Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rootkit infection


  • This topic is locked This topic is locked

#1
Musikman212

Musikman212

    Member

  • Member
  • PipPip
  • 63 posts
I have a dell notebook computer running windows XP home edition service pack 3 which is behaving very badly. On start up, when I can get it to start, It (Avast) gives me a warning as follows, "Suspicious hidden object (Rootkit)has been detected."
C:\WINDOWS\system32\drivers\ftdisk,sys

Avast appears to be unable to remove this file although it trys and seems to think it has.

When running firefox every time I change to a new url, and sometimes when I haven't, I get the message that Avast has blocked several suspicious urls,

I'm about at my wits end with this so any help would be greatly appreciated!
Thanks
Bob
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, I will need to see what is on your system first

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN


Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
logs are attached

OTL logfile created on: 11/08/2011 4:55:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 362.48 Mb Available Physical Memory | 35.74% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 133.00 Gb Free Space | 89.25% Space Free | Partition Type: NTFS

Computer Name: D74KH5K1 | User Name: Bren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 16:53:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2010/07/13 02:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 16:53:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/14 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/05/11 17:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/05/11 17:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/11 17:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/03/15 18:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 18:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 17:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/15 17:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/15 17:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 12:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/01/06 19:53:10 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 21:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/23


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2175923983-12839921-381481369-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/10 22:23:00 | 000,000,000 | ---D | M]

[2010/04/08 13:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bren\Application Data\Mozilla\Extensions
[2011/08/10 19:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\extensions
[2010/08/27 21:31:40 | 000,002,566 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\searchplugins\askcom.xml
[2011/07/31 16:00:52 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\searchplugins\conduit.xml
[2010/04/12 14:01:56 | 000,002,480 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\searchplugins\ShareazaWebSearch.xml
[2011/08/10 18:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/07/13 12:31:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 08:07:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/04/12 14:01:56 | 000,002,480 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2175923983-12839921-381481369-1006\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [3176447627] File not found
O4 - HKU\.DEFAULT..\Run: [Upabof] File not found
O4 - HKU\S-1-5-18..\Run: [3176447627] File not found
O4 - HKU\S-1-5-18..\Run: [Upabof] File not found
O4 - HKU\S-1-5-21-2175923983-12839921-381481369-1006..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2175923983-12839921-381481369-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2c8dd509-3167-11e0-b2c8-0024e8b4c6b1}\Shell\AutoRun\command - "" = G:\Windows\bin\eblSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\mdo.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\mdo.exe" -a "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 16:53:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
[2011/08/10 22:21:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/10 20:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/08/10 20:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Protected Folder
[2011/08/10 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/10 20:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/08/10 20:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\Application Data\IObit
[2011/08/10 20:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/08/10 16:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\Application Data\Malwarebytes
[2011/08/10 16:52:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/10 16:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/10 16:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/10 16:52:26 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/10 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/10 09:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\Application Data\AVG
[2011/08/10 09:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/09 22:49:27 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/09 22:05:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/09 22:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/09 22:05:03 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/09 22:05:02 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/09 22:05:00 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/09 22:04:58 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/09 22:04:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/09 22:04:58 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/09 22:04:40 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/09 22:04:40 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/09 22:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/09 22:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/09 21:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/09 20:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\My Documents\My Chat Logs
[2011/08/09 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 16:53:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
[2011/08/11 10:51:24 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/11 10:51:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 10:51:00 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/10 20:54:15 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/10 20:54:14 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/10 20:54:14 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/10 20:53:20 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Protected Folder.lnk
[2011/08/10 20:53:20 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protected Folder.lnk
[2011/08/10 20:51:35 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/08/10 16:52:33 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 22:49:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/09 22:05:04 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/09 21:26:09 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/09 21:26:09 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Bren\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/09 20:09:03 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Bren\Desktop\Shortcut to msnmsgr.lnk
[2011/08/09 12:39:40 | 000,464,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/09 12:39:40 | 000,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 10:06:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/11 10:10:07 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/10 20:55:43 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/10 20:54:15 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/10 20:54:14 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/10 20:54:14 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/10 20:53:20 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Protected Folder.lnk
[2011/08/10 20:53:19 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protected Folder.lnk
[2011/08/10 20:51:35 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/08/10 16:52:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 22:05:04 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/09 21:26:09 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/09 21:26:09 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Bren\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/09 20:09:03 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Bren\Desktop\Shortcut to msnmsgr.lnk
[2011/06/22 18:45:56 | 000,016,388 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4091320673
[2011/06/22 18:43:50 | 000,016,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1261340159
[2011/06/22 18:02:47 | 000,016,446 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pjg4v1ibu1ntflw0v
[2011/06/22 18:02:47 | 000,016,388 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pjg4v1ibu1ntflw0v
[2011/02/05 16:52:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\PFP110JPR.{PB
[2011/02/05 16:52:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\PFP110JCM.{PB
[2011/02/05 16:46:42 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/11/24 12:58:10 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hxda5IG.dat
[2010/05/06 11:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\wklnhst.dat
[2009/09/06 10:52:42 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Bren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 21:49:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/31 21:36:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/13 15:11:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/07/13 15:11:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/07/13 15:08:21 | 000,001,196 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/13 12:59:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/13 12:53:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/13 12:53:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/07/13 12:52:59 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/13 12:44:08 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/07/13 12:32:41 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 21:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:44:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 21:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:33:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:33:18 | 000,464,078 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:33:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:33:18 | 000,079,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:33:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:33:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:33:17 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:33:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:33:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:33:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:33:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:33:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:38:33 | 000,239,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2009/07/13 12:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/08/09 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/08/09 22:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/09 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/17 16:48:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/10 20:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/09 22:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/02/05 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/12/23 21:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/07/13 12:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/07/13 12:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/07/13 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/10 12:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/13 12:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/07/13 12:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/07/13 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2010/04/27 12:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/16 22:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\7D06D0A9EEF2C4720765C96CF898933D
[2011/08/10 11:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\AVG
[2010/09/19 00:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\calibre
[2010/09/19 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\CheckPoint
[2010/08/28 00:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\FrostWire
[2011/08/10 20:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\IObit
[2010/09/19 00:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Mobipocket
[2011/08/09 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Shareaza
[2010/05/06 11:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Template
[2009/07/13 12:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Windows Desktop Search
[2009/08/31 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Windows Search
[2009/07/13 12:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2011/08/11 10:51:24 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Bren\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Attached Files


  • 0

#4
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
here is the ASW log

Attached Files


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK 'tis a TDL 3 type infection

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\.DEFAULT..\Run: [3176447627] File not found
    O4 - HKU\.DEFAULT..\Run: [Upabof] File not found
    O4 - HKU\S-1-5-18..\Run: [3176447627] File not found
    O4 - HKU\S-1-5-18..\Run: [Upabof] File not found
    O33 - MountPoints2\{2c8dd509-3167-11e0-b2c8-0024e8b4c6b1}\Shell\AutoRun\command - "" = G:\Windows\bin\eblSetup.exe
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\mdo.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\mdo.exe" -a "%1" %*
    [2011/06/22 18:45:56 | 000,016,388 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4091320673
    [2011/06/22 18:43:50 | 000,016,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1261340159
    [2011/06/22 18:02:47 | 000,016,446 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pjg4v1ibu1ntflw0v
    [2011/06/22 18:02:47 | 000,016,388 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pjg4v1ibu1ntflw0v

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#6
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
OTL quick scan
\
OTL logfile created on: 11/08/2011 7:36:02 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Bren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1014.36 Mb Total Physical Memory | 380.29 Mb Available Physical Memory | 37.49% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.96% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 133.18 Gb Free Space | 89.37% Space Free | Partition Type: NTFS

Computer Name: D74KH5K1 | User Name: Bren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 16:53:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/28 14:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2010/07/13 02:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 16:53:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/14 08:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (6to4)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/02 22:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV - [2011/07/11 14:40:46 | 000,239,600 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/23 01:00:08 | 000,016,080 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 01:00:06 | 000,030,368 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys -- (RegFilter)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/05/11 17:11:18 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/05/11 17:11:16 | 000,272,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/05/11 17:11:14 | 000,135,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/03/15 18:48:00 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/03/15 18:44:18 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/15 17:32:18 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/15 17:32:08 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/15 17:31:54 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/12 12:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/01/06 19:53:10 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 21:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/23

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/23
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 15:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/10 22:23:00 | 000,000,000 | ---D | M]

[2010/04/08 13:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bren\Application Data\Mozilla\Extensions
[2011/08/10 19:28:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\extensions
[2010/08/27 21:31:40 | 000,002,566 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\searchplugins\askcom.xml
[2011/07/31 16:00:52 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\searchplugins\conduit.xml
[2010/04/12 14:01:56 | 000,002,480 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Mozilla\Firefox\Profiles\3g0ip71m.default\searchplugins\ShareazaWebSearch.xml
[2011/08/10 18:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/07/13 12:31:54 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/12 08:07:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/04/12 14:01:56 | 000,002,480 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ShareazaWebSearch.xml

O1 HOSTS File: ([2011/08/11 19:23:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files\Messenger_Plus_Live_CA-EN\prxtbMes0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dellsupportcenter] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 21:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/11 18:28:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/11 17:13:30 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Bren\Desktop\aswMBR.exe
[2011/08/11 16:53:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
[2011/08/10 22:21:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/10 20:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
[2011/08/10 20:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Protected Folder
[2011/08/10 20:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/08/10 20:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Malware Fighter
[2011/08/10 20:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\Application Data\IObit
[2011/08/10 20:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/08/10 16:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\Application Data\Malwarebytes
[2011/08/10 16:52:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/10 16:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/10 16:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/10 16:52:26 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/10 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/10 09:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\Application Data\AVG
[2011/08/10 09:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/08/09 22:49:27 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/08/09 22:05:04 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/08/09 22:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/08/09 22:05:03 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/08/09 22:05:02 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/08/09 22:05:00 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/08/09 22:04:58 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/08/09 22:04:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/08/09 22:04:58 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/08/09 22:04:40 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/08/09 22:04:40 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/08/09 22:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/08/09 22:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/09 21:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/08/09 20:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bren\My Documents\My Chat Logs
[2011/08/09 10:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities

========== Files - Modified Within 30 Days ==========

[2011/08/11 19:30:40 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/11 19:30:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/11 19:29:57 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 19:23:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/11 17:13:38 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Bren\Desktop\aswMBR.exe
[2011/08/11 16:53:34 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bren\Desktop\OTL.exe
[2011/08/10 20:54:15 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/10 20:54:14 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/10 20:54:14 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/10 20:53:20 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Protected Folder.lnk
[2011/08/10 20:53:20 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protected Folder.lnk
[2011/08/10 20:51:35 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/08/10 16:52:33 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 22:49:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/09 22:05:04 | 000,001,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/09 21:26:09 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/09 21:26:09 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Bren\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/09 20:09:03 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Bren\Desktop\Shortcut to msnmsgr.lnk
[2011/08/09 12:39:40 | 000,464,078 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/09 12:39:40 | 000,079,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/09 10:06:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2011/08/11 10:10:07 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/10 20:55:43 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/08/10 20:54:15 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
[2011/08/10 20:54:14 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 4.lnk
[2011/08/10 20:54:14 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
[2011/08/10 20:53:20 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\Protected Folder.lnk
[2011/08/10 20:53:19 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protected Folder.lnk
[2011/08/10 20:51:35 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
[2011/08/10 16:52:33 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 22:05:04 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/09 21:26:09 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/08/09 21:26:09 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Bren\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/09 20:09:03 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Bren\Desktop\Shortcut to msnmsgr.lnk
[2011/02/05 16:52:07 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\PFP110JPR.{PB
[2011/02/05 16:52:07 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\PFP110JCM.{PB
[2011/02/05 16:46:42 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2010/11/24 12:58:10 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hxda5IG.dat
[2010/05/06 11:38:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bren\Application Data\wklnhst.dat
[2009/09/06 10:52:42 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Bren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 21:49:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/31 21:36:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/13 15:11:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/07/13 15:11:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/07/13 15:08:21 | 000,001,196 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/13 12:59:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/13 12:53:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/07/13 12:53:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/07/13 12:52:59 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/07/13 12:44:08 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/07/13 12:32:41 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 21:47:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 21:44:05 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 21:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:33:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 16:33:18 | 000,464,078 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 16:33:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 16:33:18 | 000,079,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 16:33:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 16:33:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 16:33:17 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 16:33:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 16:33:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 16:33:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 16:33:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 16:33:06 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 09:39:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 09:38:33 | 000,239,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

========== LOP Check ==========

[2011/08/09 22:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/08/09 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/17 16:48:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/10 20:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/09 22:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/02/05 18:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2009/12/23 21:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/07/13 12:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/07/13 12:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2009/07/13 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/10 12:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/13 12:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/07/13 12:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/07/13 12:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2010/04/27 12:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/16 22:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\7D06D0A9EEF2C4720765C96CF898933D
[2011/08/10 11:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\AVG
[2010/09/19 00:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\calibre
[2010/09/19 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\CheckPoint
[2010/08/28 00:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\FrostWire
[2011/08/10 20:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\IObit
[2010/09/19 00:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Mobipocket
[2011/08/09 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Shareaza
[2010/05/06 11:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Template
[2009/07/13 12:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Windows Desktop Search
[2009/08/31 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bren\Application Data\Windows Search
[2011/08/11 19:30:40 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Bren\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Attached Files

  • Attached File  OTL.Txt   62.12KB   49 downloads

  • 0

#7
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Here is the TDSSKiller report

2011/08/11 19:47:33.0656 3560 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/11 19:47:35.0078 3560 ================================================================================
2011/08/11 19:47:35.0078 3560 SystemInfo:
2011/08/11 19:47:35.0078 3560
2011/08/11 19:47:35.0078 3560 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/11 19:47:35.0078 3560 Product type: Workstation
2011/08/11 19:47:35.0078 3560 ComputerName: D74KH5K1
2011/08/11 19:47:35.0078 3560 UserName: Bren
2011/08/11 19:47:35.0078 3560 Windows directory: C:\WINDOWS
2011/08/11 19:47:35.0078 3560 System windows directory: C:\WINDOWS
2011/08/11 19:47:35.0078 3560 Processor architecture: Intel x86
2011/08/11 19:47:35.0093 3560 Number of processors: 2
2011/08/11 19:47:35.0093 3560 Page size: 0x1000
2011/08/11 19:47:35.0093 3560 Boot type: Normal boot
2011/08/11 19:47:35.0093 3560 ================================================================================
2011/08/11 19:47:36.0953 3560 Initialize success
2011/08/11 19:48:04.0687 2480 ================================================================================
2011/08/11 19:48:04.0687 2480 Scan started
2011/08/11 19:48:04.0687 2480 Mode: Manual;
2011/08/11 19:48:04.0687 2480 ================================================================================
2011/08/11 19:48:05.0109 2480 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/11 19:48:05.0187 2480 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/11 19:48:05.0296 2480 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/11 19:48:05.0343 2480 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/11 19:48:05.0406 2480 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/11 19:48:05.0531 2480 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/11 19:48:05.0609 2480 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/11 19:48:05.0703 2480 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/11 19:48:05.0750 2480 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/11 19:48:05.0859 2480 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/11 19:48:05.0921 2480 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/11 19:48:06.0000 2480 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/11 19:48:06.0125 2480 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/11 19:48:06.0218 2480 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/11 19:48:06.0343 2480 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/11 19:48:06.0531 2480 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/11 19:48:06.0593 2480 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/11 19:48:06.0671 2480 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/11 19:48:06.0734 2480 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/11 19:48:06.0796 2480 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/11 19:48:06.0937 2480 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/11 19:48:07.0031 2480 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/11 19:48:07.0078 2480 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/11 19:48:07.0156 2480 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/11 19:48:07.0312 2480 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/11 19:48:07.0359 2480 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/11 19:48:07.0484 2480 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/11 19:48:07.0546 2480 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/11 19:48:07.0625 2480 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/11 19:48:07.0703 2480 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/11 19:48:07.0906 2480 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/11 19:48:08.0015 2480 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/11 19:48:08.0343 2480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/11 19:48:08.0390 2480 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/11 19:48:08.0468 2480 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/11 19:48:08.0609 2480 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/11 19:48:08.0671 2480 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/11 19:48:08.0718 2480 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/11 19:48:08.0781 2480 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/11 19:48:08.0968 2480 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/11 19:48:09.0109 2480 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/11 19:48:09.0156 2480 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/11 19:48:09.0328 2480 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/11 19:48:09.0406 2480 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2011/08/11 19:48:09.0546 2480 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/11 19:48:09.0593 2480 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/11 19:48:09.0718 2480 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/11 19:48:09.0843 2480 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/11 19:48:10.0000 2480 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/11 19:48:10.0046 2480 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/11 19:48:10.0125 2480 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/11 19:48:10.0296 2480 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/11 19:48:10.0328 2480 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/11 19:48:10.0468 2480 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2011/08/11 19:48:10.0593 2480 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/11 19:48:10.0734 2480 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/11 19:48:10.0890 2480 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
2011/08/11 19:48:11.0015 2480 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/11 19:48:11.0109 2480 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/11 19:48:11.0187 2480 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/11 19:48:11.0281 2480 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/11 19:48:11.0359 2480 Ftdisk (3ba60876ab49f6339e566eaef27df9ca) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/11 19:48:11.0375 2480 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 3ba60876ab49f6339e566eaef27df9ca, Fake md5: 6ac26732762483366c3969c9e4d2259d
2011/08/11 19:48:11.0406 2480 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/08/11 19:48:11.0515 2480 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/11 19:48:11.0593 2480 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/11 19:48:11.0671 2480 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/11 19:48:11.0765 2480 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/11 19:48:11.0843 2480 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/11 19:48:11.0921 2480 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/11 19:48:12.0015 2480 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/11 19:48:12.0093 2480 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/11 19:48:12.0187 2480 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/11 19:48:12.0437 2480 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/11 19:48:12.0812 2480 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/11 19:48:12.0921 2480 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/11 19:48:13.0171 2480 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/11 19:48:13.0437 2480 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/11 19:48:13.0484 2480 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/11 19:48:13.0609 2480 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/11 19:48:13.0671 2480 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/11 19:48:13.0734 2480 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/11 19:48:13.0859 2480 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/11 19:48:13.0968 2480 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/11 19:48:14.0093 2480 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/11 19:48:14.0171 2480 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/11 19:48:14.0328 2480 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/11 19:48:14.0390 2480 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/11 19:48:14.0531 2480 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/11 19:48:14.0609 2480 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/11 19:48:14.0781 2480 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/11 19:48:14.0937 2480 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/11 19:48:15.0000 2480 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/11 19:48:15.0171 2480 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/11 19:48:15.0328 2480 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/11 19:48:15.0390 2480 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/11 19:48:15.0500 2480 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/11 19:48:15.0562 2480 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/11 19:48:15.0625 2480 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/11 19:48:15.0765 2480 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/11 19:48:15.0875 2480 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/11 19:48:16.0015 2480 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/11 19:48:16.0093 2480 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/11 19:48:16.0250 2480 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/11 19:48:16.0328 2480 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/11 19:48:16.0453 2480 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/11 19:48:16.0531 2480 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/11 19:48:16.0593 2480 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/11 19:48:16.0875 2480 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/11 19:48:16.0953 2480 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/11 19:48:17.0093 2480 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/11 19:48:17.0140 2480 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/11 19:48:17.0296 2480 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/11 19:48:17.0343 2480 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/11 19:48:17.0437 2480 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/11 19:48:17.0593 2480 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/11 19:48:17.0718 2480 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/11 19:48:17.0796 2480 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/11 19:48:17.0968 2480 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/11 19:48:18.0015 2480 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/11 19:48:18.0125 2480 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/11 19:48:18.0187 2480 OA012Afx (aff089842ba83be89e51d7ea0aa09e53) C:\WINDOWS\system32\Drivers\OA012Afx.sys
2011/08/11 19:48:18.0328 2480 OA012Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
2011/08/11 19:48:18.0406 2480 OA012Vid (71346423b584daa06ea26e0bd2cb67c2) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
2011/08/11 19:48:18.0531 2480 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/11 19:48:18.0609 2480 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/11 19:48:18.0640 2480 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/11 19:48:18.0687 2480 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/11 19:48:18.0843 2480 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/11 19:48:18.0906 2480 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/11 19:48:19.0171 2480 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/11 19:48:19.0203 2480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/11 19:48:19.0406 2480 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/11 19:48:19.0484 2480 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/11 19:48:19.0562 2480 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/11 19:48:19.0609 2480 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/11 19:48:19.0656 2480 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/11 19:48:19.0750 2480 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/08/11 19:48:19.0828 2480 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/11 19:48:19.0890 2480 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/11 19:48:20.0000 2480 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/11 19:48:20.0078 2480 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/11 19:48:20.0171 2480 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/11 19:48:20.0265 2480 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/11 19:48:20.0343 2480 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/11 19:48:20.0421 2480 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/11 19:48:20.0531 2480 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/11 19:48:20.0625 2480 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/11 19:48:20.0718 2480 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/11 19:48:20.0859 2480 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
2011/08/11 19:48:21.0031 2480 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/08/11 19:48:21.0109 2480 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/11 19:48:21.0296 2480 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/11 19:48:21.0375 2480 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/11 19:48:21.0546 2480 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/11 19:48:21.0671 2480 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/11 19:48:21.0796 2480 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/11 19:48:21.0890 2480 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/11 19:48:22.0015 2480 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/11 19:48:22.0140 2480 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/11 19:48:22.0531 2480 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/11 19:48:22.0640 2480 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/11 19:48:22.0781 2480 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/11 19:48:22.0843 2480 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/11 19:48:22.0937 2480 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/11 19:48:23.0078 2480 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/11 19:48:23.0140 2480 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/11 19:48:23.0187 2480 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/11 19:48:23.0296 2480 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/11 19:48:23.0437 2480 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/11 19:48:23.0531 2480 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/11 19:48:23.0609 2480 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/11 19:48:23.0703 2480 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/11 19:48:23.0781 2480 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/11 19:48:23.0859 2480 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/11 19:48:24.0000 2480 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/11 19:48:24.0093 2480 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/11 19:48:24.0187 2480 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/11 19:48:24.0359 2480 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
2011/08/11 19:48:24.0546 2480 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/11 19:48:24.0609 2480 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/11 19:48:24.0734 2480 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/11 19:48:24.0796 2480 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/11 19:48:24.0937 2480 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/11 19:48:25.0015 2480 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/11 19:48:25.0156 2480 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/11 19:48:25.0218 2480 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/11 19:48:25.0375 2480 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/11 19:48:25.0437 2480 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/11 19:48:25.0562 2480 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/11 19:48:25.0625 2480 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/11 19:48:25.0718 2480 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/08/11 19:48:25.0968 2480 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/11 19:48:26.0046 2480 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/11 19:48:26.0234 2480 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/11 19:48:26.0515 2480 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/11 19:48:26.0625 2480 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/08/11 19:48:26.0656 2480 Boot (0x1200) (d5dc9b9279c7dcd7171dd7a92a70272c) \Device\Harddisk0\DR0\Partition0
2011/08/11 19:48:26.0687 2480 ================================================================================
2011/08/11 19:48:26.0687 2480 Scan finished
2011/08/11 19:48:26.0687 2480 ================================================================================
2011/08/11 19:48:26.0718 3588 Detected object count: 1
2011/08/11 19:48:26.0718 3588 Actual detected object count: 1
2011/08/11 19:48:41.0750 3588 Ftdisk (3ba60876ab49f6339e566eaef27df9ca) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/11 19:48:41.0750 3588 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 3ba60876ab49f6339e566eaef27df9ca, Fake md5: 6ac26732762483366c3969c9e4d2259d
2011/08/11 19:48:42.0546 3588 Backup copy found, using it..
2011/08/11 19:48:42.0609 3588 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2011/08/11 19:48:42.0609 3588 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2011/08/11 19:49:48.0937 4052 Deinitialize success

Attached Files


  • 0

#8
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Thanks for all the help. I haven't had any malware warnings since last night and everything seems to be running much faster. This seems to have made a huge difference, but I'm still having issues with widows automatic updates. They are turned off and I can't seem to turn them back on either from the task bar or from "control panel-system-automatic updates." My taskbar says it's tuned off but the control panel says it's tuned on.

Even when I go to the website I encounter issues and can't download the updates manually.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run another cleaning tool as the main bad boy is now history and also attempt a windows update repair

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

THEN

Go to this MS Page and run the Fixit about one third down the page
If this first run does not cure it then run it again and select aggressive mode
  • 0

#10
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Malwarebytes found nothing but the Ms program won't install. It says that it encountered an unexpected problem. Gives me an error code 2755'
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download and run the Microsoft windows installer from here

Reboot and then try the fixit again please

Also what other problems remain ?
  • 0

#12
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
No luck. Still won't install MS Fix, and comp wants to scan itself on every boot up. If I let it do that it sometimes stalls after the scan and has to be cold rebooted, but as far as I can tell at this point there aren't any other issues.

Edited by Musikman212, 12 August 2011 - 06:40 PM.

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is it that wants to scan on boot ?
  • 0

#14
Musikman212

Musikman212

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
A blue scree comes up with white writing. I think it's called Windows CHKDSK. It completes the scan then says, "Please wait while computer (or Widows) restarts." but it never does unless I cold reboot, then sometimes it starts and sometimes it does the same thing. I tried to attach a picture of the screen but it won't upload.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I know what that is

Could you go to this page and follow the instructions to do a full check disc

On completion retry the MSFixit
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP