Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

web redirect - fake antivirus pop ups - super slow

Started by Big O , Dec 28 2010 05:23 PM

  • Please log in to reply

#1
Big O
Posted 28 December 2010 - 05:23 PM

Big O

    Member

  • Member
  • PipPipPip
  • 104 posts
Desktop running - Windows XP Pro
Antivirus - AVG (free)
Add't - Spybot & Malwarebytes
Browser - IE

Computer had been running slow but it is older and mainly a backup since we both bought laptops. Wife said everytime she searched it took her to wierd sites and that our computer told her our antivirus is out of date and we needed to update to protect, she assummed that was fake and left it alone for me to investigate. I also ran into these issues and did some browsing on the web trying to eliminate the problem first hand. I thought I had everything under control but today I fired the old lady up again and the problems still persist. I feel there may be more than 1 issue and I would like to have you pro's take a look at my system and help me clean it up. I has been several years since I've been on the forum but the last time was a pure pleasure.




OTL logfile created on: 12/28/2010 4:44:57 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Tim Oakley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 217.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 222.65 Gb Total Space | 29.03 Gb Free Space | 13.04% Space Free | Partition Type: NTFS
Drive J: | 245.23 Mb Total Space | 171.36 Mb Free Space | 69.88% Space Free | Partition Type: FAT

Computer Name: SYSTEMAX | User Name: Tim Oakley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
PRC - [2010/07/10 07:49:32 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/15 08:23:14 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/15 08:23:14 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/15 08:23:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/15 18:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/02/20 18:18:32 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/30 15:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 07:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/04/19 15:40:36 | 009,125,888 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
PRC - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhxPsSvr.exe
PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) -- C:\WINDOWS\system32\PhxVtSvr.exe
PRC - [2004/04/06 15:14:10 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoTask.exe
PRC - [2004/04/06 15:13:56 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoRT.exe
PRC - [2004/04/06 15:13:54 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\eTrust Antivirus\InoRpc.exe


========== Modules (SafeList) ==========

MOD - [2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
MOD - [2007/02/05 08:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/15 08:23:01 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/09/10 21:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 20:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/02 17:34:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/25 14:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/04/05 17:14:04 | 000,040,960 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxPsSvr.exe -- (PhnxPsaService)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/14 12:40:12 | 000,053,248 | ---- | M] (Phoenix Technologies Ltd.) [Auto | Running] -- C:\WINDOWS\system32\PhxVtSvr.exe -- (PhnxVaultService)
SRV - [2004/04/06 15:14:10 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\eTrust Antivirus\InoTask.exe -- (InoTask)
SRV - [2004/04/06 15:13:56 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\eTrust Antivirus\InoRT.exe -- (InoRT)
SRV - [2004/04/06 15:13:54 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\eTrust Antivirus\InoRpc.exe -- (InoRPC)


========== Driver Services (SafeList) ==========

DRV - [2009/08/15 08:23:14 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/15 08:23:14 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/20 00:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/06/14 11:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/04/03 06:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/21 12:37:44 | 000,047,488 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\phnxvcd.sys -- (PhnxVcd)
DRV - [2006/03/20 12:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/16 01:20:34 | 000,155,992 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2006/03/14 01:15:18 | 000,024,152 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2005/12/02 15:43:22 | 000,008,832 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FBAPI.sys -- (FBAPI)
DRV - [2005/12/02 13:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2005/10/18 14:47:10 | 000,008,320 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ptpd.sys -- (ptpd)
DRV - [2005/06/07 15:13:02 | 000,042,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\DCDisk.sys -- (DCDisk)
DRV - [2005/03/31 18:58:00 | 000,450,400 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2004/09/29 16:35:30 | 000,219,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/09/29 16:34:24 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/29 16:33:50 | 001,036,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 21:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/08/03 20:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/08/13 00:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\Machnm32.sys -- (Machnm32)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274

FF - HKLM\software\mozilla\Firefox\Extensions\\{3F174225-6496-4A74-B549-C4358CE3B826}: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\{3F174225-6496-4A74-B549-C4358CE3B826}\ [2010/08/30 21:58:56 | 000,000,000 | ---D | M]

[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions
[2009/08/23 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/11/28 11:20:13 | 000,428,224 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14754 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrust Antivirus\Realmon.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [nauyodkq] C:\DOCUME~1\TIMOAK~1\LOCALS~1\Temp\psijxrigf\vhuqcrraffm.exe File not found
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159453796765 (WUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.pcaengs...emote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.aka...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/28 06:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/18 08:29:41 | 000,012,254 | ---- | M] () - C:\AutoEyeuninstal.log -- [ NTFS ]
O33 - MountPoints2\{5c97a101-89cb-11de-b3e1-0015e93f8daa}\Shell\AutoRun\command - "" = J:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\Shell - "" = AutoRun
O33 - MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/28 16:44:35 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2004/09/08 09:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/28 16:44:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Oakley\Desktop\OTL.exe
[2010/12/28 15:50:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/28 15:48:32 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/12/28 15:48:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/28 15:48:25 | 1063,247,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 16:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/22 08:37:31 | 069,214,981 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 21:04:30 | 1063,247,872 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/31 00:00:45 | 000,002,843 | ---- | C] () -- C:\WINDOWS\oveyoyamuzage.dll
[2009/08/26 19:09:55 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/12 17:42:52 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2008/10/12 17:41:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/06/09 16:31:25 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Application Data\$_hpcst$.hpc
[2007/03/26 15:53:37 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/10 20:57:23 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/03/03 18:20:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/02/07 21:25:54 | 000,208,384 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/07 19:04:30 | 000,000,848 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/07 18:19:58 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tim Oakley\Local Settings\Application Data\fusioncache.dat
[2007/02/06 17:56:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/06 17:53:32 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/29 22:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/29 06:33:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/29 06:21:41 | 000,042,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\DCDisk.sys
[2007/01/29 06:21:40 | 000,014,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\exdisk.sys
[2007/01/29 06:21:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2007/01/29 06:21:37 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\FBAPI.sys
[2007/01/29 06:21:31 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxPsa.ini
[2007/01/29 06:21:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PhxVtUsr.dll
[2007/01/29 06:21:25 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2007/01/29 06:21:25 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\phnxVaul.ini
[2007/01/29 05:54:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/12 09:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/09/28 06:22:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/31 15:08:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/07/31 15:08:30 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/07/31 15:08:14 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/07/31 15:08:10 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

========== LOP Check ==========

[2009/08/26 19:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/04/21 06:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2007/07/16 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2008/10/12 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/31 17:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/11/28 12:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/29 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YNAB
[2007/10/16 20:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Alien Skin
[2010/02/27 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\AnvSoft
[2007/03/10 04:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\BitTorrent
[2008/10/12 18:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Canon
[2007/12/29 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Fisher-Price
[2010/08/26 19:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQ
[2007/02/11 09:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ICQLite
[2007/12/12 22:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ieSpell
[2008/05/09 15:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Opera
[2007/01/29 06:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Recover Pro
[2007/07/16 21:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\River Past G5
[2008/10/12 17:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\ScanSoft
[2007/06/02 04:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Oakley\Application Data\Snapfish
[2010/12/28 15:48:32 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

< End of report >

Edited by Big O, 28 December 2010 - 05:57 PM.

  • 0

Advertisements

#2
RKinner
Posted 29 December 2010 - 10:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box below by highlighting and then Ctrl + c :


:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrust Antivirus\Realmon.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKCU..\Run: [nauyodkq] C:\DOCUME~1\TIMOAK~1\LOCALS~1\Temp\psijxrigf\vhuqcrraffm.exe File not found
O4 - HKCU..\Run: [PowerBar] File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O32 - AutoRun File - [2007/03/18 08:29:41 | 000,012,254 | ---- | M] () - C:\AutoEyeuninstal.log -- [ NTFS ]
O33 - MountPoints2\{5c97a101-89cb-11de-b3e1-0015e93f8daa}\Shell\AutoRun\command - "" = J:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\Shell - "" = AutoRun
O33 - MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
[2010/08/31 00:00:45 | 000,002,843 | ---- | C] () -- C:\WINDOWS\oveyoyamuzage.dll

:FILES
C:\WINDOWS\Tasks\At*.job

:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Run OTL then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.


Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

http://subs.geekstogo.com/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://www.infospywa...alware/combofix


==================================


Double click on george.exe & follow the prompts. Allow it to install the Recovery Console. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image Please download Malwarebytes' Anti-Malware from http://www.malwareby...am-download.php

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run OTL.
In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.

Ron
  • 0

#3
Big O
Posted 29 December 2010 - 11:32 AM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Thank you for taking time to address my problems! I was able to conduct the OTL fix and the system restarted. I downloaded combofix and renamed it to george and attempted to run it. The first time it brought up their disclaimer and I agreed to proceed. Then it told me that I must uninstall AVG since it doesn't play nice with combofix (I had all virus and malware programs closed and off). I attempted to uninstall AVG but it errored citing an error in action failed for creating registry key (error 0x80070005)

I attempted to run combofix again and it gave me a popup saying " ERROR - You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe. You can close combofix by clicking the right corner of the progress bar." I tried each of the links on your reply and received the same response each time, I even tried a different file name incase the virus had assimilated combofix with george. I decided not to try anything and just reply with my results. Below is the OTL after the 'run fix'


All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Program Files\CA\eTrust Antivirus\Realmon.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nauyodkq deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PowerBar deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
C:\AutoEyeuninstal.log moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c97a101-89cb-11de-b3e1-0015e93f8daa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c97a101-89cb-11de-b3e1-0015e93f8daa}\ not found.
File J:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2c9da74-a8f2-11df-b409-0015e93f8daa}\ not found.
File J:\setup.exe not found.
C:\WINDOWS\oveyoyamuzage.dll moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\Tasks\At*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 254104 bytes

User: All Users

User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 82054 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 45137319 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 18490988 bytes
->Java cache emptied: 9673 bytes
->Flash cache emptied: 5964 bytes

User: Tim Oakley
->Temp folder emptied: 2274107574 bytes
->Temporary Internet Files folder emptied: 95730848 bytes
->Java cache emptied: 8548372 bytes
->Apple Safari cache emptied: 782336 bytes
->Flash cache emptied: 1714006 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3532817 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1235532438 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77543790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 4428515 bytes
RecycleBin emptied: 1376473251 bytes

Total Files Cleaned = 4,904.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.0 log created on 12292010_100401

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Tim Oakley\Local Settings\Temp\~DFCABE.tmp not found!
File\Folder C:\Documents and Settings\Tim Oakley\Local Settings\Temporary Internet Files\Content.Word\~WRS2169.tmp not found!

Registry entries deleted on Reboot...
  • 0

#4
RKinner
Posted 29 December 2010 - 03:28 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
AVG removal tool:

http://download.avg....6_2011_1165.exe

might help.

If AVG was running when you downloaded Combofix it might have eaten a critical file. Otherwise there is a really nasty virus out there which is nearly impossible to get rid of so I hope that's not it. Go ahead and see if you can run MBAM.

Also try ESET:

run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Ron
  • 0

#5
Big O
Posted 29 December 2010 - 03:55 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
I was able to remove AVG with the tool you provided (thank you). I also ran malwarebytes and the log is below. Normally it would take 18 minutes to complete the scan, this one only took 6 mins, I'm not sure if that is a good or bad thing. I tried to run combofix again and it detected an old antivirus that came with my computer, I uninstalled that program as well. When I went to restart the system I received 3 error pop ups (unresponsive) stating the programs needs more time to shut down or end program. I was unable to get teh full path but it started like this "C:/327BB22FWJFW/license/iexplo... and the other ones were the same except it was firefox instead of iexplor.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/29/2010 2:48:14 PM
mbam-log-2010-12-29 (14-48-14).txt

Scan type: Quick scan
Objects scanned: 151963
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Big O
Posted 29 December 2010 - 03:59 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Quick update, after the restart again I tried george.exe and it said AVG was still running. THen it popped up again and said that it would try to run even though AVG is still running and proceeding is at my own risk. Now it is sitting on a dos screen popup saying combofix is preparing to run. After a few minutes the program took off and began its process. It error'd at the recovery consel part stating

"C:\george\windowsxp-kb310994-sp2-pro-bootdisk-env.exe is not a valid Win32 application."

asked me if i wanted to continue scanning or exit?

Seems to have froze the system.

After a restart, it tells me there is a newer version of combofix available and asked if i wanted to update, I said no. Didn't know if this was he virus playing or real.

This time the recovery consel loaded/installed correctly and it began scanning again.

Edited by Big O, 29 December 2010 - 04:57 PM.

  • 0

#7
RKinner
Posted 29 December 2010 - 05:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You might try downloading Combofix again now that you have killed off avg and this time call it george2.exe.

Suggest you try the free Avast instead of AVG. I think it's a better anti-virus and if nothing else it lets itself be paused and it uninstalls cleanly.
http://www.avast.com...ivirus-download


Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#8
Big O
Posted 29 December 2010 - 05:31 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
SYSTEM

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/12/2010 4:23:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2010 4:18:23 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 4:18:23 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 3:51:21 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 3:51:21 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 3:36:03 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 3:36:03 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 2:55:07 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 2:55:07 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 2:39:33 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 2:39:33 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 2:37:27 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 29/12/2010 2:35:22 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 29/12/2010 2:35:22 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 29/12/2010 2:35:19 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 29/12/2010 11:17:44 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/12/2010 11:15:44 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/12/2010 11:13:36 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 29/12/2010 11:12:33 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/12/2010 11:09:55 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 29/12/2010 11:09:15 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2010 6:18:59 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 28/12/2010 3:28:13 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 23/12/2010 5:27:46 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 19/12/2010 4:34:28 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/12/2010 6:14:34 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 15/12/2010 4:25:59 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to reboot SYSTEMAX failed

Log: 'System' Date/Time: 14/12/2010 12:41:19 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 14/12/2010 12:41:15 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 12/12/2010 12:17:52 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 09/12/2010 1:23:39 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 09/12/2010 1:23:36 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 06/12/2010 2:15:54 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 29/11/2010 2:15:03 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 27/11/2010 9:33:37 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/11/2010 9:33:03 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/11/2010 7:47:35 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 27/11/2010 7:47:32 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/11/2010 7:37:29 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 27/11/2010 7:08:46 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 27/11/2010 7:08:43 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


APPLICATION

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/12/2010 4:29:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/12/2010 4:21:09 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00264c5c.

Log: 'Application' Date/Time: 29/12/2010 4:20:22 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2010 4:18:23 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 4:18:23 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 3:51:21 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 3:51:21 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 3:36:03 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 3:36:03 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 2:55:07 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 2:55:07 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 2:39:33 PM
Type: error Category: 0
Event: 49 Source: Ftdisk
Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

Log: 'System' Date/Time: 29/12/2010 2:39:33 PM
Type: error Category: 0
Event: 45 Source: Ftdisk
The system could not sucessfully load the crash dump driver.

Log: 'System' Date/Time: 29/12/2010 2:37:27 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 29/12/2010 2:35:22 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 29/12/2010 2:35:22 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 29/12/2010 2:35:19 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 29/12/2010 11:17:44 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/12/2010 11:15:44 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/12/2010 11:13:36 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Log: 'System' Date/Time: 29/12/2010 11:12:33 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 29/12/2010 11:09:55 AM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 29/12/2010 11:09:15 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/12/2010 6:18:59 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 28/12/2010 3:28:13 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 23/12/2010 5:27:46 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 19/12/2010 4:34:28 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/12/2010 6:14:34 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 15/12/2010 4:25:59 PM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to reboot SYSTEMAX failed

Log: 'System' Date/Time: 14/12/2010 12:41:19 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 14/12/2010 12:41:15 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 12/12/2010 12:17:52 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 09/12/2010 1:23:39 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 09/12/2010 1:23:36 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 06/12/2010 2:15:54 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 29/11/2010 2:15:03 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 27/11/2010 9:33:37 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/11/2010 9:33:03 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/11/2010 7:47:35 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 27/11/2010 7:47:32 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 27/11/2010 7:37:29 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 27/11/2010 7:08:46 PM
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 0015E93F8DAA. The IP address being used is 169.254.37.188.

Log: 'System' Date/Time: 27/11/2010 7:08:43 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0015E93F8DAA. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.





UPDATE:

Redownloaded and named george2.exe, still hangs up at the scanning stage. This time was a direct download instead of a download on laptop and transfer with jumpdrive. Also IE now has pop up ads when it starts, did not have this before, just redirects. I was going to run malwarebytes again but decided to wait for your direction.

Edited by Big O, 29 December 2010 - 05:55 PM.

  • 0

#9
RKinner
Posted 29 December 2010 - 06:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
When you reboot do you see a black screen that offers you a choice between the Recovery console and your usual XP installation? Should only stay there about 2 seconds then automatically runs XP. Just wondering Combofix was able to install the Recovery Console before it died.

Right click on the clock and select Adjust Date/Time then choose Internet Time. See if you can get it to synchronize. If not is there a firewall in the way which might be blocking it?

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#10
Big O
Posted 29 December 2010 - 06:48 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Recovery Console was installed and the black screen does show on a reboot

I was able to get synchronization with the internet time

I will proceed to do the rest of your recommendations now.



I was able to get my system to connect to the ESET scanner, I started it up before I went upstairs for dinner. It is 70% done and has found 2 infected files. Threats found: probably a variant of Win32/Agent.DLSWACK trojan AND probably unknown NewHeur_PE virus

Edited by Big O, 29 December 2010 - 06:54 PM.

  • 0

Advertisements

#11
Big O
Posted 29 December 2010 - 07:24 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Here we go with the rest of your suggestions:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 183):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A6E000 \WINDOWS\system32\KDCOM.DLL
0xF797E000 \WINDOWS\system32\BOOTVID.dll
0xF743F000 ACPI.sys
0xF7A70000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF742E000 pci.sys
0xF756E000 isapnp.sys
0xF7B36000 pciide.sys
0xF77EE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A72000 aliide.sys
0xF7A74000 cmdide.sys
0xF7A76000 toside.sys
0xF7A78000 viaide.sys
0xF7A7A000 intelide.sys
0xF757E000 MountMgr.sys
0xF740F000 ftdisk.sys
0xF7A7C000 dmload.sys
0xF73E9000 dmio.sys
0xF77F6000 PartMgr.sys
0xF758E000 VolSnap.sys
0xF7982000 cpqarray.sys
0xF73D1000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF731A000 iaStor.sys
0xF7302000 atapi.sys
0xF7986000 aha154x.sys
0xF77FE000 sparrow.sys
0xF798A000 symc810.sys
0xF759E000 aic78xx.sys
0xF798E000 dac960nt.sys
0xF75AE000 ql10wnt.sys
0xF7992000 amsint.sys
0xF7806000 asc.sys
0xF7996000 asc3550.sys
0xF780E000 mraid35x.sys
0xF7816000 i2omp.sys
0xF799A000 ini910u.sys
0xF75BE000 ql1240.sys
0xF75CE000 aic78u2.sys
0xF781E000 symc8xx.sys
0xF7826000 sym_hi.sys
0xF782E000 sym_u3.sys
0xF7836000 ABP480N5.SYS
0xF783E000 asc3350p.sys
0xF7A7E000 cd20xrnt.sys
0xF75DE000 ultra.sys
0xF72E9000 adpu160m.sys
0xF7846000 dpti2o.sys
0xF75EE000 ql1080.sys
0xF75FE000 ql1280.sys
0xF760E000 ql12160.sys
0xF784E000 perc2.sys
0xF7A80000 perc2hib.sys
0xF7856000 hpn.sys
0xF799E000 cbidf2k.sys
0xF72BD000 dac2w2k.sys
0xF72A6000 viamraid.sys
0xF761E000 disk.sys
0xF762E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7286000 fltmgr.sys
0xF7274000 sr.sys
0xF763E000 PxHelp20.sys
0xF725D000 KSecDD.sys
0xF71D0000 Ntfs.sys
0xF71A3000 NDIS.sys
0xF79A2000 ptpd.sys
0xF764E000 uagp35.sys
0xF765E000 sisagp.sys
0xF766E000 viaagp.sys
0xF767E000 ohci1394.sys
0xF768E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7189000 Mup.sys
0xF769E000 alim1541.sys
0xF76AE000 amdagp.sys
0xF76BE000 agp440.sys
0xF76CE000 agpCPQ.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF775E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5FE3000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF5FCF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5FA7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF5F76000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF78B6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5F52000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78BE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5EE4000 \SystemRoot\system32\DRIVERS\A3AB.sys
0xF5EAE000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF5E8B000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5D8D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF5CE1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78C6000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5CCD000 \SystemRoot\system32\DRIVERS\parport.sys
0xF776E000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6886000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF777E000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF778E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF779E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7A3A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7BE6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A42000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5CB6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7169000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78CE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5CA5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7159000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78D6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7149000 \SystemRoot\System32\Drivers\PhnxVcd.sys
0xF5C75000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6219000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B08000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5C17000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A5E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF70E9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA043000 \SystemRoot\system32\drivers\sthda.sys
0xAA01F000 \SystemRoot\system32\drivers\portcls.sys
0xF76FE000 \SystemRoot\system32\drivers\drmk.sys
0xA9FBF000 \SystemRoot\system32\drivers\sfng32.sys
0xA38EF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA481B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA3D74000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xA345C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA3359000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA3458000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA38BF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA3351000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA3349000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA4819000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA29E3000 \SystemRoot\System32\Drivers\Null.SYS
0xA4817000 \SystemRoot\System32\Drivers\Beep.SYS
0xA3339000 \SystemRoot\System32\drivers\vga.sys
0xA4815000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA4813000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA3331000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA3329000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA344C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2187000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA212E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA2106000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA20E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA20BE000 \SystemRoot\System32\drivers\afd.sys
0xA31D3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA31C3000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA3321000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xA2093000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA31B3000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA2023000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA31A3000 \SystemRoot\System32\Drivers\Fips.SYS
0xA3183000 \SystemRoot\System32\Drivers\DCDisk.SYS
0x9D09A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9CB33000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9C81D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9C815000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0x9B788000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0x9CB27000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0x9B778000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x9C488000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B5CB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA2570000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07C000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6181000 \SystemRoot\system32\DRIVERS\elagopro.sys
0xA72F5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A38F000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9469000 \SystemRoot\system32\drivers\sysaudio.sys
0x9A0BA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA4091000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0x9A0F3000 \??\C:\WINDOWS\system32\drivers\FBAPI.sys
0xA4452000 \??\C:\WINDOWS\system32\Machnm32.sys
0x99F73000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7A62000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x99B72000 \SystemRoot\System32\Drivers\HTTP.sys
0x994C1000 \SystemRoot\System32\Drivers\Fastfat.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 35):
0 System Idle Process
4 System
820 C:\WINDOWS\system32\smss.exe
872 csrss.exe
896 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1128 C:\WINDOWS\system32\svchost.exe
1180 svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1328 svchost.exe
1428 svchost.exe
1632 C:\WINDOWS\system32\spoolsv.exe
1960 C:\WINDOWS\explorer.exe
228 C:\WINDOWS\system32\ctfmon.exe
316 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
328 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
272 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
380 C:\Program Files\Messenger\msmsgs.exe
388 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
420 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
556 C:\PROGRA~1\MICROS~4\rapimgr.exe
604 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
1840 svchost.exe
1776 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2036 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1256 C:\WINDOWS\system32\PhxPsSvr.exe
588 C:\WINDOWS\system32\PhxVtSvr.exe
1380 C:\WINDOWS\system32\HPZipm12.exe
1272 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
1768 C:\WINDOWS\system32\svchost.exe
2132 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2708 alg.exe
3316 C:\WINDOWS\system32\svchost.exe
3756 C:\Documents and Settings\Tim Oakley\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-00NCB1, Rev: 10.02E02

Size Device Name MBR Status
--------------------------------------------
222 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 3DB196AACEBF867015354A3B9AF258D116FCFB13


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!








2010/12/29 18:25:37.0807 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/29 18:25:37.0807 ================================================================================
2010/12/29 18:25:37.0807 SystemInfo:
2010/12/29 18:25:37.0807
2010/12/29 18:25:37.0807 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/29 18:25:37.0807 Product type: Workstation
2010/12/29 18:25:37.0807 ComputerName: SYSTEMAX
2010/12/29 18:25:37.0807 UserName: Tim Oakley
2010/12/29 18:25:37.0807 Windows directory: C:\WINDOWS
2010/12/29 18:25:37.0807 System windows directory: C:\WINDOWS
2010/12/29 18:25:37.0807 Processor architecture: Intel x86
2010/12/29 18:25:37.0807 Number of processors: 2
2010/12/29 18:25:37.0807 Page size: 0x1000
2010/12/29 18:25:37.0807 Boot type: Normal boot
2010/12/29 18:25:37.0807 ================================================================================
2010/12/29 18:25:38.0213 Initialize success
2010/12/29 18:25:49.0854 ================================================================================
2010/12/29 18:25:49.0854 Scan started
2010/12/29 18:25:49.0854 Mode: Manual;
2010/12/29 18:25:49.0854 ================================================================================
2010/12/29 18:25:50.0370 A3AB (76624408401443bb7920af70183a7d27) C:\WINDOWS\system32\DRIVERS\A3AB.sys
2010/12/29 18:25:50.0463 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/29 18:25:50.0510 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/29 18:25:50.0557 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/29 18:25:50.0573 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/29 18:25:50.0604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/29 18:25:50.0666 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/29 18:25:50.0698 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/29 18:25:50.0713 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/29 18:25:50.0745 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/29 18:25:50.0760 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/29 18:25:50.0791 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/29 18:25:50.0823 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/29 18:25:50.0838 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/29 18:25:50.0854 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/29 18:25:50.0870 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/29 18:25:50.0916 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2010/12/29 18:25:50.0963 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/29 18:25:50.0979 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/29 18:25:50.0995 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/29 18:25:51.0026 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/29 18:25:51.0088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/29 18:25:51.0120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/29 18:25:51.0182 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/29 18:25:51.0229 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/29 18:25:51.0260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/29 18:25:51.0291 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/29 18:25:51.0448 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/29 18:25:51.0448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/29 18:25:51.0495 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/29 18:25:51.0526 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/29 18:25:51.0557 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/29 18:25:51.0604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/29 18:25:51.0713 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/29 18:25:51.0760 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/29 18:25:51.0792 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/29 18:25:51.0854 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/29 18:25:51.0885 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/29 18:25:51.0948 DCDisk (ab01e9f46583e6f0ebf7659b21630407) C:\WINDOWS\system32\drivers\DCDisk.sys
2010/12/29 18:25:51.0995 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/29 18:25:52.0042 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/29 18:25:52.0088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/29 18:25:52.0104 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/29 18:25:52.0135 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/29 18:25:52.0182 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/29 18:25:52.0198 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/29 18:25:52.0245 e1express (19646098c00c5374d10b4d0406500021) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/29 18:25:52.0292 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/29 18:25:52.0323 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2010/12/29 18:25:52.0385 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2010/12/29 18:25:52.0417 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/29 18:25:52.0479 FBAPI (3620e669c5268247c05be74eb758df27) C:\WINDOWS\system32\drivers\FBAPI.sys
2010/12/29 18:25:52.0510 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/29 18:25:52.0542 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/29 18:25:52.0573 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/29 18:25:52.0620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/29 18:25:52.0635 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/29 18:25:52.0698 Ftdisk (e4d407d6b1a86443b89628617df051e3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/29 18:25:52.0698 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: e4d407d6b1a86443b89628617df051e3, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/12/29 18:25:52.0713 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/29 18:25:52.0792 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/29 18:25:52.0885 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/29 18:25:52.0948 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/29 18:25:52.0979 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/29 18:25:53.0026 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/29 18:25:53.0073 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/29 18:25:53.0151 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/29 18:25:53.0198 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/29 18:25:53.0213 HSFHWBS2 (881d1c3a64904f4b6068013a99a5855b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/29 18:25:53.0276 HSF_DP (8ed6714c8e754520dd8a939f91383ea0) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/29 18:25:53.0338 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/29 18:25:53.0370 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/29 18:25:53.0401 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/29 18:25:53.0417 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/29 18:25:53.0495 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/29 18:25:53.0542 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/12/29 18:25:53.0588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/29 18:25:53.0635 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/29 18:25:53.0667 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/29 18:25:53.0713 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/29 18:25:53.0745 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/29 18:25:53.0792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/29 18:25:53.0823 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/29 18:25:53.0854 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/29 18:25:53.0885 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/29 18:25:53.0917 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/29 18:25:53.0963 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/29 18:25:53.0979 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/29 18:25:53.0995 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/29 18:25:54.0026 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/29 18:25:54.0088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/29 18:25:54.0245 Machnm32 (fd65bef5ff8275711d9a56f0b8bb43f1) C:\WINDOWS\system32\Machnm32.sys
2010/12/29 18:25:54.0260 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/29 18:25:54.0292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/29 18:25:54.0338 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/29 18:25:54.0354 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/29 18:25:54.0385 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/29 18:25:54.0417 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/29 18:25:54.0463 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/29 18:25:54.0479 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/29 18:25:54.0526 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/29 18:25:54.0620 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/29 18:25:54.0698 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/29 18:25:54.0745 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/29 18:25:54.0792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/29 18:25:54.0823 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/29 18:25:54.0854 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/29 18:25:54.0885 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/29 18:25:54.0885 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/29 18:25:54.0932 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/29 18:25:54.0995 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/29 18:25:55.0026 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/29 18:25:55.0057 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/29 18:25:55.0073 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/29 18:25:55.0120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/29 18:25:55.0167 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/29 18:25:55.0182 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/29 18:25:55.0214 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/29 18:25:55.0276 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/29 18:25:55.0354 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/29 18:25:55.0401 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/29 18:25:55.0495 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/29 18:25:55.0526 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/29 18:25:55.0557 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/29 18:25:55.0573 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/29 18:25:55.0620 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/29 18:25:55.0620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/29 18:25:55.0682 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/29 18:25:55.0714 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/29 18:25:55.0745 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/29 18:25:55.0792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/29 18:25:55.0885 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/29 18:25:55.0901 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/29 18:25:55.0979 PhnxVcd (9090970d29a5181fec0ebb32527b03a9) C:\WINDOWS\system32\Drivers\PhnxVcd.sys
2010/12/29 18:25:56.0010 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/29 18:25:56.0042 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/29 18:25:56.0057 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/29 18:25:56.0073 ptpd (0427761a84610f6bb914e55a8beabec2) C:\WINDOWS\system32\drivers\ptpd.sys
2010/12/29 18:25:56.0104 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/29 18:25:56.0151 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/29 18:25:56.0167 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/29 18:25:56.0182 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/29 18:25:56.0198 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/29 18:25:56.0214 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/29 18:25:56.0245 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/29 18:25:56.0276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/29 18:25:56.0292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/29 18:25:56.0307 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/29 18:25:56.0339 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/29 18:25:56.0370 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/29 18:25:56.0401 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/29 18:25:56.0432 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/29 18:25:56.0448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/29 18:25:56.0510 SCDEmu (46b50c07abfda51d9b22212eaeb82d2b) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/12/29 18:25:56.0542 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/29 18:25:56.0604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/29 18:25:56.0635 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/29 18:25:56.0667 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/29 18:25:56.0698 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
2010/12/29 18:25:56.0745 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/29 18:25:56.0776 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/29 18:25:56.0854 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/29 18:25:56.0870 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/29 18:25:56.0901 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/29 18:25:56.0964 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/29 18:25:57.0057 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/29 18:25:57.0104 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/29 18:25:57.0151 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/29 18:25:57.0167 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/29 18:25:57.0198 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/29 18:25:57.0214 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/29 18:25:57.0245 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/29 18:25:57.0260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/29 18:25:57.0292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/29 18:25:57.0354 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/29 18:25:57.0401 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/29 18:25:57.0417 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/29 18:25:57.0448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/29 18:25:57.0495 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/29 18:25:57.0526 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/12/29 18:25:57.0573 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/29 18:25:57.0604 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/29 18:25:57.0651 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/29 18:25:57.0714 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/29 18:25:57.0792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/29 18:25:57.0823 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/29 18:25:57.0854 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/29 18:25:57.0885 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/29 18:25:57.0979 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/29 18:25:58.0010 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/29 18:25:58.0026 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/29 18:25:58.0057 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/29 18:25:58.0104 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/29 18:25:58.0135 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/12/29 18:25:58.0167 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/29 18:25:58.0214 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/29 18:25:58.0214 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/29 18:25:58.0245 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2010/12/29 18:25:58.0276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/29 18:25:58.0307 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/29 18:25:58.0339 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/29 18:25:58.0401 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/29 18:25:58.0464 winachsf (7dd2ec1efd9f48843ffc5815aebf1068) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/29 18:25:58.0557 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/29 18:25:58.0589 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/29 18:25:58.0620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/29 18:25:58.0714 ================================================================================
2010/12/29 18:25:58.0714 Scan finished
2010/12/29 18:25:58.0714 ================================================================================
2010/12/29 18:25:58.0729 Detected object count: 1
2010/12/29 18:26:10.0245 Ftdisk (e4d407d6b1a86443b89628617df051e3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/29 18:26:10.0245 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: e4d407d6b1a86443b89628617df051e3, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/12/29 18:26:11.0230 Backup copy found, using it..
2010/12/29 18:26:11.0261 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2010/12/29 18:26:11.0261 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2010/12/29 18:26:27.0559 Deinitialize success

Edited by Big O, 29 December 2010 - 07:30 PM.

  • 0

#12
RKinner
Posted 29 December 2010 - 07:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
TDSS Killer found something:

2010/12/29 18:26:11.0261 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot

I assume you have rebooted since you ran it. (If not please do so) Run TDSS Killer again and let's see if the cure was successful.

MBRCheck also found a non standard mbr. What make and model PC do you have?

Ron
  • 0

#13
Big O
Posted 29 December 2010 - 07:45 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Systemax - Venture


***currently running GMER on the desktop, and I have rebooted since TDSSKiller found a problem. I will rerun after GMER finishes

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-29 20:17:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500JS-00NCB1 rev.10.02E02
Running: 9vi668e6.exe; Driver: C:\DOCUME~1\TIMOAK~1\LOCALS~1\Temp\ugryypow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 10: copy of MBR

---- EOF - GMER 1.0.15 ----

Edited by Big O, 29 December 2010 - 09:23 PM.

  • 0

#14
Big O
Posted 29 December 2010 - 09:27 PM

Big O

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts
Pasted the GMER above in previous reply, here is the rerun of TSDDKiller

2010/12/29 20:24:33.0078 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/29 20:24:33.0078 ================================================================================
2010/12/29 20:24:33.0078 SystemInfo:
2010/12/29 20:24:33.0078
2010/12/29 20:24:33.0078 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/29 20:24:33.0078 Product type: Workstation
2010/12/29 20:24:33.0078 ComputerName: SYSTEMAX
2010/12/29 20:24:33.0093 UserName: Tim Oakley
2010/12/29 20:24:33.0093 Windows directory: C:\WINDOWS
2010/12/29 20:24:33.0093 System windows directory: C:\WINDOWS
2010/12/29 20:24:33.0093 Processor architecture: Intel x86
2010/12/29 20:24:33.0093 Number of processors: 2
2010/12/29 20:24:33.0093 Page size: 0x1000
2010/12/29 20:24:33.0093 Boot type: Normal boot
2010/12/29 20:24:33.0093 ================================================================================
2010/12/29 20:24:34.0203 Initialize success
2010/12/29 20:24:36.0843 ================================================================================
2010/12/29 20:24:36.0843 Scan started
2010/12/29 20:24:36.0843 Mode: Manual;
2010/12/29 20:24:36.0843 ================================================================================
2010/12/29 20:24:40.0125 A3AB (76624408401443bb7920af70183a7d27) C:\WINDOWS\system32\DRIVERS\A3AB.sys
2010/12/29 20:24:40.0250 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/29 20:24:40.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/29 20:24:40.0359 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/29 20:24:40.0406 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/29 20:24:40.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/29 20:24:40.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/29 20:24:40.0562 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/29 20:24:40.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/29 20:24:40.0609 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/29 20:24:40.0625 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/29 20:24:40.0656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/29 20:24:40.0703 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/29 20:24:40.0734 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/29 20:24:40.0750 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/29 20:24:40.0781 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/29 20:24:40.0828 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2010/12/29 20:24:40.0890 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/29 20:24:40.0906 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/29 20:24:40.0937 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/29 20:24:41.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/29 20:24:41.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/29 20:24:41.0218 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/29 20:24:41.0296 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/29 20:24:41.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/29 20:24:41.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/29 20:24:41.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/29 20:24:41.0718 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/29 20:24:41.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/29 20:24:42.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/29 20:24:42.0078 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/29 20:24:42.0125 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/29 20:24:42.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/29 20:24:42.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/29 20:24:42.0312 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/29 20:24:42.0359 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/29 20:24:42.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/29 20:24:42.0453 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/29 20:24:42.0515 DCDisk (ab01e9f46583e6f0ebf7659b21630407) C:\WINDOWS\system32\drivers\DCDisk.sys
2010/12/29 20:24:42.0562 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/29 20:24:42.0625 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/29 20:24:42.0671 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/29 20:24:42.0703 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/29 20:24:42.0750 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/29 20:24:42.0781 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/29 20:24:42.0812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/29 20:24:42.0843 e1express (19646098c00c5374d10b4d0406500021) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/12/29 20:24:42.0890 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/12/29 20:24:42.0953 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
2010/12/29 20:24:43.0093 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
2010/12/29 20:24:43.0250 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/29 20:24:43.0515 FBAPI (3620e669c5268247c05be74eb758df27) C:\WINDOWS\system32\drivers\FBAPI.sys
2010/12/29 20:24:43.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/29 20:24:43.0656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/29 20:24:43.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/29 20:24:43.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/29 20:24:43.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/29 20:24:43.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/29 20:24:44.0078 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/29 20:24:44.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/29 20:24:44.0250 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/29 20:24:44.0312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/29 20:24:44.0375 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/29 20:24:44.0437 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/29 20:24:44.0453 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/29 20:24:44.0500 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/29 20:24:44.0546 HSFHWBS2 (881d1c3a64904f4b6068013a99a5855b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/29 20:24:44.0609 HSF_DP (8ed6714c8e754520dd8a939f91383ea0) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/12/29 20:24:44.0703 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/29 20:24:44.0734 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/29 20:24:44.0781 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/29 20:24:44.0796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/29 20:24:44.0875 ialm (da91f5385cfc8ba0f110f2fde112b563) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/29 20:24:44.0968 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/12/29 20:24:45.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/29 20:24:45.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/29 20:24:45.0265 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/29 20:24:45.0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/29 20:24:45.0343 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/29 20:24:45.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/29 20:24:45.0484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/29 20:24:45.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/29 20:24:45.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/29 20:24:45.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/29 20:24:45.0718 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/29 20:24:45.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/29 20:24:45.0781 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/29 20:24:45.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/29 20:24:45.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/29 20:24:46.0000 Machnm32 (fd65bef5ff8275711d9a56f0b8bb43f1) C:\WINDOWS\system32\Machnm32.sys
2010/12/29 20:24:46.0062 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/29 20:24:46.0093 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/29 20:24:46.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/29 20:24:46.0156 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/29 20:24:46.0187 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/29 20:24:46.0250 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/29 20:24:46.0296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/29 20:24:46.0359 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/29 20:24:46.0484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/29 20:24:46.0578 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/29 20:24:46.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/29 20:24:46.0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/29 20:24:46.0859 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/29 20:24:46.0906 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/29 20:24:46.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/29 20:24:47.0000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/29 20:24:47.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/29 20:24:47.0062 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/29 20:24:47.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/29 20:24:47.0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/29 20:24:47.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/29 20:24:47.0203 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/29 20:24:47.0265 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/29 20:24:47.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/29 20:24:47.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/29 20:24:47.0984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/29 20:24:48.0093 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/29 20:24:48.0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/29 20:24:48.0218 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/29 20:24:48.0265 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/29 20:24:48.0312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/29 20:24:48.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/29 20:24:48.0421 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/29 20:24:48.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/29 20:24:48.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/29 20:24:48.0546 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/29 20:24:48.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/29 20:24:48.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/29 20:24:48.0671 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/29 20:24:48.0765 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/29 20:24:48.0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/29 20:24:48.0890 PhnxVcd (9090970d29a5181fec0ebb32527b03a9) C:\WINDOWS\system32\Drivers\PhnxVcd.sys
2010/12/29 20:24:48.0937 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/29 20:24:48.0984 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/29 20:24:49.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/29 20:24:49.0046 ptpd (0427761a84610f6bb914e55a8beabec2) C:\WINDOWS\system32\drivers\ptpd.sys
2010/12/29 20:24:49.0125 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/29 20:24:49.0187 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/29 20:24:49.0203 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/29 20:24:49.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/29 20:24:49.0250 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/29 20:24:49.0265 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/29 20:24:49.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/29 20:24:49.0359 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/29 20:24:49.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/29 20:24:49.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/29 20:24:49.0468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/29 20:24:49.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/29 20:24:49.0531 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/29 20:24:49.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/29 20:24:49.0625 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/29 20:24:49.0703 SCDEmu (46b50c07abfda51d9b22212eaeb82d2b) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/12/29 20:24:49.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/29 20:24:49.0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/29 20:24:49.0828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/29 20:24:49.0875 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/29 20:24:49.0921 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
2010/12/29 20:24:50.0093 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/29 20:24:50.0359 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/29 20:24:50.0531 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/29 20:24:50.0609 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/29 20:24:50.0625 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/29 20:24:50.0703 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/29 20:24:50.0796 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/29 20:24:50.0906 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/29 20:24:50.0968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/29 20:24:51.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/29 20:24:51.0437 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/29 20:24:51.0531 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/29 20:24:51.0562 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/29 20:24:51.0593 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/29 20:24:51.0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/29 20:24:51.0875 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/29 20:24:52.0046 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/29 20:24:52.0234 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/29 20:24:52.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/29 20:24:52.0453 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/29 20:24:52.0515 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/12/29 20:24:52.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/29 20:24:52.0640 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/29 20:24:52.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/29 20:24:52.0937 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/29 20:24:53.0234 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/29 20:24:53.0421 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/29 20:24:53.0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/29 20:24:53.0531 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/29 20:24:53.0562 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/29 20:24:53.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/29 20:24:53.0640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/29 20:24:53.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/29 20:24:53.0718 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/29 20:24:53.0750 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/12/29 20:24:53.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/29 20:24:53.0828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/29 20:24:53.0875 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/29 20:24:53.0937 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2010/12/29 20:24:53.0968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/29 20:24:54.0000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/29 20:24:54.0062 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/29 20:24:54.0171 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/29 20:24:54.0218 winachsf (7dd2ec1efd9f48843ffc5815aebf1068) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/29 20:24:54.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/29 20:24:54.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/29 20:24:54.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/29 20:24:54.0609 ================================================================================
2010/12/29 20:24:54.0609 Scan finished
2010/12/29 20:24:54.0609 ================================================================================
2010/12/29 20:25:13.0390 Deinitialize success
  • 0

#15
RKinner
Posted 29 December 2010 - 09:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
GMER and TDSSKiller both seem happy. Any improvement in your speed or the popups? TDSS usually causes redirection of google and yahoo searches. Are you seeing any of that?

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP