Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Cryptic.FJ


  • This topic is locked This topic is locked

#1
deek1313

deek1313

    New Member

  • Member
  • Pip
  • 9 posts
AVG scans and finds this Trojan horse Cryptic.FJ.
AVG says the file is in
C:\WINDOWS\system32\services.exe(1004):\memory_010a0000

Symptoms: Bad lag with Firefox, sometimes totally unresponsive; Terrible google redirect; Task manager window no longer has tabs on the top for application , processes, performance, etc. Problem is getting progressively worse by everyday.

Need serious help removing this bug.

OTL TXT
OTL logfile created on: 5/17/2011 7:05:10 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\2531413\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 23.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 106.08 Gb Free Space | 45.55% Space Free | Partition Type: NTFS

Computer Name: RUTLEDGE-7900 | User Name: 2531413 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/17 19:04:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2531413\My Documents\Downloads\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/02/08 05:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgscanx.exe
PRC - [2011/02/02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/01/21 14:03:40 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2010/11/11 14:43:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/09/25 04:50:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/25 04:50:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/25 04:50:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/02/23 09:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/19 11:41:00 | 002,054,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/07/19 11:40:54 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 08:38:58 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe
PRC - [2005/06/09 17:09:14 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2005/06/09 13:53:56 | 000,122,880 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2005/04/19 14:04:34 | 000,090,112 | ---- | M] (LANDesk Software Ltd.) -- C:\Program Files\LANDesk\LDClient\QIPCLNT.EXE
PRC - [2005/04/13 09:32:08 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2004/12/20 05:00:24 | 000,114,688 | ---- | M] (LANDesk Software Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2004/12/20 04:53:04 | 000,081,920 | ---- | M] (LANDesk Software Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2004/12/20 04:40:52 | 000,253,952 | ---- | M] (LANDesk Software Ltd.) -- C:\Program Files\LANDesk\LDClient\WebPortal\SDClientMonitor.exe


========== Modules (SafeList) ==========

MOD - [2011/05/17 19:04:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\2531413\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/11 14:43:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/25 04:50:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/19 11:41:00 | 002,054,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/07/19 11:40:54 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/04/08 08:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/07 08:38:58 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2005/06/09 17:09:14 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2005/06/09 13:53:56 | 000,122,880 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2005/04/19 14:04:34 | 000,090,112 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\QIPCLNT.EXE -- (Intel QIP Client Service)
SRV - [2005/04/13 09:32:08 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2004/12/20 05:00:24 | 000,114,688 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2004/12/20 04:53:04 | 000,081,920 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2002/04/26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/07/19 11:40:48 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/06/05 11:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2006/06/12 16:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2004/11/22 11:22:08 | 000,006,656 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2004/11/22 11:22:08 | 000,005,120 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.csuohio.edu/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.csuohio.edu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.12.17822
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7


FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/12 19:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 12:39:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 21:34:09 | 000,000,000 | ---D | M]

[2009/02/02 14:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\2531413\Application Data\Mozilla\Extensions
[2011/05/11 13:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\2531413\Application Data\Mozilla\Firefox\Profiles\l8bqb3my.default\extensions
[2010/11/21 14:50:21 | 000,000,000 | ---D | M] (Wild Pockets Loader) -- C:\Documents and Settings\2531413\Application Data\Mozilla\Firefox\Profiles\l8bqb3my.default\extensions\[email protected]
[2011/05/13 12:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 15:32:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/28 13:06:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 18:51:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/03 18:52:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/13 12:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2009/12/23 21:12:38 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\2531413\APPLICATION DATA\MOVE NETWORKS
[2011/05/12 19:58:09 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2009/07/13 15:48:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/16 22:04:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/12 21:41:26 | 000,434,010 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14939 more lines...
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IntelAPMClient] File not found
O4 - HKLM..\Run: [LANDeskInventoryClient] C:\Program Files\LANDesk\LDClient\LDIScn32.exe (LANDesk Software Ltd.)
O4 - HKLM..\Run: [LANDeskVulscanClient] C:\Program Files\LANDesk\LDClient\vulScan.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [SDClientMonitor] C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe (LANDesk Software Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [uTorrent] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://fseml2a.csuohio.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://fseml1b.csuo...du/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233349135250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233592696796 (MUWebControl Class)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://fseml2b.csuohio.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.148.49.11 137.148.49.12 137.148.49.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = csunet.csuohio.edu
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\LANDesk\LDClient\softmon.exe) - File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/30 14:10:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##fms3#tma_ent\Shell - "" = AutoRun
O33 - MountPoints2\##fms3#tma_ent\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##fms3#tma_ent\Shell\AutoRun\command - "" = autorun.exe
O33 - MountPoints2\{f2aea39a-151c-11df-a9d3-00248118cefa}\Shell - "" = AutoRun
O33 - MountPoints2\{f2aea39a-151c-11df-a9d3-00248118cefa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2aea39a-151c-11df-a9d3-00248118cefa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 17:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/16 14:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/05/16 14:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\Application Data\Leadertech
[2011/05/15 09:54:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/05/13 13:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Guarder Gold Version
[2011/05/13 12:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptic Trojan Removal Tool
[2011/05/13 12:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/12 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2011/05/12 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2011/05/12 21:10:27 | 000,000,000 | ---D | C] -- C:\$AVG(2)
[2011/05/12 19:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/12 19:57:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/05/10 17:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/10 17:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\Application Data\AVG
[2011/05/10 15:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\Application Data\AVG10
[2011/05/10 15:02:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/10 15:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/10 15:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/10 14:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/04 14:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\Application Data\DVDVideoSoftIEHelpers
[2011/05/04 14:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\My Documents\DVDVideoSoft
[2011/05/04 14:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/05/04 14:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011/05/04 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/05/04 14:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/05/04 14:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\My Documents\YoutubeVideos
[2011/05/04 14:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\Application Data\downyourtube
[2011/04/20 18:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/04/20 18:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/18 19:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\2531413\Desktop\golf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/17 18:56:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3414352988-972178952-4124595837-197275UA.job
[2011/05/17 18:56:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3414352988-972178952-4124595837-197275Core.job
[2011/05/17 18:44:01 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\2531413\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/05/17 18:36:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/17 18:36:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/17 12:39:49 | 115,220,127 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/17 12:38:43 | 000,436,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/17 12:38:43 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/17 12:33:14 | 000,200,513 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/17 12:33:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/17 12:30:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 18:02:32 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\2531413\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/05/16 17:09:31 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/16 12:20:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/13 20:20:33 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 03:02:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/12 21:41:26 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/12 21:37:00 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/12 20:34:00 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-214126.backup
[2011/05/12 20:33:16 | 000,434,010 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-203400.backup
[2011/05/12 12:39:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\2531413\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/10 17:20:09 | 000,433,904 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110512-203316.backup
[2011/05/10 17:14:56 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\2531413\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/04/27 19:23:14 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\2531413\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/17 12:39:49 | 115,220,127 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/16 17:09:31 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/05/12 19:58:11 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/12 12:39:56 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\2531413\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 12:39:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/05/10 17:14:56 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\2531413\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/25 16:22:12 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2011/03/25 16:22:12 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2011/03/03 14:15:13 | 000,000,612 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/11/11 14:58:40 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/03/30 14:15:30 | 000,067,100 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/21 15:44:25 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\2531413\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/16 17:20:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\2531413\Application Data\$_hpcst$.hpc
[2009/08/05 18:46:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/16 15:52:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2009/07/16 15:43:15 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/13 15:40:42 | 000,001,302 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/05 10:45:02 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/02/05 10:45:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/02/05 10:45:01 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/02/03 16:44:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/03 14:58:15 | 000,002,938 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/02/02 14:44:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/02 14:38:10 | 000,000,025 | ---- | C] () -- C:\WINDOWS\ENABLING.INI
[2009/02/02 14:32:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/01/30 16:51:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/30 16:51:06 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/30 16:51:06 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/30 16:51:06 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/30 16:51:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/30 16:51:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/30 16:51:06 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/01/30 14:11:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/30 14:08:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/30 08:46:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/30 08:45:11 | 001,612,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/31 10:56:34 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dat
[2006/08/21 15:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,436,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,680 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/29 08:07:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ORAODBC.INI

========== LOP Check ==========

[2011/04/15 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\AnvSoft
[2011/05/10 17:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\AVG
[2011/05/10 15:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\AVG10
[2011/05/04 14:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\downyourtube
[2011/05/04 14:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\DVDVideoSoftIEHelpers
[2011/01/07 17:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\ElevatedDiagnostics
[2011/03/15 19:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\eMusic
[2011/05/16 14:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\Leadertech
[2010/07/30 21:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\PriceGong
[2011/01/24 15:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\Unity
[2011/05/05 12:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\uTorrent
[2011/03/01 15:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2531413\Application Data\Youdagames
[2011/05/12 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/10 15:02:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/09/23 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2010/03/23 16:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/07/13 13:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2011/05/12 21:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/11 13:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/03 10:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/02/02 14:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2011/03/04 21:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/05/12 16:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 15:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.log:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\services.exe:SummaryInformation
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37C86456
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Edited by deek1313, 19 May 2011 - 05:39 PM.

  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi deek1313,

My name is Salagubang and welcome to Geekstogo.

Is the computer still giving you problems?
  • 0

#3
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi deek,

Welcome back. :)

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan

    Posted Image
  • Click Save log button and Save the aswMBR.log to the desktop
  • Post content of that log here for me

Also, please tell me what is the make and model of your computer?
  • 0

#5
deek1313

deek1313

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Salagubang,

Thanks so much for looking back into this for me, sorry I was gone for so long here is the info you request along with the scan text.

System Make and Model: HP Compaq dc7900 Convertible Minitower
d7900/E7300/250hp/2U/AU16I US
OS: Vista Downgraded to XP pro


Scan:
aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-31 19:52:18
-----------------------------
19:52:18.965 OS Version: Windows 5.1.2600 Service Pack 3
19:52:18.965 Number of processors: 2 586 0x1706
19:52:18.965 ComputerName: RUTLEDGE-7900 UserName: 2531413
19:52:19.731 Initialize success
19:52:31.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:52:31.372 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
19:52:33.372 Disk 0 MBR read successfully
19:52:33.372 Disk 0 MBR scan
19:52:33.372 Disk 0 Windows XP default MBR code found via API
19:52:33.372 Disk 0 unknown MBR code
19:52:33.372 Disk 0 MBR hidden
19:52:35.372 Disk 0 scanning sectors +488392065
19:52:35.388 Disk 0 scanning C:\WINDOWS\system32\drivers
19:52:46.169 Service scanning
19:52:47.185 Disk 0 trace - called modules:
19:52:47.185 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88a5cbf8]<<
19:52:47.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a37a688]
19:52:47.185 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a32f028]
19:53:05.888 Unsigned kernel modules:
19:53:05.904 0xaf79e000 system32\drivers\xpsec.sys
19:53:05.904 0xaf745000 system32\drivers\xcpip.sys
19:53:07.591 Scan finished successfully
19:53:36.498 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\2531413\Desktop\MBR.dat"
19:53:36.529 The log file has been saved successfully to "C:\Documents and Settings\2531413\Desktop\aswMBR.txt"
  • 0

#6
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
deek1313

deek1313

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
TDSSKILLER Scan:

2011/05/31 20:23:36.0802 5800 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/31 20:23:37.0193 5800 ================================================================================
2011/05/31 20:23:37.0193 5800 SystemInfo:
2011/05/31 20:23:37.0193 5800
2011/05/31 20:23:37.0193 5800 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/31 20:23:37.0193 5800 Product type: Workstation
2011/05/31 20:23:37.0193 5800 ComputerName: RUTLEDGE-7900
2011/05/31 20:23:37.0193 5800 UserName: 2531413
2011/05/31 20:23:37.0193 5800 Windows directory: C:\WINDOWS
2011/05/31 20:23:37.0193 5800 System windows directory: C:\WINDOWS
2011/05/31 20:23:37.0193 5800 Processor architecture: Intel x86
2011/05/31 20:23:37.0193 5800 Number of processors: 2
2011/05/31 20:23:37.0193 5800 Page size: 0x1000
2011/05/31 20:23:37.0193 5800 Boot type: Normal boot
2011/05/31 20:23:37.0193 5800 ================================================================================
2011/05/31 20:23:37.0427 5800 Initialize success
2011/05/31 20:23:51.0444 5464 ================================================================================
2011/05/31 20:23:51.0444 5464 Scan started
2011/05/31 20:23:51.0444 5464 Mode: Manual;
2011/05/31 20:23:51.0444 5464 ================================================================================
2011/05/31 20:23:51.0694 5464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/31 20:23:51.0741 5464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/31 20:23:51.0788 5464 ADIHdAudAddService (52cc84e612c283f774f9cb196ccef6fb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/31 20:23:51.0804 5464 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/31 20:23:51.0866 5464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/31 20:23:51.0929 5464 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/31 20:23:52.0007 5464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/31 20:23:52.0054 5464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/31 20:23:52.0085 5464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/31 20:23:52.0132 5464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/31 20:23:52.0163 5464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/31 20:23:52.0226 5464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/31 20:23:52.0273 5464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/31 20:23:52.0288 5464 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/31 20:23:52.0320 5464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/31 20:23:52.0382 5464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/31 20:23:52.0398 5464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/31 20:23:52.0476 5464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/31 20:23:52.0507 5464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/31 20:23:52.0523 5464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/31 20:23:52.0538 5464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/31 20:23:52.0570 5464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/31 20:23:52.0616 5464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/31 20:23:52.0679 5464 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/05/31 20:23:52.0726 5464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/31 20:23:52.0741 5464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/31 20:23:52.0773 5464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/31 20:23:52.0788 5464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/31 20:23:52.0851 5464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/31 20:23:52.0882 5464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/31 20:23:52.0882 5464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/31 20:23:52.0929 5464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/31 20:23:52.0960 5464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/31 20:23:52.0991 5464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/31 20:23:53.0054 5464 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/05/31 20:23:53.0116 5464 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/31 20:23:53.0163 5464 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2011/05/31 20:23:53.0226 5464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/31 20:23:53.0257 5464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/31 20:23:53.0382 5464 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/31 20:23:53.0523 5464 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/31 20:23:53.0585 5464 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/05/31 20:23:53.0617 5464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/31 20:23:53.0663 5464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/31 20:23:53.0679 5464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/31 20:23:53.0695 5464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/31 20:23:53.0710 5464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/31 20:23:53.0742 5464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/31 20:23:53.0757 5464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/31 20:23:53.0788 5464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/31 20:23:53.0835 5464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/31 20:23:53.0851 5464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/31 20:23:53.0913 5464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/31 20:23:53.0960 5464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/31 20:23:54.0038 5464 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/31 20:23:54.0070 5464 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/31 20:23:54.0101 5464 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/31 20:23:54.0101 5464 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/31 20:23:54.0132 5464 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/31 20:23:54.0179 5464 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/05/31 20:23:54.0226 5464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/31 20:23:54.0273 5464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/31 20:23:54.0304 5464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/31 20:23:54.0367 5464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/31 20:23:54.0382 5464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/31 20:23:54.0429 5464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/31 20:23:54.0476 5464 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/31 20:23:54.0492 5464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/31 20:23:54.0539 5464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/31 20:23:54.0554 5464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/31 20:23:54.0570 5464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/31 20:23:54.0617 5464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/31 20:23:54.0648 5464 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/31 20:23:54.0664 5464 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/31 20:23:54.0695 5464 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/31 20:23:54.0726 5464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/31 20:23:54.0757 5464 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/31 20:23:54.0789 5464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/31 20:23:54.0804 5464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/31 20:23:54.0820 5464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/31 20:23:54.0867 5464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/31 20:23:54.0882 5464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/31 20:23:54.0898 5464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/31 20:23:54.0914 5464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/31 20:23:54.0929 5464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/31 20:23:54.0960 5464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/31 20:23:55.0023 5464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/31 20:23:55.0195 5464 nv (ecc5098b6c8e9e4b6598df7ea00557d3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/31 20:23:55.0336 5464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/31 20:23:55.0351 5464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/31 20:23:55.0382 5464 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/05/31 20:23:55.0398 5464 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/05/31 20:23:55.0414 5464 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/05/31 20:23:55.0476 5464 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/05/31 20:23:55.0492 5464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/31 20:23:55.0523 5464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/31 20:23:55.0539 5464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/31 20:23:55.0570 5464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/31 20:23:55.0586 5464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/31 20:23:55.0617 5464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/31 20:23:55.0632 5464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/31 20:23:55.0773 5464 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/31 20:23:55.0836 5464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/31 20:23:55.0851 5464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/31 20:23:55.0882 5464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/31 20:23:55.0914 5464 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/31 20:23:55.0976 5464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/31 20:23:55.0992 5464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/31 20:23:56.0007 5464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/31 20:23:56.0023 5464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/31 20:23:56.0039 5464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/31 20:23:56.0054 5464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/31 20:23:56.0070 5464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/31 20:23:56.0086 5464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/31 20:23:56.0101 5464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/31 20:23:56.0164 5464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/31 20:23:56.0195 5464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/31 20:23:56.0211 5464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/31 20:23:56.0273 5464 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/05/31 20:23:56.0320 5464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/31 20:23:56.0351 5464 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/31 20:23:56.0398 5464 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/31 20:23:56.0476 5464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/31 20:23:56.0476 5464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/31 20:23:56.0508 5464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/31 20:23:56.0539 5464 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/31 20:23:56.0570 5464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/31 20:23:56.0633 5464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/31 20:23:56.0726 5464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/31 20:23:56.0804 5464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/31 20:23:56.0836 5464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/31 20:23:56.0867 5464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/31 20:23:56.0883 5464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/31 20:23:56.0929 5464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/31 20:23:56.0992 5464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/31 20:23:57.0070 5464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/31 20:23:57.0117 5464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/31 20:23:57.0133 5464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/31 20:23:57.0180 5464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/31 20:23:57.0211 5464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/31 20:23:57.0242 5464 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/31 20:23:57.0273 5464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/31 20:23:57.0320 5464 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/31 20:23:57.0336 5464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/31 20:23:57.0398 5464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/31 20:23:57.0414 5464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/31 20:23:57.0492 5464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/31 20:23:57.0523 5464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/31 20:23:57.0570 5464 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/31 20:23:57.0617 5464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/31 20:23:57.0617 5464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/31 20:23:57.0680 5464 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
2011/05/31 20:23:57.0758 5464 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/05/31 20:23:57.0758 5464 ================================================================================
2011/05/31 20:23:57.0758 5464 Scan finished
2011/05/31 20:23:57.0758 5464 ================================================================================
2011/05/31 20:23:57.0758 1196 Detected object count: 1
2011/05/31 20:23:57.0758 1196 Actual detected object count: 1
2011/05/31 20:24:20.0417 1196 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Skip
  • 0

#8
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Step One

Posted Image ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
  • Download ERUNT
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    Posted Image
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.


Step Two

  • Re run TDSSKiller
  • IChoose quarantine for the Suspicious file is detected.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Three

We need to temporarily remove your Anti-Virus, as it interes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>
Posted Image


Ensure "Remove Security Application" is collected and click Next >>
Posted Image


AppRemover will scan all the security applications on your PC
Posted Image

Select Any AVG entries from the applications offered and click Next >> twice.
Posted Image

Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed


Next

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#9
deek1313

deek1313

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Salagubang,

Will the Appremover try and remove Mcafee as well? If so is there another fix around removing Mcafee cause that I dont feel good about removing. AVG can go no problem but the Mcafee worries me abit.
  • 0

#10
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Okay. Keep Mcaffee for now and remove AVG temporarily. Then proceed with Combofix. :)
  • 0

Advertisements


#11
deek1313

deek1313

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Salagubang

When trying to run Combofix I cant seem to get Mcaffee Virsuscan Enterprise to shut off. Also there is an error when trying to install microsoft recovrey console says error is do to low memory or disk space or corrupt cabnite file. What should I do, if i need to get rid of Mcafee I will. Please advise
  • 0

#12
deek1313

deek1313

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Salagubang

Okay so I was able to get Mcaffee shut down and the recovery console installed. Ran COmbofix here are the two logs from TDSSKILLER AND combofix

TDSSKiller:
2011/05/31 21:11:19.0481 6092 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/31 21:11:19.0841 6092 ================================================================================
2011/05/31 21:11:19.0841 6092 SystemInfo:
2011/05/31 21:11:19.0841 6092
2011/05/31 21:11:19.0841 6092 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/31 21:11:19.0841 6092 Product type: Workstation
2011/05/31 21:11:19.0841 6092 ComputerName: RUTLEDGE-7900
2011/05/31 21:11:19.0841 6092 UserName: 2531413
2011/05/31 21:11:19.0841 6092 Windows directory: C:\WINDOWS
2011/05/31 21:11:19.0841 6092 System windows directory: C:\WINDOWS
2011/05/31 21:11:19.0841 6092 Processor architecture: Intel x86
2011/05/31 21:11:19.0841 6092 Number of processors: 2
2011/05/31 21:11:19.0841 6092 Page size: 0x1000
2011/05/31 21:11:19.0841 6092 Boot type: Normal boot
2011/05/31 21:11:19.0841 6092 ================================================================================
2011/05/31 21:11:20.0059 6092 Initialize success
2011/05/31 21:11:22.0481 6128 ================================================================================
2011/05/31 21:11:22.0481 6128 Scan started
2011/05/31 21:11:22.0481 6128 Mode: Manual;
2011/05/31 21:11:22.0481 6128 ================================================================================
2011/05/31 21:11:22.0778 6128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/31 21:11:22.0809 6128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/31 21:11:22.0856 6128 ADIHdAudAddService (52cc84e612c283f774f9cb196ccef6fb) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/31 21:11:22.0872 6128 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/05/31 21:11:22.0888 6128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/31 21:11:22.0950 6128 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/31 21:11:23.0028 6128 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/31 21:11:23.0091 6128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/31 21:11:23.0122 6128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/31 21:11:23.0169 6128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/31 21:11:23.0200 6128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/31 21:11:23.0263 6128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/31 21:11:23.0294 6128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/31 21:11:23.0325 6128 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/31 21:11:23.0372 6128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/31 21:11:23.0419 6128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/31 21:11:23.0435 6128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/31 21:11:23.0528 6128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/31 21:11:23.0575 6128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/31 21:11:23.0591 6128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/31 21:11:23.0606 6128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/31 21:11:23.0638 6128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/31 21:11:23.0700 6128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/31 21:11:23.0763 6128 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/05/31 21:11:23.0810 6128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/31 21:11:23.0841 6128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/31 21:11:23.0872 6128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/31 21:11:23.0888 6128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/31 21:11:23.0935 6128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/31 21:11:23.0966 6128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/31 21:11:23.0981 6128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/31 21:11:24.0013 6128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/31 21:11:24.0044 6128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/31 21:11:24.0091 6128 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/31 21:11:24.0153 6128 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/05/31 21:11:24.0169 6128 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/31 21:11:24.0216 6128 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2011/05/31 21:11:24.0294 6128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/31 21:11:24.0325 6128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/31 21:11:24.0481 6128 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/31 21:11:24.0560 6128 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/31 21:11:24.0591 6128 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/05/31 21:11:24.0606 6128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/31 21:11:24.0669 6128 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/31 21:11:24.0700 6128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/31 21:11:24.0731 6128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/31 21:11:24.0747 6128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/31 21:11:24.0778 6128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/31 21:11:24.0794 6128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/31 21:11:24.0825 6128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/31 21:11:24.0872 6128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/31 21:11:24.0903 6128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/31 21:11:24.0950 6128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/31 21:11:25.0028 6128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/31 21:11:25.0122 6128 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/31 21:11:25.0153 6128 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/31 21:11:25.0185 6128 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/31 21:11:25.0231 6128 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/31 21:11:25.0247 6128 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/31 21:11:25.0278 6128 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\WINDOWS\system32\drivers\mfetdik.sys
2011/05/31 21:11:25.0325 6128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/31 21:11:25.0372 6128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/31 21:11:25.0419 6128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/31 21:11:25.0466 6128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/31 21:11:25.0481 6128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/31 21:11:25.0528 6128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/31 21:11:25.0575 6128 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/31 21:11:25.0591 6128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/31 21:11:25.0638 6128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/31 21:11:25.0653 6128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/31 21:11:25.0669 6128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/31 21:11:25.0716 6128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/31 21:11:25.0747 6128 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/31 21:11:25.0794 6128 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/31 21:11:25.0841 6128 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/31 21:11:25.0872 6128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/31 21:11:25.0903 6128 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/31 21:11:25.0935 6128 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/31 21:11:25.0997 6128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/31 21:11:25.0997 6128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/31 21:11:26.0060 6128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/31 21:11:26.0075 6128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/31 21:11:26.0091 6128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/31 21:11:26.0106 6128 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/31 21:11:26.0122 6128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/31 21:11:26.0153 6128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/31 21:11:26.0216 6128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/31 21:11:26.0388 6128 nv (ecc5098b6c8e9e4b6598df7ea00557d3) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/31 21:11:26.0435 6128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/31 21:11:26.0466 6128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/31 21:11:26.0513 6128 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/05/31 21:11:26.0513 6128 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/05/31 21:11:26.0575 6128 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/05/31 21:11:26.0622 6128 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2011/05/31 21:11:26.0638 6128 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/31 21:11:26.0669 6128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/31 21:11:26.0685 6128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/31 21:11:26.0700 6128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/31 21:11:26.0731 6128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/31 21:11:26.0763 6128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/31 21:11:26.0778 6128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/31 21:11:26.0919 6128 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/05/31 21:11:26.0950 6128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/31 21:11:26.0966 6128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/31 21:11:26.0997 6128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/31 21:11:27.0044 6128 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/31 21:11:27.0122 6128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/31 21:11:27.0138 6128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/31 21:11:27.0153 6128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/31 21:11:27.0169 6128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/31 21:11:27.0200 6128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/31 21:11:27.0216 6128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/31 21:11:27.0231 6128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/31 21:11:27.0263 6128 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/31 21:11:27.0278 6128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/31 21:11:27.0341 6128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/31 21:11:27.0372 6128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/31 21:11:27.0388 6128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/31 21:11:27.0450 6128 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/05/31 21:11:27.0481 6128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/31 21:11:27.0528 6128 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/31 21:11:27.0544 6128 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/05/31 21:11:27.0591 6128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/31 21:11:27.0606 6128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/31 21:11:27.0653 6128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/31 21:11:27.0669 6128 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/31 21:11:27.0700 6128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/31 21:11:27.0716 6128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/31 21:11:27.0778 6128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/31 21:11:27.0841 6128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/31 21:11:27.0888 6128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/31 21:11:27.0919 6128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/31 21:11:27.0935 6128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/31 21:11:27.0981 6128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/31 21:11:28.0044 6128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/31 21:11:28.0091 6128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/31 21:11:28.0153 6128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/31 21:11:28.0169 6128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/31 21:11:28.0216 6128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/31 21:11:28.0247 6128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/31 21:11:28.0263 6128 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/31 21:11:28.0310 6128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/31 21:11:28.0341 6128 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/05/31 21:11:28.0388 6128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/31 21:11:28.0450 6128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/31 21:11:28.0466 6128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/31 21:11:28.0528 6128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/31 21:11:28.0575 6128 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/31 21:11:28.0638 6128 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/31 21:11:28.0669 6128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/31 21:11:28.0685 6128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/31 21:11:28.0747 6128 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
2011/05/31 21:11:28.0810 6128 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/05/31 21:11:28.0825 6128 ================================================================================
2011/05/31 21:11:28.0825 6128 Scan finished
2011/05/31 21:11:28.0825 6128 ================================================================================
2011/05/31 21:11:28.0825 5048 Detected object count: 1
2011/05/31 21:11:28.0825 5048 Actual detected object count: 1

Combofix:
ComboFix 11-06-01.01 - 2531413 06/01/2011 17:25:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1468 [GMT -4:00]
Running from: c:\documents and settings\2531413\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2011-06-01 01:11 . 2011-06-01 01:11 -------- d-----w- C:\TDSSKiller_Quarantine
2011-06-01 01:09 . 2011-06-01 01:09 -------- d-----w- c:\program files\ERUNT
2011-05-24 16:13 . 2011-06-01 21:26 -------- d-----w- c:\program files\OCS Agent
2011-05-24 16:13 . 2011-05-24 16:13 -------- d-----w- c:\program files\Gitso
2011-05-24 16:07 . 2011-05-24 16:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 16:06 . 2011-05-24 16:06 -------- d-----w- c:\program files\Common Files\Java
2011-05-24 12:51 . 2011-05-24 12:51 -------- d-----w- c:\documents and settings\2531413\Application Data\Malwarebytes
2011-05-20 20:28 . 2011-06-01 20:06 -------- d-----w- c:\windows\system32\wbem\Logs
2011-05-20 19:11 . 2011-05-20 19:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-20 19:11 . 2011-05-20 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-20 19:11 . 2011-05-24 16:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 19:10 . 2011-05-20 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-20 19:10 . 2011-05-20 19:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-20 18:54 . 2011-05-20 18:54 -------- d-----w- c:\program files\CCleaner
2011-05-20 18:53 . 2011-05-20 18:54 -------- d-----w- C:\temp
2011-05-18 17:39 . 2011-05-18 17:39 -------- d-----w- c:\documents and settings\2531413\Application Data\Roxio
2011-05-16 18:11 . 2011-05-16 18:11 -------- d-----w- c:\documents and settings\2531413\Application Data\Leadertech
2011-05-13 01:39 . 2011-05-13 01:39 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2011-05-13 01:19 . 2011-05-13 01:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-13 01:10 . 2011-05-13 01:19 -------- d-----w- C:\$AVG(2)
2011-05-12 01:54 . 2011-05-12 01:54 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-05-10 21:05 . 2011-05-10 21:10 -------- d-----w- c:\documents and settings\2531413\Application Data\AVG
2011-05-10 19:02 . 2011-05-10 19:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-10 19:01 . 2011-05-20 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-05-10 18:58 . 2011-05-20 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-05-04 18:29 . 2011-05-04 18:29 -------- d-----w- c:\documents and settings\2531413\Application Data\DVDVideoSoftIEHelpers
2011-05-04 18:29 . 2011-05-04 18:29 -------- d-----w- c:\program files\Common Files\Plasmoo
2011-05-04 18:29 . 2011-05-04 18:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-05-04 18:26 . 2011-05-04 18:27 -------- d-----w- c:\documents and settings\2531413\Application Data\downyourtube
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 00:19 . 2004-08-04 12:00 110592 ----a-w- c:\windows\system32\services.exe
2011-04-14 09:07 . 2010-04-26 19:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 06:40 . 2009-07-13 19:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-07 05:33 . 2009-01-30 18:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 16:26 . 2011-05-12 16:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-01-07 00:07 . 2009-07-13 17:42 23864 -c--a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-20_18.46.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-01 16:41 . 2011-06-01 16:41 16384 c:\windows\Temp\Perflib_Perfdata_574.dat
+ 2011-05-31 18:33 . 2006-02-02 05:01 53248 c:\windows\system32\tx12_wnd.dll
+ 2004-08-04 12:00 . 2011-06-01 16:45 68680 c:\windows\system32\perfc009.dat
+ 2011-05-31 18:33 . 2002-02-04 06:43 44544 c:\windows\system32\msxml4a.dll
+ 2011-05-31 18:33 . 2006-02-01 05:21 126976 c:\windows\system32\tx12_tls.dll
+ 2011-05-31 18:33 . 2006-02-09 08:00 360448 c:\windows\system32\tx12_rtf.dll
+ 2011-05-31 18:33 . 2005-08-03 04:21 339968 c:\windows\system32\tx12_obj.dll
+ 2011-05-31 18:33 . 2006-02-09 06:20 106496 c:\windows\system32\tx12_ic.dll
+ 2011-05-31 18:33 . 2006-02-15 05:32 225280 c:\windows\system32\tx12_htm.dll
+ 2011-05-31 18:33 . 2006-02-09 08:00 479232 c:\windows\system32\tx12_doc.dll
+ 2011-05-31 18:33 . 2006-02-02 05:01 258048 c:\windows\system32\tx12_css.dll
+ 2011-05-31 18:33 . 2006-02-13 15:02 663552 c:\windows\system32\tx12.dll
+ 2004-08-04 12:00 . 2011-06-01 16:45 436228 c:\windows\system32\perfh009.dat
+ 2011-05-24 16:07 . 2011-05-24 16:07 240288 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe
+ 2011-05-24 16:07 . 2011-05-24 16:07 321184 c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.dll
+ 2011-05-13 16:37 . 2011-04-14 09:08 157472 c:\windows\system32\javaws.exe
- 2011-05-13 16:37 . 2011-02-03 01:40 157472 c:\windows\system32\javaws.exe
- 2011-05-13 16:37 . 2011-02-03 01:40 145184 c:\windows\system32\javaw.exe
+ 2011-05-13 16:37 . 2011-04-14 09:08 145184 c:\windows\system32\javaw.exe
+ 2011-05-13 16:37 . 2011-04-14 09:08 145184 c:\windows\system32\java.exe
- 2011-05-13 16:37 . 2011-02-03 01:40 145184 c:\windows\system32\java.exe
+ 2011-05-24 16:06 . 2011-05-24 16:06 180224 c:\windows\Installer\6436c0.msi
+ 2011-05-24 16:13 . 2011-05-24 16:13 498688 c:\windows\Installer\2d730.msi
+ 2011-06-01 16:41 . 2011-06-01 16:41 488448 c:\windows\Installer\2d503.msi
+ 2011-06-01 01:10 . 2011-06-01 01:10 344064 c:\windows\ERDNT\5-31-2011\Users\00000002\UsrClass.dat
+ 2011-06-01 01:10 . 2005-10-20 16:02 163328 c:\windows\ERDNT\5-31-2011\ERDNT.EXE
+ 2011-06-01 01:10 . 2011-06-01 01:10 10117120 c:\windows\ERDNT\5-31-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-22 13574144]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-07-19 773144]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-08 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-16 150040]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-25 136512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-01-21 624056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Mcafee_8080
"8081:TCP"= 8081:TCP:Mcafee_8081
"1760:TCP"= 1760:TCP:CSU_Landesk_Management_Suite_1760
"1761:TCP"= 1761:TCP:CSU_Landesk_Management_Suite_1761
"1762:TCP"= 1762:TCP:CSU_Landesk_Management_Suite_1762
"1763:TCP"= 1763:TCP:CSU_Landesk_Management_Suite_1763
"1764:TCP"= 1764:TCP:CSU_Landesk_Management_Suite_1764
"1765:TCP"= 1765:TCP:CSU_Landesk_Management_Suite_1765
"3389:TCP"= 3389:TCP:Remote Desktop
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 11:14 AM 24064]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [1/6/2010 8:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/13/2009 1:42 PM 70728]
R2 OCS Inventory;OCS Inventory;c:\program files\OCS Agent\OcsService.exe [10/27/2009 5:37 PM 69632]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2/4/2009 11:25 AM 2054680]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [6/5/2008 11:58 AM 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/23/2008 12:31 PM 44800]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/19/2010 12:05 AM 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/13/2009 1:42 PM 66600]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/8/2008 8:12 AM 1112560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 15:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 04:05]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 04:05]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414352988-972178952-4124595837-197275Core.job
- c:\documents and settings\2476412\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 22:51]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3414352988-972178952-4124595837-197275UA.job
- c:\documents and settings\2476412\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 22:51]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.csuohio.edu/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 137.148.49.11 137.148.49.12 137.148.49.10
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://fseml2a.csuohio.edu/dwa85W.cab
FF - ProfilePath - c:\documents and settings\2531413\Application Data\Mozilla\Firefox\Profiles\l8bqb3my.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.csuohio.edu/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-01 17:29:49
ComboFix-quarantined-files.txt 2011-06-01 21:29
ComboFix2.txt 2011-05-20 18:49
.
Pre-Run: 189,021,122,560 bytes free
Post-Run: 189,063,606,272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 411750F2C407F44A10196850B725F12A
  • 0

#13
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
:) Lets sweep for leftovers.

Step One

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Two

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#14
deek1313

deek1313

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Salagubang

Here are the final two steps and logs

Malware log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6750

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/1/2011 7:42:32 PM
mbam-log-2011-06-01 (19-42-32).txt

Scan type: Quick scan
Objects scanned: 145611
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET scan log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=383577d91108574cac29e965f7d5063e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-02 12:57:31
# local_time=2011-06-01 08:57:31 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=147627
# found=0
# cleaned=0
# scan_time=3980



Internet lag is still bad and tabs on task manager window havent re-appeared
  • 0

#15
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Please test the machine for redirects.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP