O33 - MountPoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\HBCD\WinTools\Autorun.exe -- [2009/06/09 21:58:56 | 000,011,264 | R--- | M] (http://www.hiren.info)
O33 - MountPoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}\Shell\Option1\Command - "" = E:\HBCD\WinTools\Autorun.exe -- [2009/06/09 21:58:56 | 000,011,264 | R--- | M] (http://www.hiren.info)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 20:43:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Louroy\Desktop\OTL.exe
[2010/11/23 12:56:58 | 000,287,232 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2010/11/23 12:56:58 | 000,283,648 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2010/11/23 12:56:58 | 000,275,968 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2010/11/23 12:56:58 | 000,270,848 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2010/11/23 12:56:57 | 000,483,192 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2010/11/23 12:56:57 | 000,481,441 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2010/11/23 12:56:57 | 000,305,664 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2010/11/23 12:56:57 | 000,288,768 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2010/11/23 12:56:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2010/11/23 12:56:56 | 000,414,208 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2010/11/23 12:56:56 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/11/23 12:40:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/23 12:40:25 | 000,000,000 | ---D | C] -- C:\temp
[2010/11/23 12:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/23 12:35:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/23 12:35:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/23 12:35:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/23 12:35:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/23 12:06:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/23 11:44:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/23 11:41:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/23 11:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/11/06 18:09:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/06 14:48:39 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/06 14:26:42 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/11/06 14:26:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/11/06 14:24:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
[2010/11/06 14:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/11/06 14:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/06 13:53:53 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Roaming\AVG10
[2010/11/06 13:51:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/06 13:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/11/06 13:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/06 13:46:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/06 13:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/06 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/06 13:32:03 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Louroy\Desktop\mbam-setup-1.46.exe
[2010/11/06 13:32:02 | 004,329,488 | ---- | C] (AVG Technologies) -- C:\Users\Louroy\Desktop\avg_isct_stb_all_2011_1153_free.exe
[2010/11/06 13:31:53 | 125,695,976 | ---- | C] (Lavasoft ) -- C:\Users\Louroy\Desktop\Ad-AwareInstall.exe
[2010/11/05 15:19:41 | 000,000,000 | ---D | C] -- C:\ATI
[2010/11/05 04:27:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/11/05 04:12:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/04 22:57:48 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Local\VirtualStore
[2010/11/04 21:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\fsc-reg
[2010/11/04 21:51:58 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Roaming\Adobe
[2010/11/04 21:51:57 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Roaming\ATI
[2010/11/04 21:51:57 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Local\ATI
[2010/11/04 21:51:43 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Searches
[2010/11/04 21:51:33 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Roaming\Identities
[2010/11/04 21:51:31 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Contacts
[2010/11/04 21:51:18 | 000,000,000 | --SD | C] -- C:\Users\Louroy\AppData\Roaming\Microsoft
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Videos
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Saved Games
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Pictures
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Music
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Links
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Favorites
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Downloads
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Documents
[2010/11/04 21:51:18 | 000,000,000 | R--D | C] -- C:\Users\Louroy\Desktop
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\AppData\Local\Temporary Internet Files
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Templates
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Start Menu
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\SendTo
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Recent
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\PrintHood
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\NetHood
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Documents\My Videos
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Documents\My Pictures
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Documents\My Music
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\My Documents
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Local Settings
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\AppData\Local\History
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Cookies
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\Application Data
[2010/11/04 21:51:18 | 000,000,000 | -HSD | C] -- C:\Users\Louroy\AppData\Local\Application Data
[2010/11/04 21:51:18 | 000,000,000 | -H-D | C] -- C:\Users\Louroy\AppData
[2010/11/04 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Local\Temp
[2010/11/04 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Local\Microsoft
[2010/11/04 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\Louroy\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2010/11/23 22:13:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 22:13:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/23 21:09:18 | 000,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/23 21:09:18 | 000,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/23 20:43:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Louroy\Desktop\OTL.exe
[2010/11/23 20:13:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/23 14:27:13 | 099,926,758 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/23 12:57:34 | 000,001,160 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/11/23 12:08:47 | 000,001,595 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/11/23 12:06:42 | 000,238,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/23 12:06:37 | 113,494,409 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/23 12:05:26 | 937,672,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/23 12:03:18 | 000,632,241 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/06 14:48:29 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/11/06 14:24:08 | 000,001,037 | ---- | M] () -- C:\Users\Louroy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/06 14:24:08 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/06 13:50:20 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/06 12:44:13 | 004,329,488 | ---- | M] (AVG Technologies) -- C:\Users\Louroy\Desktop\avg_isct_stb_all_2011_1153_free.exe
[2010/11/05 04:27:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2010/11/04 21:56:33 | 000,000,949 | ---- | M] () -- C:\Users\Louroy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/04 21:52:16 | 000,001,406 | ---- | M] () -- C:\Users\Louroy\Desktop\First Steps.lnk

========== Files Created - No Company Name ==========

[2010/11/23 14:27:13 | 099,926,758 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/23 12:57:34 | 000,001,160 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/11/23 12:56:57 | 000,267,264 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2010/11/23 12:56:57 | 000,091,136 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/11/23 12:56:57 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2010/11/23 12:35:50 | 000,155,136 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/23 12:35:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/23 12:35:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/23 12:35:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/23 12:08:47 | 000,001,595 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/11/23 12:06:17 | 113,494,409 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/11/23 12:03:18 | 000,632,241 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/06 14:24:08 | 000,001,037 | ---- | C] () -- C:\Users\Louroy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/06 14:24:08 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/11/06 13:50:20 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/05 04:23:07 | 937,672,704 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 21:56:33 | 000,000,949 | ---- | C] () -- C:\Users\Louroy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/04 21:52:16 | 000,001,406 | ---- | C] () -- C:\Users\Louroy\Desktop\First Steps.lnk
[2010/11/04 21:51:18 | 000,000,258 | ---- | C] () -- C:\Users\Louroy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/04 21:51:18 | 000,000,240 | ---- | C] () -- C:\Users\Louroy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2007/04/04 17:19:18 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/04/04 16:53:10 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 16:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

========== LOP Check ==========

[2010/11/06 13:53:53 | 000,000,000 | ---D | M] -- C:\Users\Louroy\AppData\Roaming\AVG10
[2010/11/06 14:28:56 | 000,004,792 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
azarl
Posted 04 December 2010 - 08:06 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

Looks like you've run s0me pretty heavyweight tools there. Have you the ComboFix logs please?

++++++++++ oOo +++++++++


Download GMER Rootkit Scanner. Note the files name and unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
  • 0

#3
Shaney
Posted 06 December 2010 - 07:12 AM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Thanks for getting back to me and spending your time to help me fix this problem.

I did exactly what the instructions said.
The first time GMER ran it froze the PC, so I re ran it and it went through the motions and then the PC blue screened and restarted without me doing anything.
I have tried it a couple of times now with the same result. I have also noticed that when it initially ran GMER had some info in the window, similar to your example, but the next time it ran it did not have as many lines of information.

When the PC restarted Windows gave an error message that an unexpected shut down occurred and I have the log files, would you like me to send them to you?
I have tried running GMER one more time and it has frozen the PC again at '\device\Tcp'



As requested please find the log file from the ComboFix.

Thanks in advance,

Shane.




ComboFix 09-06-09.05 - Louroy 23/11/2010 12:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.894.129 [GMT 0:00]
Running from: e:\hbcd\wintools\ComboFix.exe
Command switches used :: ComboFix.exe
AV: AVG Internet Security 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security 2011 *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 12:37 . 2010-11-23 12:37 -------- d-----w- C:\temp
2010-11-23 12:37 . 2010-11-23 12:37 -------- d-----w- \temp
2010-11-23 12:35 . 2010-11-23 12:38 -------- d-s---w- \ComboFix
2010-11-23 11:41 . 2010-11-23 11:44 -------- d-----w- \Qoobox
2010-11-23 11:32 . 2010-11-23 11:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-23 11:27 . 2010-11-23 11:27 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-23 11:27 . 2010-11-23 11:27 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-11-23 11:27 . 2010-11-23 11:27 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-23 11:19 . 2010-11-23 11:19 -------- d-----w- c:\program files\MSXML 4.0
2010-11-23 11:13 . 2010-11-23 11:13 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-23 11:13 . 2010-11-23 11:13 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-23 11:13 . 2010-11-23 11:13 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-23 11:13 . 2010-11-23 11:13 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-11-06 18:09 . 2010-11-06 18:09 -------- d--h--w- C:\$AVG
2010-11-06 18:09 . 2010-11-06 18:09 -------- d--h--w- \$AVG
2010-11-06 14:47 . 2010-11-06 14:47 1375992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-11-06 14:47 . 2010-10-12 16:15 206160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2010-11-06 14:26 . 2010-11-06 14:26 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-06 14:26 . 2010-06-21 17:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-06 14:24 . 2010-11-06 14:24 -------- dc-h--w- c:\programdata\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2010-11-06 14:24 . 2010-06-21 17:52 2978768 -c--a-w- c:\programdata\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe
2010-11-06 14:22 . 2010-11-06 14:26 -------- d-----w- c:\programdata\Lavasoft
2010-11-06 14:22 . 2010-11-06 14:22 -------- d-----w- c:\program files\Lavasoft
2010-11-06 13:53 . 2010-11-06 13:53 -------- d-----w- c:\users\Louroy\AppData\Roaming\AVG10
2010-11-06 13:51 . 2010-11-06 13:51 -------- d--h--w- c:\programdata\Common Files
2010-11-06 13:51 . 2010-11-06 13:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-11-06 13:46 . 2010-11-23 12:03 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-06 13:46 . 2010-11-06 13:53 -------- d-----w- c:\programdata\AVG10
2010-11-06 13:45 . 2010-11-06 13:45 -------- d-----w- c:\program files\AVG
2010-11-06 13:32 . 2010-11-06 13:45 -------- d-----w- c:\programdata\MFAData
2010-11-05 15:19 . 2010-11-05 15:19 -------- d-----w- C:\ATI
2010-11-05 15:19 . 2010-11-05 15:19 -------- d-----w- \ATI
2010-11-05 04:23 . 2010-11-23 12:05 937672704 --sha-w- \hiberfil.sys
2010-11-05 04:23 . 2010-11-23 12:05 1251606528 --sha-w- \pagefile.sys
2010-11-05 04:12 . 2010-11-23 11:04 -------- d-sh--w- \System Volume Information
2010-11-04 22:57 . 2010-11-04 22:57 -------- d-----w- c:\users\Louroy\AppData\Local\VirtualStore
2010-11-04 22:21 . 2010-11-04 22:21 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-04 22:20 . 2010-11-04 22:20 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-04 22:05 . 2010-11-04 22:05 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-11-04 22:05 . 2010-11-04 22:05 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-04 22:05 . 2010-11-04 22:05 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-04 22:05 . 2010-11-04 22:05 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-11-04 22:05 . 2010-11-04 22:05 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-04 22:05 . 2010-11-04 22:05 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-11-04 22:05 . 2010-11-04 22:05 35552 ----a-w- c:\windows\system32\wups.dll
2010-11-04 22:05 . 2010-11-04 22:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-04 22:05 . 2010-11-04 22:05 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-04 21:52 . 2010-11-04 21:52 -------- d-----w- c:\programdata\fsc-reg
2010-11-04 21:52 . 2007-01-23 08:38 344080 ----a-w- c:\programdata\fsc-reg\fscreg.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 12:11 . 2010-11-04 21:51 52024 ----a-w- c:\users\Louroy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-11-23 12:05 . 2010-11-05 04:23 937672704 --sha-w- \hiberfil.sys
2010-11-23 12:05 . 2010-11-05 04:23 1251606528 --sha-w- \pagefile.sys
2010-11-04 21:51 . 2010-11-04 21:51 -------- d-----w- c:\users\Louroy\AppData\Roaming\ATI
2010-11-03 10:36 . 2010-05-22 09:33 202064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
2010-11-03 10:36 . 2010-05-22 09:33 963920 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
2010-10-27 09:52 . 2010-05-22 09:34 4379984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-10-27 09:52 . 2010-05-22 09:33 308560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
2010-10-12 16:15 . 2010-05-22 09:33 243024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
2010-10-12 16:15 . 2010-05-22 09:33 394576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
2010-10-12 16:15 . 2010-05-22 09:33 185680 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
2010-10-12 16:15 . 2010-05-22 09:33 304464 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
2010-10-12 16:15 . 2010-05-22 09:33 349520 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
2010-10-12 16:15 . 2010-05-22 09:33 210256 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
2010-10-12 16:15 . 2010-05-22 09:33 185680 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
2010-10-12 16:15 . 2010-05-22 09:33 292176 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
2010-10-12 16:15 . 2010-05-22 09:33 210256 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
2010-09-13 16:27 . 2010-09-13 16:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 03:49 . 2010-09-07 03:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 03:48 . 2010-09-07 03:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 03:48 . 2010-09-07 03:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 03:48 . 2010-09-07 03:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 11:31 2475336 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-01-23 344080]
"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-11-23 293376]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5CDC75E7-704E-447D-A22B-E03C0B28DA30}"= UDP:c:\program files\AVG\AVG10\avgdiagex.exe:AVG Diagnostics 2011
"{623FC1B5-B029-4BB3-924D-BEB93A5D71EF}"= TCP:c:\program files\AVG\AVG10\avgdiagex.exe:AVG Diagnostics 2011
"{3C3DC5BA-3712-49BA-B8BC-107DD74CA328}"= UDP:c:\program files\AVG\AVG10\avgnsx.exe:Online Shield
"{C3EA375F-C508-4345-923B-29E2B39AA8F6}"= TCP:c:\program files\AVG\AVG10\avgnsx.exe:Online Shield
"{FEF6CC73-B843-41EC-B8DF-BBB1CE11DCA6}"= UDP:c:\program files\AVG\AVG10\avgmfapx.exe:AVG Installer
"{0A5FE29D-D018-4E91-B369-46BDC6684208}"= TCP:c:\program files\AVG\AVG10\avgmfapx.exe:AVG Installer
"{2B045F3D-6032-45B2-8F21-D489EC96C64D}"= UDP:c:\program files\AVG\AVG10\avgam.exe:AVG Alert manager
"{8B97A9A2-96C5-4071-BC38-35670AA356F1}"= TCP:c:\program files\AVG\AVG10\avgam.exe:AVG Alert manager
"{955E947C-F5F5-410B-BF8C-1641FFA063FA}"= UDP:c:\program files\AVG\AVG10\avgemcx.exe:Personal E-mail Scanner
"{3C32E0AF-C024-49BA-AFF9-BD6667E771E4}"= TCP:c:\program files\AVG\AVG10\avgemcx.exe:Personal E-mail Scanner

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 AVGIDSEH;AVGIDSEH;c:\windows\System32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\System32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [06/11/2010 14:26 64288]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [12/07/2010 04:34 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\System32\drivers\avgldx86.sys [07/09/2010 03:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\System32\drivers\avgtdix.sys [07/09/2010 03:49 298448]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [10/09/2010 01:45 3210176]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/10/2010 12:58 6104656]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [21/06/2010 17:44 1375992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\System32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\System32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\System32\drivers\AVGIDSShim.sys [19/08/2010 21:42 27216]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [04/04/2007 16:53 118784]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [06/11/2010 13:51 517448]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [04/04/2007 16:52 218112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40af2356-e862-11df-881a-0016d363e5bc}]
\shell\AutoRun\command - G:\Password.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}]
\shell\AutoRun\command - e:\hbcd\wintools\autorun.exe
\shell\Option1\Command - e:\hbcd\wintools\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb
.
Contents of the 'Scheduled Tasks' folder

2010-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-21 14:48]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe


.
------- Supplementary Scan -------
.
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 12:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?5???????5?X35????v????????????0???<???????|??????vUL?v????3 ?v!??v??????5???5?-?fv????L???~z?v??5???????5?????? A???5?????? A????v-?fv?????????a@?`??????????? ?A??>Rv????? A???@???5??x@???5????v??@???5????

scanning hidden files ...


c:\users\Louroy\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-11-23 12:40
ComboFix-quarantined-files.txt 2010-11-23 12:40

Pre-Run: 39,116,648,448 bytes free
Post-Run: 39,300,308,992 bytes free

201 --- E O F --- 2010-11-23 11:35
  • 0

#4
azarl
Posted 06 December 2010 - 10:52 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
Shaney
Posted 06 December 2010 - 12:16 PM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Azarl,

Here is the log files.

Best,

Shane.


2010/12/06 17:55:45.0912 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 17:55:45.0912 ================================================================================
2010/12/06 17:55:45.0912 SystemInfo:
2010/12/06 17:55:45.0912
2010/12/06 17:55:45.0912 OS Version: 6.0.6000 ServicePack: 0.0
2010/12/06 17:55:45.0912 Product type: Workstation
2010/12/06 17:55:45.0912 ComputerName: LOUROY-PC
2010/12/06 17:55:45.0912 UserName: Louroy
2010/12/06 17:55:45.0912 Windows directory: C:\Windows
2010/12/06 17:55:45.0912 System windows directory: C:\Windows
2010/12/06 17:55:45.0912 Processor architecture: Intel x86
2010/12/06 17:55:45.0912 Number of processors: 2
2010/12/06 17:55:45.0912 Page size: 0x1000
2010/12/06 17:55:45.0912 Boot type: Normal boot
2010/12/06 17:55:45.0912 ================================================================================
2010/12/06 17:55:46.0350 Initialize success
2010/12/06 17:56:04.0537 ================================================================================
2010/12/06 17:56:04.0537 Scan started
2010/12/06 17:56:04.0537 Mode: Manual;
2010/12/06 17:56:04.0537 ================================================================================
2010/12/06 17:56:05.0287 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/12/06 17:56:05.0396 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/06 17:56:05.0475 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/06 17:56:05.0537 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/06 17:56:05.0615 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/06 17:56:05.0756 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/12/06 17:56:05.0865 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/06 17:56:05.0943 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/06 17:56:06.0037 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/06 17:56:06.0100 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/06 17:56:06.0209 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/06 17:56:06.0271 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/06 17:56:06.0365 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/06 17:56:06.0443 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/06 17:56:06.0537 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/06 17:56:06.0615 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/06 17:56:06.0740 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2010/12/06 17:56:06.0881 athr (dfa77e7f9e625406f388c8eb09d9d1b4) C:\Windows\system32\DRIVERS\athr.sys
2010/12/06 17:56:07.0131 avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2010/12/06 17:56:07.0521 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\Windows\system32\DRIVERS\avgldx86.sys
2010/12/06 17:56:07.0584 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2010/12/06 17:56:07.0834 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/12/06 17:56:07.0959 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/06 17:56:08.0021 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/06 17:56:08.0100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/06 17:56:08.0178 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/06 17:56:08.0225 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/06 17:56:08.0303 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/06 17:56:08.0396 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/06 17:56:08.0537 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/06 17:56:08.0709 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/06 17:56:08.0771 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/06 17:56:08.0865 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/06 17:56:08.0943 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2010/12/06 17:56:09.0068 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/06 17:56:09.0162 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/06 17:56:09.0225 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/06 17:56:09.0334 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/06 17:56:09.0412 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/06 17:56:09.0521 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/12/06 17:56:09.0678 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/12/06 17:56:09.0771 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/12/06 17:56:09.0881 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/06 17:56:09.0975 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/06 17:56:10.0053 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2010/12/06 17:56:10.0209 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/06 17:56:10.0318 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/12/06 17:56:10.0381 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/06 17:56:10.0490 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/12/06 17:56:10.0553 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/12/06 17:56:10.0631 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/06 17:56:10.0756 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/12/06 17:56:10.0850 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/06 17:56:10.0912 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/06 17:56:11.0021 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/06 17:56:11.0162 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/06 17:56:11.0225 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/06 17:56:11.0287 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/06 17:56:11.0428 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2010/12/06 17:56:11.0537 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
2010/12/06 17:56:11.0725 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/06 17:56:11.0834 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
2010/12/06 17:56:11.0912 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/06 17:56:11.0990 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/06 17:56:12.0146 iaStor (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
2010/12/06 17:56:12.0225 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/06 17:56:12.0303 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/06 17:56:12.0506 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/06 17:56:12.0678 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2010/12/06 17:56:12.0756 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/06 17:56:12.0834 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/06 17:56:12.0990 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/06 17:56:13.0053 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/06 17:56:13.0146 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/12/06 17:56:13.0240 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/06 17:56:13.0303 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/06 17:56:13.0365 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/06 17:56:13.0412 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/06 17:56:13.0521 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/06 17:56:13.0678 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2010/12/06 17:56:13.0818 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/06 17:56:13.0975 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/06 17:56:14.0115 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/06 17:56:14.0178 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/06 17:56:14.0240 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/06 17:56:14.0350 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/12/06 17:56:14.0490 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/06 17:56:14.0709 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/12/06 17:56:14.0865 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/06 17:56:15.0053 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/06 17:56:15.0115 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
2010/12/06 17:56:15.0287 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/12/06 17:56:15.0490 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/06 17:56:15.0584 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/06 17:56:15.0678 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/06 17:56:15.0818 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/12/06 17:56:15.0896 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/06 17:56:15.0990 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/06 17:56:16.0271 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/06 17:56:16.0365 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2010/12/06 17:56:16.0396 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/06 17:56:16.0490 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/12/06 17:56:16.0553 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2010/12/06 17:56:16.0709 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/06 17:56:16.0756 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/06 17:56:16.0803 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/12/06 17:56:16.0865 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/12/06 17:56:16.0959 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/06 17:56:17.0037 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/12/06 17:56:17.0100 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/12/06 17:56:17.0225 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/06 17:56:17.0334 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/12/06 17:56:17.0443 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/06 17:56:17.0506 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/06 17:56:17.0553 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/06 17:56:17.0600 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/12/06 17:56:17.0678 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/06 17:56:17.0803 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/06 17:56:17.0912 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/06 17:56:17.0990 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/12/06 17:56:18.0068 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/06 17:56:18.0209 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/12/06 17:56:18.0318 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/06 17:56:18.0381 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/12/06 17:56:18.0428 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
2010/12/06 17:56:18.0490 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
2010/12/06 17:56:18.0521 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/06 17:56:18.0600 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/06 17:56:18.0834 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/06 17:56:18.0959 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/06 17:56:19.0021 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/12/06 17:56:19.0115 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/06 17:56:19.0193 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2010/12/06 17:56:19.0303 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2010/12/06 17:56:19.0381 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/06 17:56:19.0537 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/06 17:56:19.0865 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/06 17:56:20.0053 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/06 17:56:20.0193 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/06 17:56:20.0318 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/06 17:56:20.0396 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/06 17:56:20.0490 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/06 17:56:20.0693 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/06 17:56:20.0818 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/06 17:56:20.0881 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/06 17:56:20.0928 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/06 17:56:20.0975 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/06 17:56:21.0021 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/06 17:56:21.0084 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/06 17:56:21.0115 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/06 17:56:21.0162 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/12/06 17:56:21.0240 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/06 17:56:21.0303 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/12/06 17:56:21.0381 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/06 17:56:21.0475 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/06 17:56:21.0568 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/06 17:56:21.0600 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/06 17:56:21.0631 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2010/12/06 17:56:21.0693 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/06 17:56:21.0740 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/06 17:56:21.0771 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/06 17:56:21.0803 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/06 17:56:21.0912 SIS163u (e91d143072a680223b5e73571970c82f) C:\Windows\system32\DRIVERS\sis163u.sys
2010/12/06 17:56:21.0975 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/06 17:56:22.0037 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
2010/12/06 17:56:22.0100 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/06 17:56:22.0178 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/12/06 17:56:22.0240 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2010/12/06 17:56:22.0318 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/12/06 17:56:22.0412 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
2010/12/06 17:56:22.0475 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/06 17:56:22.0521 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/06 17:56:22.0662 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/06 17:56:22.0756 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/06 17:56:22.0787 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/06 17:56:22.0818 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/06 17:56:22.0990 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
2010/12/06 17:56:23.0084 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/06 17:56:23.0146 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/06 17:56:23.0178 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/12/06 17:56:23.0225 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/06 17:56:23.0287 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/06 17:56:23.0334 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/06 17:56:23.0506 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/06 17:56:23.0568 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/06 17:56:23.0615 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/06 17:56:23.0662 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/06 17:56:23.0709 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/06 17:56:23.0771 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/06 17:56:23.0818 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/06 17:56:23.0850 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/06 17:56:23.0881 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/06 17:56:23.0912 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/06 17:56:24.0037 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2010/12/06 17:56:24.0100 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/06 17:56:24.0162 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/06 17:56:24.0240 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/06 17:56:24.0365 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/06 17:56:24.0443 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/06 17:56:24.0490 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/06 17:56:24.0568 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/06 17:56:24.0631 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/06 17:56:24.0756 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/06 17:56:24.0975 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/06 17:56:25.0303 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/12/06 17:56:25.0365 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/06 17:56:25.0396 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/06 17:56:25.0443 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/06 17:56:25.0537 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
2010/12/06 17:56:25.0568 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2010/12/06 17:56:25.0600 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/12/06 17:56:25.0662 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/12/06 17:56:25.0740 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/06 17:56:25.0818 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/06 17:56:25.0912 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 17:56:25.0943 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 17:56:26.0006 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/06 17:56:26.0084 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/06 17:56:26.0271 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/06 17:56:26.0365 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/06 17:56:26.0428 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/06 17:56:26.0646 ================================================================================
2010/12/06 17:56:26.0646 Scan finished
2010/12/06 17:56:26.0646 ================================================================================
  • 0

#6
azarl
Posted 06 December 2010 - 01:00 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
That was a really old version of ComboFix you ran, ComboFix is not designed to be run without the proper, training, it can do a lot of damage.

Let's try a new version

ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Shaney
Posted 07 December 2010 - 08:30 AM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Azarl,

I have downloaded the combo fix and tried to run it, however it does not work with AVG 2011.

I also tried running combo fix with AVG disabled but it did not like that either.

I have tried to uninstall AVG 2011 but it comes up with an error and does not uninstall. I have retried uninstalling as administrator, but an error appears stating that I do not have sufficient privileges to stop AVG watchdog (avgwd (the user account as far as I know is an admin account). So I went to msconfig and stopped the following

Startup
AVG Internet security

Services
AVG Firewall
AVG watch dog

Then re tried uninstalling as administrator, but got the error message that it could not stop the Windows process and to make sure I have sufficient privileges. I have put back the startup and services to get back to square one.

I am thinking that may be if was possible to ensure that AVG 2011 was not starting up and it is possible for AVG to be removed from the registry so how, Combo fix may run, but I await your expert advice on my next step.

Thanks again for your help so far.

Best,

Shane.

Edited by Shaney, 07 December 2010 - 08:51 AM.

  • 0

#8
azarl
Posted 07 December 2010 - 08:57 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed
  • 0

#9
Shaney
Posted 07 December 2010 - 09:11 AM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Azarl,

I am using the App remover tool now.
Tool has said it has removed the AVG 2011. It is now rebooting.

Please let me know what you want me to do next.


Thanks,

Shane.

Edited by Shaney, 07 December 2010 - 09:14 AM.

  • 0

#10
azarl
Posted 07 December 2010 - 09:16 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Try the ComboFix again please

Thanks
  • 0

Advertisements

#11
Shaney
Posted 07 December 2010 - 09:28 AM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Azarl,

Here's the combofix log file.


ComboFix 10-12-04.06 - Louroy 07/12/2010 15:18:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.894.423 [GMT 0:00]
Running from: c:\users\Louroy\Desktop\ComboFix.exe
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\system.txt
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-07 15:22 . 2010-12-07 15:22 -------- d-----w- c:\users\Louroy\AppData\Local\temp
2010-12-07 15:22 . 2010-12-07 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-07 15:16 . 2010-12-07 15:17 -------- d-----w- C:\32788R22FWJFW
2010-11-24 07:27 . 2010-11-24 07:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-11-24 07:27 . 2010-11-24 07:27 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-24 07:27 . 2010-11-24 07:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-24 07:27 . 2010-11-24 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-24 07:27 . 2010-11-24 07:27 24064 ----a-w- c:\windows\system32\lpk.dll
2010-11-24 07:27 . 2010-11-24 07:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-24 07:20 . 2010-11-24 07:20 134144 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-11-24 07:20 . 2010-11-24 07:20 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-11-24 07:20 . 2010-11-24 07:20 301568 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2010-11-24 07:16 . 2010-11-24 07:16 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-24 07:16 . 2010-11-24 07:16 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-11-24 07:15 . 2010-11-24 07:15 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-11-24 07:15 . 2010-11-24 07:15 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-24 07:12 . 2010-11-24 07:12 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-11-24 07:12 . 2010-11-24 07:12 33280 ----a-w- c:\windows\system32\traffic.dll
2010-11-24 07:12 . 2010-11-24 07:12 13824 ----a-w- c:\windows\system32\wshqos.dll
2010-11-24 07:12 . 2010-11-24 07:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-11-24 07:12 . 2010-11-24 07:12 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-24 07:12 . 2010-11-24 07:12 36864 ----a-w- c:\windows\system32\cdd.dll
2010-11-24 07:12 . 2010-11-24 07:12 134656 ----a-w- c:\windows\system32\dps.dll
2010-11-24 07:10 . 2010-11-24 07:10 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-24 07:10 . 2010-11-24 07:10 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-24 07:07 . 2010-11-24 07:07 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-24 07:07 . 2010-11-24 07:07 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-24 07:07 . 2010-11-24 07:07 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-24 07:04 . 2010-11-24 07:04 707072 ----a-w- c:\program files\Common Files\System\wab32.dll
2010-11-24 07:04 . 2010-11-24 07:04 41984 ----a-w- c:\program files\Windows Mail\wabimp.dll
2010-11-24 07:04 . 2010-11-24 07:04 1098752 ----a-w- c:\program files\Common Files\System\wab32res.dll
2010-11-24 07:04 . 2010-11-24 07:04 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-11-24 07:04 . 2010-11-24 07:04 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-11-24 07:04 . 2010-11-24 07:04 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-11-24 07:04 . 2010-11-24 07:04 2836992 ----a-w- c:\program files\Windows Mail\MSOERES.dll
2010-11-24 07:04 . 2010-11-24 07:04 1614848 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-11-24 07:04 . 2010-11-24 07:04 397312 ----a-w- c:\program files\Windows Mail\WinMail.exe
2010-11-24 07:04 . 2010-11-24 07:04 24064 ----a-w- c:\program files\Common Files\System\DirectDB.dll
2010-11-24 07:04 . 2010-11-24 07:04 81408 ----a-w- c:\program files\Windows Mail\oeimport.dll
2010-11-24 07:01 . 2010-11-24 07:01 15360 ----a-w- c:\windows\system32\netevent.dll
2010-11-24 07:01 . 2010-11-24 07:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-24 07:01 . 2010-11-24 07:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-24 07:01 . 2010-11-24 07:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-24 07:01 . 2010-11-24 07:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-24 07:01 . 2010-11-24 07:01 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-24 07:01 . 2010-11-24 07:01 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-24 07:01 . 2010-11-24 07:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-24 07:01 . 2010-11-24 07:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-24 06:54 . 2010-11-24 06:54 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-11-24 06:54 . 2010-11-24 06:54 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-11-24 06:52 . 2010-11-24 06:52 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-24 06:52 . 2010-11-24 06:52 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-11-24 06:52 . 2010-11-24 06:52 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-11-24 06:52 . 2010-11-24 06:52 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-24 06:48 . 2010-11-24 06:48 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-24 06:45 . 2010-11-24 06:45 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-24 06:45 . 2010-11-24 06:45 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-24 06:45 . 2010-11-24 06:45 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-24 06:43 . 2010-11-24 06:43 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-24 06:43 . 2010-11-24 06:43 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-11-24 06:40 . 2010-11-24 06:40 2855424 ----a-w- c:\windows\system32\mf.dll
2010-11-24 06:40 . 2010-11-24 06:40 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-24 06:40 . 2010-11-24 06:40 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-24 06:40 . 2010-11-24 06:40 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-24 06:40 . 2010-11-24 06:40 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-24 06:37 . 2010-11-24 06:37 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-24 06:37 . 2010-11-24 06:37 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-24 06:29 . 2010-11-24 06:29 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-11-24 06:27 . 2010-11-24 06:27 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-11-24 06:24 . 2010-11-24 06:24 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-24 06:19 . 2010-11-24 06:19 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-11-24 06:17 . 2010-11-24 06:17 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-11-24 06:17 . 2010-11-24 06:17 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-11-24 06:12 . 2010-11-24 06:12 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-11-24 06:09 . 2010-11-24 06:09 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-11-24 06:09 . 2010-11-24 06:09 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-11-24 06:07 . 2010-11-24 06:07 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-24 06:04 . 2010-11-24 06:04 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-24 06:04 . 2010-11-24 06:04 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-11-24 06:04 . 2010-11-24 06:04 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-11-24 06:02 . 2010-11-24 06:02 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-11-24 05:57 . 2010-11-24 05:57 414208 ----a-w- c:\windows\system32\msscp.dll
2010-11-24 05:55 . 2010-11-24 05:55 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-11-24 05:52 . 2010-11-24 05:52 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-11-24 05:50 . 2010-11-24 05:50 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-11-24 05:50 . 2010-11-24 05:50 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-11-24 05:50 . 2010-11-24 05:50 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-11-24 05:50 . 2010-11-24 05:50 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-11-24 05:50 . 2010-11-24 05:50 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-11-24 05:50 . 2010-11-24 05:50 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-11-24 05:44 . 2010-11-24 05:44 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-11-24 05:44 . 2010-11-24 05:44 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-11-24 05:44 . 2010-11-24 05:44 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2010-11-24 05:44 . 2010-11-24 05:44 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2010-11-24 05:38 . 2010-11-24 05:38 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-24 05:38 . 2010-11-24 05:38 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-11-24 05:38 . 2010-11-24 05:38 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-24 05:38 . 2010-11-24 05:38 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-11-24 05:38 . 2010-11-24 05:38 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-11-24 05:38 . 2010-11-24 05:38 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-11-24 05:38 . 2010-11-24 05:38 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-24 05:38 . 2010-11-24 05:38 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-24 05:31 . 2010-11-24 05:31 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-24 05:28 . 2010-11-24 05:28 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-24 05:24 . 2010-11-24 05:24 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-24 05:24 . 2010-11-24 05:24 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-24 05:24 . 2010-11-24 05:24 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-11-24 05:24 . 2010-11-24 05:24 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-24 05:24 . 2010-11-24 05:24 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-24 05:24 . 2010-11-24 05:24 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-24 05:22 . 2010-11-24 05:22 2923520 ----a-w- c:\windows\explorer.exe
2010-11-24 05:19 . 2010-11-24 05:19 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-11-24 05:19 . 2010-11-24 05:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-24 05:19 . 2010-11-24 05:19 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-24 05:19 . 2010-11-24 05:19 8704 ----a-w- c:\windows\system32\hcrstco.dll
2010-11-24 05:19 . 2010-11-24 05:19 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-24 05:19 . 2010-11-24 05:19 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-11-24 05:19 . 2010-11-24 05:19 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-11-24 05:19 . 2010-11-24 05:19 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-24 05:15 . 2010-11-24 05:15 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-24 05:15 . 2010-11-24 05:15 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-24 05:15 . 2010-11-24 05:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-24 05:15 . 2010-11-24 05:15 7680 ----a-w- c:\windows\system32\lsass.exe
2010-11-24 05:15 . 2010-11-24 05:15 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-24 05:15 . 2010-11-24 05:15 1233920 ----a-w- c:\windows\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 07:21 . 2010-11-24 07:21 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-11-24 04:49 . 2010-11-24 04:49 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-11-06 14:48 . 2010-11-06 14:48 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-04 22:21 . 2010-11-04 22:21 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-04 22:20 . 2010-11-04 22:20 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-04 22:05 . 2010-11-04 22:05 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-11-04 22:05 . 2010-11-04 22:05 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-04 22:05 . 2010-11-04 22:05 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-04 22:05 . 2010-11-04 22:05 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-11-04 22:05 . 2010-11-04 22:05 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-04 22:05 . 2010-11-04 22:05 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-11-04 22:05 . 2010-11-04 22:05 35552 ----a-w- c:\windows\system32\wups.dll
2010-11-04 22:05 . 2010-11-04 22:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-04 22:05 . 2010-11-04 22:05 171608 ----a-w- c:\windows\system32\wuwebv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-24 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-01-23 344080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

R1 mailKmd;mailKmd; [x]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]
R3 OJRVCRBIEDHN;OJRVCRBIEDHN;c:\users\Louroy\AppData\Local\Temp\OJRVCRBIEDHN.exe [x]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-01-25 218112]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]

.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ActiveSetup-ccc-core-static - msiexec
AddRemove-SiS163u - c:\windows\system32\unwlsdrv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 15:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-12-07 15:24:18
ComboFix-quarantined-files.txt 2010-12-07 15:24
ComboFix2.txt 2010-11-23 12:40

Pre-Run: 31,100,514,304 bytes free
Post-Run: 30,959,734,784 bytes free

- - End Of File - - 6FE550238B76C649110BC9B57AFE265E


Thanks,

Shane.
  • 0

#12
azarl
Posted 07 December 2010 - 10:02 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
ComboFix Script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

Driver::
OJRVCRBIEDHN

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

File::
c:\users\Louroy\AppData\Local\Temp\OJRVCRBIEDHN.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I need you to include in your next reply.
  • 0

#13
Shaney
Posted 07 December 2010 - 10:47 AM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
ComboFix logs as requested.

Best,

Shane.




ComboFix 10-12-04.06 - Louroy 07/12/2010 16:34:21.3.2 - x86


Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.894.353 [GMT 0:00]
Running from: c:\users\Louroy\Desktop\ComboFix.exe
Command switches used :: c:\users\Louroy\Desktop\CFScript.txt
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Louroy\AppData\Local\Temp\OJRVCRBIEDHN.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_OJRVCRBIEDHN


((((((((((((((((((((((((( Files Created from 2010-11-07 to 2010-12-07 )))))))))))))))))))))))))))))))
.

2010-12-07 16:37 . 2010-12-07 16:40 -------- d-----w- c:\users\Louroy\AppData\Local\temp
2010-12-07 16:37 . 2010-12-07 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-24 07:27 . 2010-11-24 07:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-11-24 07:27 . 2010-11-24 07:27 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-24 07:27 . 2010-11-24 07:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-24 07:27 . 2010-11-24 07:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-24 07:27 . 2010-11-24 07:27 24064 ----a-w- c:\windows\system32\lpk.dll
2010-11-24 07:27 . 2010-11-24 07:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-24 07:20 . 2010-11-24 07:20 134144 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-11-24 07:20 . 2010-11-24 07:20 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-11-24 07:20 . 2010-11-24 07:20 301568 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2010-11-24 07:16 . 2010-11-24 07:16 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-24 07:16 . 2010-11-24 07:16 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-11-24 07:15 . 2010-11-24 07:15 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-11-24 07:15 . 2010-11-24 07:15 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-24 07:12 . 2010-11-24 07:12 70144 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-11-24 07:12 . 2010-11-24 07:12 33280 ----a-w- c:\windows\system32\traffic.dll
2010-11-24 07:12 . 2010-11-24 07:12 13824 ----a-w- c:\windows\system32\wshqos.dll
2010-11-24 07:12 . 2010-11-24 07:12 15360 ----a-w- c:\windows\system32\pacerprf.dll
2010-11-24 07:12 . 2010-11-24 07:12 619008 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-11-24 07:12 . 2010-11-24 07:12 36864 ----a-w- c:\windows\system32\cdd.dll
2010-11-24 07:12 . 2010-11-24 07:12 134656 ----a-w- c:\windows\system32\dps.dll
2010-11-24 07:10 . 2010-11-24 07:10 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-24 07:10 . 2010-11-24 07:10 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-24 07:07 . 2010-11-24 07:07 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-24 07:07 . 2010-11-24 07:07 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-24 07:07 . 2010-11-24 07:07 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-24 07:04 . 2010-11-24 07:04 707072 ----a-w- c:\program files\Common Files\System\wab32.dll
2010-11-24 07:04 . 2010-11-24 07:04 41984 ----a-w- c:\program files\Windows Mail\wabimp.dll
2010-11-24 07:04 . 2010-11-24 07:04 1098752 ----a-w- c:\program files\Common Files\System\wab32res.dll
2010-11-24 07:04 . 2010-11-24 07:04 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-11-24 07:04 . 2010-11-24 07:04 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-11-24 07:04 . 2010-11-24 07:04 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-11-24 07:04 . 2010-11-24 07:04 2836992 ----a-w- c:\program files\Windows Mail\MSOERES.dll
2010-11-24 07:04 . 2010-11-24 07:04 1614848 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-11-24 07:04 . 2010-11-24 07:04 397312 ----a-w- c:\program files\Windows Mail\WinMail.exe
2010-11-24 07:04 . 2010-11-24 07:04 24064 ----a-w- c:\program files\Common Files\System\DirectDB.dll
2010-11-24 07:04 . 2010-11-24 07:04 81408 ----a-w- c:\program files\Windows Mail\oeimport.dll
2010-11-24 07:01 . 2010-11-24 07:01 15360 ----a-w- c:\windows\system32\netevent.dll
2010-11-24 07:01 . 2010-11-24 07:01 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-24 07:01 . 2010-11-24 07:01 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-24 07:01 . 2010-11-24 07:01 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-24 07:01 . 2010-11-24 07:01 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-24 07:01 . 2010-11-24 07:01 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-24 07:01 . 2010-11-24 07:01 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-24 07:01 . 2010-11-24 07:01 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-24 07:01 . 2010-11-24 07:01 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-24 06:54 . 2010-11-24 06:54 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-11-24 06:54 . 2010-11-24 06:54 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-11-24 06:52 . 2010-11-24 06:52 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-24 06:52 . 2010-11-24 06:52 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-11-24 06:52 . 2010-11-24 06:52 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-11-24 06:52 . 2010-11-24 06:52 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-24 06:48 . 2010-11-24 06:48 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-24 06:45 . 2010-11-24 06:45 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-24 06:45 . 2010-11-24 06:45 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-24 06:45 . 2010-11-24 06:45 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-24 06:43 . 2010-11-24 06:43 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-24 06:43 . 2010-11-24 06:43 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-11-24 06:40 . 2010-11-24 06:40 2855424 ----a-w- c:\windows\system32\mf.dll
2010-11-24 06:40 . 2010-11-24 06:40 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-24 06:40 . 2010-11-24 06:40 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-24 06:40 . 2010-11-24 06:40 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-24 06:40 . 2010-11-24 06:40 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-24 06:37 . 2010-11-24 06:37 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-24 06:37 . 2010-11-24 06:37 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-24 06:29 . 2010-11-24 06:29 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-11-24 06:27 . 2010-11-24 06:27 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-11-24 06:24 . 2010-11-24 06:24 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-24 06:19 . 2010-11-24 06:19 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-11-24 06:17 . 2010-11-24 06:17 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-11-24 06:17 . 2010-11-24 06:17 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-11-24 06:12 . 2010-11-24 06:12 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-11-24 06:09 . 2010-11-24 06:09 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-11-24 06:09 . 2010-11-24 06:09 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-11-24 06:07 . 2010-11-24 06:07 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-24 06:04 . 2010-11-24 06:04 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-24 06:04 . 2010-11-24 06:04 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-11-24 06:04 . 2010-11-24 06:04 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-11-24 06:02 . 2010-11-24 06:02 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-11-24 05:57 . 2010-11-24 05:57 414208 ----a-w- c:\windows\system32\msscp.dll
2010-11-24 05:55 . 2010-11-24 05:55 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-11-24 05:52 . 2010-11-24 05:52 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-11-24 05:50 . 2010-11-24 05:50 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-11-24 05:50 . 2010-11-24 05:50 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-11-24 05:50 . 2010-11-24 05:50 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-11-24 05:50 . 2010-11-24 05:50 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-11-24 05:50 . 2010-11-24 05:50 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-11-24 05:50 . 2010-11-24 05:50 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-11-24 05:44 . 2010-11-24 05:44 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-11-24 05:44 . 2010-11-24 05:44 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-11-24 05:44 . 2010-11-24 05:44 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2010-11-24 05:44 . 2010-11-24 05:44 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2010-11-24 05:38 . 2010-11-24 05:38 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-24 05:38 . 2010-11-24 05:38 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-11-24 05:38 . 2010-11-24 05:38 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-24 05:38 . 2010-11-24 05:38 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-11-24 05:38 . 2010-11-24 05:38 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-11-24 05:38 . 2010-11-24 05:38 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-11-24 05:38 . 2010-11-24 05:38 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-24 05:38 . 2010-11-24 05:38 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-24 05:31 . 2010-11-24 05:31 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-24 05:28 . 2010-11-24 05:28 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-24 05:24 . 2010-11-24 05:24 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-24 05:24 . 2010-11-24 05:24 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-24 05:24 . 2010-11-24 05:24 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-11-24 05:24 . 2010-11-24 05:24 110136 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-24 05:24 . 2010-11-24 05:24 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-24 05:24 . 2010-11-24 05:24 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-24 05:22 . 2010-11-24 05:22 2923520 ----a-w- c:\windows\explorer.exe
2010-11-24 05:19 . 2010-11-24 05:19 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-11-24 05:19 . 2010-11-24 05:19 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-24 05:19 . 2010-11-24 05:19 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-24 05:19 . 2010-11-24 05:19 8704 ----a-w- c:\windows\system32\hcrstco.dll
2010-11-24 05:19 . 2010-11-24 05:19 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-24 05:19 . 2010-11-24 05:19 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-11-24 05:19 . 2010-11-24 05:19 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-11-24 05:19 . 2010-11-24 05:19 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-24 05:15 . 2010-11-24 05:15 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-24 05:15 . 2010-11-24 05:15 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-24 05:15 . 2010-11-24 05:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-24 05:15 . 2010-11-24 05:15 7680 ----a-w- c:\windows\system32\lsass.exe
2010-11-24 05:15 . 2010-11-24 05:15 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-24 05:15 . 2010-11-24 05:15 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-24 05:15 . 2010-11-24 05:15 272384 ----a-w- c:\windows\system32\schannel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 07:21 . 2010-11-24 07:21 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-11-24 04:49 . 2010-11-24 04:49 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-11-06 14:48 . 2010-11-06 14:48 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-04 22:21 . 2010-11-04 22:21 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-04 22:20 . 2010-11-04 22:20 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-04 22:05 . 2010-11-04 22:05 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-11-04 22:05 . 2010-11-04 22:05 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-04 22:05 . 2010-11-04 22:05 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-04 22:05 . 2010-11-04 22:05 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-11-04 22:05 . 2010-11-04 22:05 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-04 22:05 . 2010-11-04 22:05 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-11-04 22:05 . 2010-11-04 22:05 35552 ----a-w- c:\windows\system32\wups.dll
2010-11-04 22:05 . 2010-11-04 22:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-04 22:05 . 2010-11-04 22:05 171608 ----a-w- c:\windows\system32\wuwebv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-24 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-01-23 344080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

R1 mailKmd;mailKmd; [x]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-01-25 218112]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-07 16:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
.
**************************************************************************
.
Completion time: 2010-12-07 16:44:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-07 16:44
ComboFix2.txt 2010-12-07 15:24
ComboFix3.txt 2010-11-23 12:40

Pre-Run: 30,980,866,048 bytes free
Post-Run: 30,723,805,184 bytes free

- - End Of File - - 711305DFC8DA2DF75FED3AF4F8699CF5
  • 0

#14
azarl
Posted 07 December 2010 - 11:05 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step 1«
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{40af2356-e862-11df-881a-0016d363e5bc}\Shell - "" = AutoRun
O33 - MountPoints2\{40af2356-e862-11df-881a-0016d363e5bc}\Shell\AutoRun\command - "" = G:\Password.exe -- File not found
O33 - MountPoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\HBCD\WinTools\Autorun.exe -- [2009/06/09 21:58:56 | 000,011,264 | R--- | M] (http://www.hiren.info)
O33 - MountPoints2\{5e2c92b4-e894-11df-ad2b-806e6f6e6963}\Shell\Option1\Command - "" = E:\HBCD\WinTools\Autorun.exe -- [2009/06/09 21:58:56 | 000,011,264 | R--- | M] (http://www.hiren.info)

:Commands
[purity]
[emptytemp]

[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
» Step 2 «
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 3 «
Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u21-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Diallers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#15
Shaney
Posted 07 December 2010 - 11:17 AM

Shaney

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Forgive my ignorance, what is OTL?

Thanks,

Shane.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP