Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computers with high CPU usage on idle

Started by Gnitrops , Jan 24 2011 03:58 PM

  • This topic is locked This topic is locked

#1
Gnitrops
Posted 24 January 2011 - 03:58 PM

Gnitrops

    Member

  • Member
  • PipPip
  • 29 posts
Good evening,


I have a computer with a strange problem. It's an old laptop running Windows XP which is used occasionally by my family. Everything was OK until a few days ago, when a friend borrowed the computer from me and brought to his home for a day. He tried connecting to his home's wireless connection, but connected to a random open wireless lan, which claimed to be "free internet hotspot". No internet access was granted though. The computer came back to my home on the same day.

Since then, the computer is extremely slow to boot up and very very laggish when using. Also, I can't shut it down normally. The task manager shows me the "SYSTEM" is using ~95% of the CPU, and I guess it's because of that it is so slow. I can't access the Internet either (browser crashes when I enter any address).

I've been looking around trying to find more info, and what I noticed is that if I disable the wireless (button on the laptop) before turning on the computer, the CPU usage on idle is ~20%, and I can shutdown the computer and work with it normally (well, it is still slow to boot up; other than that, works fine). If I switch the wireless to ON, I immediately get the CPU to ~90% and it won't go back down, even if I turn it back off later on.

It might be some sort of virus, and/or something went wrong with wireless configs after connecting to that "free internet hotspot" network?

I managed to get OTL from a USB pen to it, here's the log (I wrongly did normal scan instead of quick scan, sorry. I'd post the quick one now, but I won't be at home for a day or two):

OTL logfile created on: 23-01-2011 18:58:54 - Run 1
OTL by OldTimer - Version 3.2.20.4 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

1.022,00 Mb Total Physical Memory | 504,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 16,16 Gb Free Space | 43,38% Space Free | Partition Type: NTFS
Drive D: | 29,35 Gb Total Space | 29,32 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 4,87 Gb Free Space | 65,38% Space Free | Partition Type: FAT32

Computer Name: COMPPP | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-01-23 18:52:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011-01-23 18:47:38 | 008,128,080 | ---- | M] (Microsoft Corporation) -- G:\mseinstall.exe
PRC - [2010-11-30 13:20:40 | 000,824,368 | ---- | M] (Microsoft Corporation) -- d:\c3694ec65020027f90f0a80b\x86\setup.exe
PRC - [2010-11-30 13:20:36 | 000,335,624 | ---- | M] (Microsoft Corporation) -- d:\c3694ec65020027f90f0a80b\epplauncher.exe
PRC - [2010-11-11 12:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010-11-09 20:51:00 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010-02-16 22:48:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009-11-02 15:10:11 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009-01-08 09:55:56 | 000,098,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009-01-08 09:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008-08-24 10:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008-04-14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-01-25 10:59:16 | 000,868,352 | ---- | M] (tmn) -- C:\Program Files\tmn\tmn\tmn.exe
PRC - [2007-06-16 13:01:56 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006-09-04 15:21:48 | 003,571,368 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME\TomTomHOME.exe
PRC - [2006-06-28 11:48:37 | 000,554,496 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006-06-28 11:48:37 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006-06-28 11:48:37 | 000,169,472 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006-06-21 11:10:30 | 001,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-06-21 11:10:08 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006-02-28 13:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006-02-28 13:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006-02-28 13:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006-02-28 13:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006-02-28 13:18:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006-02-28 13:16:08 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006-02-28 13:15:30 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006-02-16 15:30:54 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006-02-14 11:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006-02-02 21:19:10 | 001,753,088 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006-01-27 17:17:50 | 000,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006-01-26 01:28:04 | 000,212,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006-01-23 20:47:32 | 000,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005-12-27 12:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005-11-28 13:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005-11-28 13:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005-11-28 13:39:22 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005-09-09 02:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005-05-20 16:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2005-03-03 20:47:18 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004-11-17 11:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004-08-19 00:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004-07-06 13:15:38 | 000,040,960 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2004-02-20 13:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2002-03-14 15:46:58 | 000,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe


========== Modules (SafeList) ==========

MOD - [2011-01-23 18:52:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2010-08-23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009-11-02 15:10:11 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Symantec Core LC)
SRV - [2010-11-11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010-02-16 22:48:59 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009-01-08 09:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2006-02-28 13:18:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006-02-28 13:16:08 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006-02-28 13:15:30 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006-01-16 09:25:02 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006-01-06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005-12-21 09:06:28 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005-11-28 13:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005-11-28 13:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005-11-28 13:39:22 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005-11-25 13:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005-11-24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005-11-24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005-11-24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SPTISRV.exe -- (SPTISRV)
SRV - [2005-10-11 11:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2005-10-11 11:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2005-09-09 02:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005-07-14 18:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005-05-20 16:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005-01-04 10:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - [2009-11-02 15:10:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009-11-02 15:10:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-01-08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008-04-13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008-04-13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-11-30 10:16:02 | 000,021,504 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtscser.sys -- (GTSCSER)
DRV - [2007-11-13 14:50:40 | 000,106,112 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007-10-09 11:53:16 | 000,059,264 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007-03-30 11:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006-06-08 09:56:19 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-03-07 12:26:00 | 003,643,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-02-28 14:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006-02-26 03:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006-02-21 09:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006-02-08 16:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006-02-02 22:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006-01-31 17:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006-01-27 08:56:32 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005-12-28 14:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005-12-27 06:22:00 | 000,029,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005-12-14 16:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005-11-24 12:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005-11-21 05:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2005-11-17 04:40:00 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005-11-11 14:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005-10-21 02:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005-10-18 07:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-10-18 07:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-10-18 07:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-16 23:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005-08-01 15:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005-07-11 17:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005-01-06 12:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004-11-22 04:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004-07-06 13:07:06 | 000,045,627 | R--- | M] (Utimaco Safeware AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\privatediskm.sys -- (PrivateDisk)
DRV - [2004-06-15 12:28:14 | 000,173,056 | ---- | M] (Funk Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\odysseyIM4.sys -- (odysseyIM4)
DRV - [2002-08-20 02:59:32 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000-12-05 15:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000-11-09 10:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004-08-04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google AFE\GoogleAFE.dll (Google)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME\TomTomHOME.exe (TomTom)
O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-03-29 10:25:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\Shell - "" = AutoRun
O33 - MountPoints2\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{5d2ef10d-9e04-11dc-8c8c-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
O33 - MountPoints2\{6a96013b-9d0c-11dc-8c8a-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
O33 - MountPoints2\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\Shell - "" = AutoRun
O33 - MountPoints2\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\Shell\AutoRun\command - "" = H:\setup.exe AUTORUN=1
O33 - MountPoints2\{d2fffe7e-9aaf-11dc-8c87-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
O33 - MountPoints2\{d2fffe81-9aaf-11dc-8c87-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-23 18:56:25 | 008,128,080 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\mseinstall.exe
[2011-01-23 18:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011-01-23 18:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011-01-23 18:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-01-23 18:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011-01-23 18:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011-01-02 19:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
[2011-01-02 18:52:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010-12-25 16:52:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-01-23 19:04:20 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011-01-23 18:58:46 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-01-23 18:52:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011-01-23 18:52:39 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011-01-23 18:52:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-01-23 18:47:38 | 008,128,080 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\mseinstall.exe
[2011-01-23 18:35:02 | 000,032,762 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011-01-23 18:34:09 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-01-23 18:34:08 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-23 18:33:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-01-23 18:33:01 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-23 18:01:07 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-01-23 17:03:51 | 070,432,519 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.prepare
[2011-01-20 20:33:49 | 000,383,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-01-20 20:33:49 | 000,053,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-01-20 14:06:10 | 070,348,157 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011-01-09 20:17:09 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\user\My Documents\convite.ppt
[2011-01-06 20:32:13 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-01-02 20:29:43 | 000,150,016 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-01-23 18:58:45 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011-01-23 18:52:45 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011-01-23 18:33:01 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011-01-23 18:28:43 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011-01-23 18:01:07 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011-01-09 20:17:09 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\user\My Documents\convite.ppt
[2010-03-28 14:56:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-01-19 23:42:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010-01-19 23:42:05 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-07-22 14:22:25 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2007-05-01 11:16:22 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2007-05-01 11:15:50 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2007-01-26 15:26:35 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2006-12-03 14:37:21 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006-11-11 21:28:14 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-08-17 15:04:03 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2006-06-08 09:33:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006-05-15 10:21:07 | 000,000,758 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-05-15 10:12:49 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006-05-15 10:08:13 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006-03-29 14:55:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-03-29 14:04:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006-03-29 14:04:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006-03-29 14:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006-03-29 14:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006-03-29 14:04:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006-03-29 14:04:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006-03-29 13:52:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006-03-29 11:17:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-03-29 10:51:31 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006-03-29 02:11:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-03-29 02:11:43 | 000,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-11-01 08:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-09-02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003-04-10 14:50:50 | 000,005,890 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


Any help is appreciated!

Thanks in advance,
Gnitrops
  • 0

Advertisements

#2
maliprog
Posted 28 January 2011 - 02:36 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Gnitrops and welcome to G2G! :D

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within three days or your topic will be closed

Let's try to determinate if you are infected or it's system malfunction...

Step 1

Do you recognize this file:

C:\Program Files\tmn\tmn\tmn.exe


Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\Shell - "" = AutoRun
    O33 - MountPoints2\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
    O33 - MountPoints2\{5d2ef10d-9e04-11dc-8c8c-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
    O33 - MountPoints2\{6a96013b-9d0c-11dc-8c8a-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
    O33 - MountPoints2\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\Shell - "" = AutoRun
    O33 - MountPoints2\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\Shell\AutoRun\command - "" = H:\setup.exe AUTORUN=1
    O33 - MountPoints2\{d2fffe7e-9aaf-11dc-8c87-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e
    O33 - MountPoints2\{d2fffe81-9aaf-11dc-8c87-0013a92b77ac}\Shell\Auto\command - "" = RavMon.exe e

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply.

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step 5

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 1

#3
Gnitrops
Posted 31 January 2011 - 02:00 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello maliprog, and thanks for your time and patience to help me!

Here we go :D

Step 1

Do you recognize this file:

C:\Program Files\tmn\tmn\tmn.exe


Yes, it is a program from a mobile ISP I used to have. It is OK to remove though.

Run OTL


I have ran OTL according to your instructions. Sadly, the computer failed to reboot after completing the procedure. I did the reboot manually and it produced the log.

[GMER]
[*]Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")


I can't have GMER to run. The screen freezes when I double-click it, and then the computer hangs with a blue screen of death, and reboots.

Should I proceed with the next steps, skipping this one, or is there a work around?

I'm posting the OTL log on the next reply.

Cheers,
Gnitrops
  • 0

#4
Gnitrops
Posted 31 January 2011 - 02:01 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{384ade8e-7707-11db-8c15-0002c7e6f4ec}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d2ef10d-9e04-11dc-8c8c-0013a92b77ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d2ef10d-9e04-11dc-8c8c-0013a92b77ac}\ not found.
File RavMon.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a96013b-9d0c-11dc-8c8a-0013a92b77ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a96013b-9d0c-11dc-8c8a-0013a92b77ac}\ not found.
File RavMon.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d514ec0-105a-11dd-8ca9-0013a92b77ac}\ not found.
File H:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2fffe7e-9aaf-11dc-8c87-0013a92b77ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2fffe7e-9aaf-11dc-8c87-0013a92b77ac}\ not found.
File RavMon.exe e not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2fffe81-9aaf-11dc-8c87-0013a92b77ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2fffe81-9aaf-11dc-8c87-0013a92b77ac}\ not found.
File RavMon.exe e not found.
File rity] not found.
File ptytemp] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.20.6 log created on 01292011_195615

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


  • 0

#5
maliprog
Posted 31 January 2011 - 02:24 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Gnitrops,

Instead GMER please run Rootkit UnHooker. After this proceed to Step 3

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  • 0

#6
maliprog
Posted 03 February 2011 - 04:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
maliprog
Posted 07 February 2011 - 12:16 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
User returned!

Hi Gnitrops,

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.
  • 0

#8
Gnitrops
Posted 07 February 2011 - 05:01 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
We're not lucky :D Can't run ComboFix, I get an error message saying I need to uninstall AVG. I can't uninstall it (tried through add/remove programs, with no success). I also tried disabling it, but it didn't work :D
  • 0

#9
maliprog
Posted 07 February 2011 - 11:56 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Gnitrops

Please download and run AVG remover. It will remove AVG and after that run Combofix as instructed.
  • 0

#10
Gnitrops
Posted 08 February 2011 - 02:31 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Removed AVG with apparent success. Is it possible now I can't run ComboFix? (It shows the small window that should fill up with green bars, but it stands there...). I will insist running it, but is there any alternatives?

This is getting on my nerves :\
  • 0

Advertisements

#11
maliprog
Posted 08 February 2011 - 03:34 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Gnitrops,

There is no need to panic.....jet :D

Step 1

Please try to run Combofix in safe mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Step 2

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • Click the "Fix" in case of infection

    Posted Image
  • Click Save log button and Save the aswMBR.log to the desktop
  • Post content of that log here for me

Step 3


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
Gnitrops
Posted 08 February 2011 - 05:57 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi maliprog,

Except for Recovery Console (Safe Mode doesn't let me connect to the Internet to download it), all steps were successful!

Here are the logs:

Step 1 (Combofix)

ComboFix 11-02-06.02 - user 08-02-2011 22:53:44.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.1022.816 [GMT 0:00]
Executando de: C:\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇĂO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Outras Exclusőes )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\ComboFix.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll

.
(((((((((((((((( Arquivos/Ficheiros criados de 2011-01-08 to 2011-02-08 ))))))))))))))))))))))))))))
.

2011-02-08 21:33 . 2011-02-08 21:26 66896 ----a-w- C:\mbam-clean.exe
2011-02-08 21:33 . 2011-02-08 21:28 119808 ----a-w- C:\VundoFix.exe
2011-02-08 21:33 . 2011-02-08 21:28 119808 ----a-w- c:\documents and settings\user\VundoFix.exe
2011-02-08 21:33 . 2011-02-08 21:26 66896 ----a-w- c:\documents and settings\user\mbam-clean.exe
2011-02-08 21:25 . 2011-01-23 18:47 8128080 ----a-w- C:\mseinstall.exe
2011-02-08 21:25 . 2011-01-23 18:47 8128080 ----a-w- c:\documents and settings\user\mseinstall.exe
2011-02-07 22:37 . 2011-02-07 22:37 -------- d-----w- c:\windows\system32\NtmsData
2011-02-07 22:27 . 2011-02-08 18:32 1409 ----a-w- c:\windows\QTFont.for
2011-02-06 21:29 . 2011-02-08 20:29 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-02-06 21:29 . 2011-02-06 21:07 133632 ----a-w- C:\RKUnhookerLE.EXE
2011-01-23 19:34 . 2011-01-23 19:34 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-23 18:35 . 2011-01-23 18:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-01-23 18:08 . 2011-02-08 21:26 -------- d-----w- c:\program files\Microsoft Security Client

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2006-03-29 10:23 81920 ----a-w- c:\windows\system32\isign32.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito năo săo mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-07 7557120]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-01-26 212992]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-28 169472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-05 77824]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2006-09-04 3571368]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-2 1753088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 16:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\Porto Editora Multimedia\\Internet em 60 Minutos\\WebServer\\PeWS.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [29-03-2006 2:11 9216]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [29-03-2006 2:11 71961]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [19-01-2010 23:42 233472]
S2 gupdate;Serviço Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-01-2010 19:17 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [19-01-2010 23:42 36608]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [29-03-2006 2:11 36352]
S3 Normandy;Normandy SR2;c:\windows\system32\drivers\Normandy.sys [06-02-2011 21:29 34560]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [29-03-2006 2:11 29184]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [29-03-2006 2:11 226304]

--- =Outros Serviços/Drivers Na Memória ---

*NewlyCreated* - MDMXSDK
.
Conteúdo da pasta 'Tarefas Agendadas'

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:17]

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:17]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
.
- - - - ORFĂOS REMOVIDOS - - - -

HKLM-Run-NPSStartup - (no file)
Notify-avgrsstarter - avgrsstx.dll
AddRemove-WinRAR archiver - G:\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 23:10
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-2496970576-894755473-2481695966-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2496970576-894755473-2481695966-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2496970576-894755473-2481695966-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2496970576-894755473-2481695966-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2496970576-894755473-2481695966-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2496970576-894755473-2481695966-1006\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- DLLs Carregadas Sob os Processos em Execuçăo ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\windows\SYSTEM32\VESWinlogon.dll
.
Tempo para conclusăo: 2011-02-08 23:22:54
ComboFix-quarantined-files.txt 2011-02-08 23:22

Pré-execuçăo: 18.494.660.608 bytes free
Pós execuçăo: 18.520.305.664 bytes livres

- - End Of File - - 772903EB7B7E853B31A29CFEA5539A82
  • 0

#13
Gnitrops
Posted 08 February 2011 - 05:57 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Step 2 (aswMBR)

aswMBR version 0.9.2 Copyright© 2011 avast! Software
Run date: 2011-02-08 23:50:12
-----------------------------
23:50:12.703 OS Version: Windows 5.1.2600 Service Pack 3
23:50:12.703 Number of processors: 2 586 0xE08
23:50:12.718 ComputerName: COMPPP UserName: user
23:50:13.703 Initialize success
23:50:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:50:16.640 Disk 0 Vendor: ST98823AS 3.14 Size: 76319MB BusType: 3
23:50:16.640 Disk 1 \Device\Harddisk1\DR4 -> \Device\00000098
23:50:16.640 Disk 1 Vendor: ( Size: 76319MB BusType: 0
23:50:16.656 Disk 2 \Device\Harddisk2\DR6 -> \Device\0000009f
23:50:16.656 Disk 2 Vendor: takeMS__ 1100 Size: 1935MB BusType: 7
23:50:16.656 Disk 3 \Device\Harddisk3\DR7 -> \Device\000000a0
23:50:16.656 Disk 3 Vendor: ________ PMAP Size: 7640MB BusType: 7
23:50:16.656 Disk 0 MBR read successfully
23:50:16.656 Disk 0 MBR scan
23:50:16.687 Disk 0 scanning sectors +156296385
23:50:16.734 Disk 0 trace - called modules:
23:50:16.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:50:16.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa6ab8]
23:50:16.750 3 CLASSPNP.SYS[f74f2fd7] -> nt!IofCallDriver -> \Device\00000084[0x86f0c1c0]
23:50:16.750 5 ACPI.sys[f7369620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86fc6940]
23:50:16.750 Scan finished successfully
  • 0

#14
Gnitrops
Posted 08 February 2011 - 05:58 PM

Gnitrops

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Step 3 (TDSSKiller)

2011/02/08 23:50:59.0281 2500 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 23:50:59.0328 2500 ================================================================================
2011/02/08 23:50:59.0328 2500 SystemInfo:
2011/02/08 23:50:59.0328 2500
2011/02/08 23:50:59.0328 2500 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/08 23:50:59.0328 2500 Product type: Workstation
2011/02/08 23:50:59.0328 2500 ComputerName: COMPPP
2011/02/08 23:50:59.0328 2500 UserName: user
2011/02/08 23:50:59.0328 2500 Windows directory: C:\WINDOWS
2011/02/08 23:50:59.0328 2500 System windows directory: C:\WINDOWS
2011/02/08 23:50:59.0328 2500 Processor architecture: Intel x86
2011/02/08 23:50:59.0328 2500 Number of processors: 2
2011/02/08 23:50:59.0328 2500 Page size: 0x1000
2011/02/08 23:50:59.0328 2500 Boot type: Normal boot
2011/02/08 23:50:59.0328 2500 ================================================================================
2011/02/08 23:51:00.0484 2500 Initialize success
2011/02/08 23:51:09.0796 2532 ================================================================================
2011/02/08 23:51:09.0796 2532 Scan started
2011/02/08 23:51:09.0796 2532 Mode: Manual;
2011/02/08 23:51:09.0796 2532 ================================================================================
2011/02/08 23:51:11.0187 2532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/08 23:51:11.0375 2532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/08 23:51:11.0671 2532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/08 23:51:11.0859 2532 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/08 23:51:12.0015 2532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/08 23:51:12.0734 2532 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/02/08 23:51:12.0937 2532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/08 23:51:13.0421 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/08 23:51:13.0562 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/08 23:51:13.0812 2532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/08 23:51:14.0015 2532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/08 23:51:14.0203 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/08 23:51:14.0734 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/08 23:51:15.0015 2532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/08 23:51:15.0312 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/08 23:51:15.0453 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/08 23:51:15.0593 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/08 23:51:15.0843 2532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/08 23:51:16.0125 2532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/08 23:51:16.0671 2532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/08 23:51:16.0968 2532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/08 23:51:17.0343 2532 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/02/08 23:51:17.0593 2532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/08 23:51:17.0875 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/08 23:51:18.0171 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/08 23:51:18.0593 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/08 23:51:18.0984 2532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/08 23:51:19.0265 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/08 23:51:19.0562 2532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/08 23:51:19.0843 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/08 23:51:20.0140 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/08 23:51:20.0421 2532 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/02/08 23:51:20.0812 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/08 23:51:21.0046 2532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/08 23:51:21.0390 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/08 23:51:21.0718 2532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/08 23:51:22.0109 2532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/08 23:51:22.0500 2532 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/02/08 23:51:22.0843 2532 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/02/08 23:51:23.0265 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/08 23:51:23.0796 2532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/08 23:51:24.0328 2532 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/08 23:51:25.0187 2532 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/02/08 23:51:25.0906 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/08 23:51:27.0593 2532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/08 23:51:28.0359 2532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/08 23:51:29.0437 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/08 23:51:30.0968 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/08 23:51:32.0593 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/08 23:51:33.0968 2532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/08 23:51:34.0875 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/08 23:51:35.0812 2532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/08 23:51:36.0390 2532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/08 23:51:36.0921 2532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/08 23:51:37.0265 2532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/08 23:51:37.0546 2532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/08 23:51:38.0125 2532 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/08 23:51:38.0406 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/08 23:51:38.0703 2532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/08 23:51:38.0937 2532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/08 23:51:39.0468 2532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/08 23:51:40.0281 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/08 23:51:40.0812 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/08 23:51:41.0000 2532 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/08 23:51:41.0296 2532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/08 23:51:41.0687 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/08 23:51:42.0828 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/08 23:51:43.0828 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/08 23:51:44.0203 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/08 23:51:44.0437 2532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/08 23:51:44.0781 2532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/08 23:51:45.0015 2532 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys
2011/02/08 23:51:45.0265 2532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/08 23:51:45.0546 2532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/08 23:51:45.0828 2532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/08 23:51:46.0078 2532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/08 23:51:46.0406 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/08 23:51:46.0640 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/08 23:51:46.0937 2532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/08 23:51:47.0218 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/08 23:51:47.0546 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/08 23:51:47.0890 2532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/08 23:51:48.0171 2532 Normandy (725c122397718b813d0e8249ea638cd6) C:\WINDOWS\system32\drivers\Normandy.sys
2011/02/08 23:51:48.0406 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/08 23:51:48.0703 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/08 23:51:49.0265 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/08 23:51:50.0562 2532 nv (e5851a969d6b63866bd2b8b2a16087ac) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/08 23:51:51.0234 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/08 23:51:51.0468 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/08 23:51:51.0718 2532 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
2011/02/08 23:51:51.0953 2532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/08 23:51:52.0140 2532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/08 23:51:52.0281 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/08 23:51:52.0437 2532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/08 23:51:52.0765 2532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/08 23:51:53.0015 2532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/08 23:51:53.0312 2532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/08 23:51:54.0078 2532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/08 23:51:54.0187 2532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/08 23:51:54.0656 2532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/08 23:51:54.0812 2532 PxHelp20 (f91d5cbfc43e61d80c347b2ea1ecc9e7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/08 23:51:55.0390 2532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/08 23:51:55.0531 2532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/08 23:51:55.0625 2532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/08 23:51:55.0781 2532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/08 23:51:55.0921 2532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/08 23:51:56.0109 2532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/08 23:51:56.0265 2532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/08 23:51:56.0453 2532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/08 23:51:56.0593 2532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/08 23:51:56.0890 2532 s24trans (078eba5670fdaa041552cd86b984f2de) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/02/08 23:51:57.0125 2532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/08 23:51:57.0312 2532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/08 23:51:57.0468 2532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/02/08 23:51:57.0656 2532 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys
2011/02/08 23:51:57.0906 2532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/08 23:51:58.0046 2532 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/02/08 23:51:58.0187 2532 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2011/02/08 23:51:58.0437 2532 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2011/02/08 23:51:58.0578 2532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/08 23:51:58.0765 2532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/08 23:51:58.0968 2532 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/08 23:51:59.0343 2532 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/02/08 23:51:59.0546 2532 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/02/08 23:51:59.0687 2532 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/02/08 23:52:00.0031 2532 STHDA (bbbc5bf9a5f1fb5d57e91b944d2e51a5) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/08 23:52:00.0312 2532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/08 23:52:00.0546 2532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/08 23:52:00.0734 2532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/08 23:52:01.0265 2532 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/02/08 23:52:01.0562 2532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/08 23:52:01.0812 2532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/08 23:52:02.0515 2532 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/02/08 23:52:03.0328 2532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/08 23:52:04.0125 2532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/08 23:52:04.0937 2532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/08 23:52:06.0015 2532 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
2011/02/08 23:52:06.0687 2532 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/02/08 23:52:08.0109 2532 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/02/08 23:52:08.0765 2532 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/02/08 23:52:09.0437 2532 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/02/08 23:52:10.0203 2532 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/02/08 23:52:10.0437 2532 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/02/08 23:52:10.0625 2532 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/02/08 23:52:10.0765 2532 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/02/08 23:52:11.0062 2532 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/02/08 23:52:11.0265 2532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/08 23:52:11.0500 2532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/08 23:52:11.0687 2532 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/08 23:52:11.0828 2532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/08 23:52:11.0984 2532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/08 23:52:12.0078 2532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/08 23:52:12.0218 2532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/08 23:52:12.0312 2532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 23:52:12.0421 2532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/08 23:52:12.0562 2532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/08 23:52:12.0656 2532 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/08 23:52:12.0953 2532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/08 23:52:13.0187 2532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/08 23:52:13.0578 2532 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/02/08 23:52:13.0921 2532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/08 23:52:14.0062 2532 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/02/08 23:52:14.0453 2532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/08 23:52:14.0828 2532 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/08 23:52:15.0218 2532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/08 23:52:15.0500 2532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/08 23:52:15.0843 2532 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/02/08 23:52:24.0234 2532 ================================================================================
2011/02/08 23:52:24.0234 2532 Scan finished
2011/02/08 23:52:24.0234 2532 ================================================================================
2011/02/08 23:53:00.0531 0548 Deinitialize success
  • 0

#15
maliprog
Posted 09 February 2011 - 12:26 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Gnitrops,

Your logs looks fine. How is your system now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP