Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

netbook wont boot

Started by carebear100 , Nov 13 2010 07:26 AM

  • This topic is locked This topic is locked

#16
Salagubang
Posted 16 November 2010 - 03:16 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi coolbear100,

Step One

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
c:\documents and settings\Monkey Boy\Application Data\Exykog
c:\documents and settings\Monkey Boy\Application Data\Koet

File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\abkamu.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\gudo.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\utno.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\uxvaeq.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\ifbe.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\qaexi.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\uqhe.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\ypisti.exe
c:\documents and settings\Monkey Boy\Start Menu\Programs\Startup\urni.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\abkamu.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\gudo.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\utno.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\uxvaeq.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Monkey Boy\\My Documents\\Downloads\\umbrella-4.1.4.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step Two

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Remove your USB device and reboot the computer normally if possible (please note any errors that you may encounter).
  • 0

Advertisements

#17
carebear100
Posted 17 November 2010 - 05:06 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
ComboFix 10-11-14.04 - Kirsty 17/11/2010 10:44:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.693 [GMT 0:00]
Running from: c:\documents and settings\Kirsty\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kirsty\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\abkamu.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\gudo.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\utno.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\uxvaeq.exe"
"c:\documents and settings\annie\Start Menu\Programs\Startup\ifbe.exe"
"c:\documents and settings\annie\Start Menu\Programs\Startup\qaexi.exe"
"c:\documents and settings\annie\Start Menu\Programs\Startup\uqhe.exe"
"c:\documents and settings\annie\Start Menu\Programs\Startup\ypisti.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\abkamu.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\gudo.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\utno.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\uxvaeq.exe"
"c:\documents and settings\Monkey Boy\Start Menu\Programs\Startup\urni.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\abkamu.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\gudo.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\utno.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\ifbe.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\uqhe.exe
c:\documents and settings\annie\Start Menu\Programs\Startup\ypisti.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\abkamu.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\gudo.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\utno.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\uxvaeq.exe
c:\documents and settings\Monkey Boy\Application Data\Exykog
c:\documents and settings\Monkey Boy\Application Data\Exykog\icop.isv
c:\documents and settings\Monkey Boy\Application Data\Koet
c:\documents and settings\Monkey Boy\Start Menu\Programs\Startup\urni.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-16 10:37 . 2010-11-16 10:37 -------- d-----w- c:\windows\system32\MpEngineStore
2010-11-14 19:48 . 2010-11-14 19:48 -------- d-----w- c:\program files\AVG
2010-11-14 19:35 . 2010-11-14 19:35 -------- d-----w- c:\documents and settings\Kirsty\Application Data\AVG10
2010-11-14 19:34 . 2010-11-14 19:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-14 19:32 . 2010-11-15 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-11-07 22:30 . 2010-11-07 22:30 52352 ----a-w- c:\windows\system32\drivers\sstDF.sys
2010-11-07 22:30 . 2010-11-07 22:30 118784 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sstDE.tmp
2010-11-07 22:27 . 2010-11-07 22:27 -------- d-----w- C:\Adobe
2010-11-07 22:24 . 2010-11-07 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\1B1D4
2010-11-07 22:19 . 2010-11-07 22:32 -------- d-----w- c:\documents and settings\Monkey Boy\Application Data\imeshmediabartb
2010-11-07 22:19 . 2010-11-07 22:29 -------- d-----w- c:\documents and settings\Monkey Boy\Local Settings\Application Data\iMesh
2010-11-07 22:18 . 2010-11-07 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2010-11-07 22:18 . 2010-01-14 00:22 -------- d-----w- c:\program files\iMesh Applications
2010-11-07 22:17 . 2010-11-07 22:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
2010-11-07 22:17 . 2010-11-07 22:17 -------- d-----w- c:\documents and settings\Monkey Boy\Local Settings\Application Data\PackageAware
2010-11-07 21:57 . 2010-11-07 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-04 00:43 . 2010-11-04 00:43 -------- d-sh--w- c:\documents and settings\Monkey Boy\IECompatCache
2010-10-28 21:38 . 2010-10-28 21:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-10-26 10:28 . 2010-10-26 10:28 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 11:23 . 2009-03-11 10:19 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-11 10:19 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-11 10:19 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-11 10:19 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2009-03-11 10:19 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2009-03-11 10:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2009-03-11 10:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2009-03-11 10:19 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-11 10:19 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-11 10:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-11 10:19 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-11 10:19 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-12-18 08:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-11 10:19 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-14_18.57.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-17 10:53 . 2010-11-17 10:53 16384 c:\windows\temp\Perflib_Perfdata_69c.dat
- 2010-06-11 14:04 . 2010-06-11 14:04 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2010-11-16 10:38 . 2010-11-16 10:38 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-10-14 21:45 . 2010-10-14 21:45 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-11-16 10:38 . 2010-11-16 10:38 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-11 19:28 . 2010-11-16 10:38 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-09-17 06:04 . 2010-09-17 06:04 9401856 c:\windows\Installer\a01b0.msp
+ 2010-10-07 18:43 . 2010-10-07 18:43 1980416 c:\windows\Installer\a01a4.msp
+ 2009-03-11 19:28 . 2010-11-16 10:38 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-03-11 19:28 . 2010-10-14 21:48 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-19 10:53 . 2010-11-16 10:28 35758536 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-18 68856]
"RegClean Expert Scheduler"="c:\program files\Registry Clean Expert\RCHelper.exe" [2008-01-31 604920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kirsty\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 55024]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [11/03/2009 19:59 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 03:03 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 16:24 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/03/2009 19:23 1684736]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [11/03/2009 19:20 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:24]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:24]

2010-11-17 c:\windows\Tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1209&m=aspire_one
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Kirsty\Application Data\Mozilla\Firefox\Profiles\z2ztpp00.default\
FF - plugin: c:\documents and settings\Kirsty\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Kirsty\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 10:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-17 10:57:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-17 10:57
ComboFix2.txt 2010-11-15 19:06
ComboFix3.txt 2010-11-14 18:59

Pre-Run: 111,315,517,440 bytes free
Post-Run: 111,297,642,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B862BADBA862C6BBFAE9A976DA6782BC
  • 0

#18
carebear100
Posted 17 November 2010 - 05:22 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Salagubang,

Thankyou so much for all your help, going through all those log files must take forever.!!

The netbook rebbooted fine on its own this time, no error messages.

Should i reinstall avg now or will we need to do more checks with combo fix?
  • 0

#19
Salagubang
Posted 17 November 2010 - 07:04 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Great Job :D

We're not done yet as we need to ensure that the malwares don't come back - now that we've warmed up. Kindly post the TDSS log and yes, you may reinstall AVG.

;)
  • 0

#20
carebear100
Posted 17 November 2010 - 08:01 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
2010/11/17 11:09:43.0640 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 11:09:43.0640 ================================================================================
2010/11/17 11:09:43.0640 SystemInfo:
2010/11/17 11:09:43.0640
2010/11/17 11:09:43.0640 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/17 11:09:43.0640 Product type: Workstation
2010/11/17 11:09:43.0640 ComputerName: KIRSTYSCOMP
2010/11/17 11:09:43.0640 UserName: Kirsty
2010/11/17 11:09:43.0640 Windows directory: C:\WINDOWS
2010/11/17 11:09:43.0640 System windows directory: C:\WINDOWS
2010/11/17 11:09:43.0640 Processor architecture: Intel x86
2010/11/17 11:09:43.0640 Number of processors: 2
2010/11/17 11:09:43.0640 Page size: 0x1000
2010/11/17 11:09:43.0640 Boot type: Normal boot
2010/11/17 11:09:43.0640 ================================================================================
2010/11/17 11:09:43.0906 Initialize success
2010/11/17 11:09:55.0500 ================================================================================
2010/11/17 11:09:55.0500 Scan started
2010/11/17 11:09:55.0500 Mode: Manual;
2010/11/17 11:09:55.0500 ================================================================================
2010/11/17 11:09:55.0953 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/17 11:09:56.0015 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/17 11:09:56.0046 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/17 11:09:56.0125 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/17 11:09:56.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/17 11:09:56.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/17 11:09:56.0359 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/17 11:09:56.0453 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/17 11:09:56.0500 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/17 11:09:56.0562 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/17 11:09:56.0609 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/17 11:09:56.0687 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/17 11:09:56.0812 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/17 11:09:56.0906 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/11/17 11:09:57.0046 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/17 11:09:57.0093 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/17 11:09:57.0203 AR5416 (2b7b6a3305fc34a543d34013c14d02a2) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/11/17 11:09:57.0343 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/17 11:09:57.0406 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/17 11:09:57.0453 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/17 11:09:57.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/17 11:09:57.0671 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/17 11:09:57.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/17 11:09:57.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/17 11:09:58.0000 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/17 11:09:58.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/17 11:09:58.0187 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/11/17 11:09:58.0312 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/11/17 11:09:58.0375 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/11/17 11:09:58.0453 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/11/17 11:09:58.0593 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/11/17 11:09:58.0687 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/17 11:09:58.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/17 11:09:58.0812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/17 11:09:58.0859 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/17 11:09:58.0968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/17 11:09:59.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/17 11:09:59.0093 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
2010/11/17 11:09:59.0250 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/17 11:09:59.0343 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/17 11:09:59.0406 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/17 11:09:59.0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/17 11:09:59.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/17 11:09:59.0640 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/17 11:09:59.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/17 11:09:59.0812 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/11/17 11:09:59.0890 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/17 11:10:00.0031 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/17 11:10:00.0093 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/17 11:10:00.0156 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/17 11:10:00.0250 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/17 11:10:00.0359 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2010/11/17 11:10:00.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/17 11:10:00.0578 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/17 11:10:00.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/17 11:10:00.0781 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/17 11:10:00.0828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/17 11:10:00.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/17 11:10:00.0953 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/17 11:10:01.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/17 11:10:01.0109 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/17 11:10:01.0234 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/17 11:10:01.0343 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/17 11:10:01.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/17 11:10:01.0562 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/17 11:10:01.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/17 11:10:01.0718 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/17 11:10:01.0828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/17 11:10:01.0890 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/17 11:10:02.0171 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/17 11:10:02.0531 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/17 11:10:02.0609 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/11/17 11:10:02.0687 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/17 11:10:03.0046 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/17 11:10:03.0281 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/17 11:10:03.0343 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/17 11:10:03.0390 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/17 11:10:03.0515 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/17 11:10:03.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/17 11:10:03.0609 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/17 11:10:03.0703 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/17 11:10:03.0812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/17 11:10:03.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/17 11:10:03.0984 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/17 11:10:04.0046 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/17 11:10:04.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/17 11:10:04.0218 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2010/11/17 11:10:04.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/17 11:10:04.0515 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/17 11:10:04.0593 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/11/17 11:10:04.0812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/17 11:10:04.0859 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/17 11:10:04.0921 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/17 11:10:04.0968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/17 11:10:05.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/17 11:10:05.0140 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/17 11:10:05.0281 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/17 11:10:05.0343 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/17 11:10:05.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/17 11:10:05.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/17 11:10:05.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/17 11:10:05.0562 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/17 11:10:05.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/17 11:10:05.0687 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/17 11:10:05.0796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/17 11:10:05.0875 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/17 11:10:05.0921 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/17 11:10:05.0968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/17 11:10:06.0062 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/17 11:10:06.0125 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/17 11:10:06.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/17 11:10:06.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/17 11:10:06.0296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/17 11:10:06.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/17 11:10:06.0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/17 11:10:06.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/17 11:10:06.0578 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/17 11:10:06.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/17 11:10:06.0734 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/17 11:10:06.0796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/17 11:10:06.0843 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/17 11:10:06.0906 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/17 11:10:06.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/17 11:10:07.0171 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/17 11:10:07.0218 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/17 11:10:07.0406 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/17 11:10:07.0500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/17 11:10:07.0531 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/17 11:10:07.0593 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/17 11:10:07.0625 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/17 11:10:07.0687 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/17 11:10:07.0765 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/17 11:10:07.0843 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/17 11:10:07.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/17 11:10:07.0968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/17 11:10:08.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/17 11:10:08.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/17 11:10:08.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/17 11:10:08.0140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/17 11:10:08.0218 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/17 11:10:08.0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/17 11:10:08.0437 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/11/17 11:10:08.0546 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2010/11/17 11:10:08.0765 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/17 11:10:08.0812 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/17 11:10:08.0843 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/17 11:10:08.0968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/17 11:10:09.0078 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/17 11:10:09.0203 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/17 11:10:09.0328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/17 11:10:09.0390 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/17 11:10:09.0562 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/11/17 11:10:09.0718 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/17 11:10:09.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/17 11:10:09.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/17 11:10:09.0921 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/17 11:10:10.0062 sstDF (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\sstDF.sys
2010/11/17 11:10:10.0171 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/17 11:10:10.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/17 11:10:10.0375 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/17 11:10:10.0453 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/17 11:10:10.0531 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/17 11:10:10.0625 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/17 11:10:10.0671 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/17 11:10:10.0734 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/17 11:10:10.0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/17 11:10:10.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/17 11:10:11.0000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/17 11:10:11.0062 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/17 11:10:11.0156 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/17 11:10:11.0250 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/17 11:10:11.0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/17 11:10:11.0359 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/17 11:10:11.0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/17 11:10:11.0656 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/17 11:10:11.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/17 11:10:11.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/17 11:10:11.0906 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/17 11:10:11.0968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/17 11:10:12.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/17 11:10:12.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/17 11:10:12.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/17 11:10:12.0281 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/17 11:10:12.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/17 11:10:12.0437 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/17 11:10:12.0484 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/17 11:10:12.0531 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/17 11:10:12.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/17 11:10:12.0750 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/11/17 11:10:12.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/17 11:10:13.0046 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/11/17 11:10:13.0171 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/17 11:10:13.0250 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/17 11:10:13.0312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/17 11:10:13.0453 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/17 11:10:14.0062 ================================================================================
2010/11/17 11:10:14.0062 Scan finished
2010/11/17 11:10:14.0062 ================================================================================
2010/11/17 11:10:14.0125 Detected object count: 1
2010/11/17 11:10:32.0109 \HardDisk0 - processing error
2010/11/17 11:11:14.0109 \HardDisk0 - will be restored after reboot
2010/11/17 11:11:14.0109 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure Restore
2010/11/17 11:11:25.0531 Deinitialize success
  • 0

#21
Salagubang
Posted 17 November 2010 - 08:30 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Please do not use the netbook to connect to the internet until I post my next fix.
  • 0

#22
Salagubang
Posted 17 November 2010 - 03:36 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Step One


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step Two

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Three

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.





Step Four

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#23
carebear100
Posted 18 November 2010 - 02:16 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
2010/11/17 22:01:28.0421 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 22:01:28.0421 ================================================================================
2010/11/17 22:01:28.0421 SystemInfo:
2010/11/17 22:01:28.0421
2010/11/17 22:01:28.0421 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/17 22:01:28.0421 Product type: Workstation
2010/11/17 22:01:28.0421 ComputerName: KIRSTYSCOMP
2010/11/17 22:01:28.0421 UserName: Kirsty
2010/11/17 22:01:28.0421 Windows directory: C:\WINDOWS
2010/11/17 22:01:28.0421 System windows directory: C:\WINDOWS
2010/11/17 22:01:28.0421 Processor architecture: Intel x86
2010/11/17 22:01:28.0421 Number of processors: 2
2010/11/17 22:01:28.0421 Page size: 0x1000
2010/11/17 22:01:28.0421 Boot type: Normal boot
2010/11/17 22:01:28.0421 ================================================================================
2010/11/17 22:01:29.0906 Initialize success
2010/11/17 22:01:41.0000 ================================================================================
2010/11/17 22:01:41.0000 Scan started
2010/11/17 22:01:41.0000 Mode: Manual;
2010/11/17 22:01:41.0000 ================================================================================
2010/11/17 22:01:43.0015 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/17 22:01:43.0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/17 22:01:43.0703 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/17 22:01:43.0875 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/17 22:01:43.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/17 22:01:44.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/17 22:01:44.0453 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/17 22:01:44.0781 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/17 22:01:45.0062 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/17 22:01:45.0390 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/17 22:01:45.0750 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/17 22:01:46.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/17 22:01:46.0531 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/17 22:01:47.0109 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/11/17 22:01:47.0703 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/17 22:01:48.0140 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/17 22:01:48.0812 AR5416 (2b7b6a3305fc34a543d34013c14d02a2) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/11/17 22:01:49.0437 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/17 22:01:49.0750 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/17 22:01:50.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/17 22:01:50.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/17 22:01:50.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/17 22:01:51.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/17 22:01:51.0625 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/17 22:01:51.0906 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/11/17 22:01:52.0078 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/11/17 22:01:52.0187 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/11/17 22:01:52.0234 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/11/17 22:01:52.0281 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/11/17 22:01:52.0421 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/11/17 22:01:52.0687 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/11/17 22:01:52.0984 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/11/17 22:01:53.0359 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/17 22:01:53.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/17 22:01:54.0109 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/11/17 22:01:54.0484 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/11/17 22:01:54.0859 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/11/17 22:01:55.0296 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/11/17 22:01:55.0687 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/11/17 22:01:55.0890 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/17 22:01:56.0046 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/17 22:01:56.0156 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/17 22:01:56.0281 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/17 22:01:56.0390 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/17 22:01:56.0562 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/17 22:01:56.0656 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
2010/11/17 22:01:56.0953 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/17 22:01:57.0140 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/17 22:01:57.0218 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/17 22:01:57.0375 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/17 22:01:57.0546 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/17 22:01:57.0609 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/17 22:01:57.0750 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/17 22:01:57.0812 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/11/17 22:01:58.0046 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/17 22:01:58.0250 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/17 22:01:58.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/17 22:01:58.0640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/17 22:01:58.0796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/17 22:01:58.0953 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2010/11/17 22:01:59.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/17 22:01:59.0296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/17 22:01:59.0484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/17 22:01:59.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/17 22:01:59.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/17 22:02:00.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/17 22:02:00.0156 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/17 22:02:00.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/17 22:02:00.0515 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/17 22:02:00.0671 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/17 22:02:00.0890 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/17 22:02:01.0078 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/17 22:02:01.0250 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/17 22:02:01.0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/17 22:02:01.0453 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/17 22:02:01.0531 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/17 22:02:01.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/17 22:02:02.0031 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/17 22:02:02.0578 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/17 22:02:02.0703 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/11/17 22:02:02.0843 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/17 22:02:03.0375 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/17 22:02:03.0671 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/17 22:02:03.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/17 22:02:03.0859 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/17 22:02:04.0031 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/17 22:02:04.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/17 22:02:04.0171 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/17 22:02:04.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/17 22:02:04.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/17 22:02:04.0531 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/17 22:02:04.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/17 22:02:04.0859 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/17 22:02:05.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/17 22:02:05.0203 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2010/11/17 22:02:05.0468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/17 22:02:05.0625 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/17 22:02:05.0765 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/11/17 22:02:05.0968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/17 22:02:06.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/17 22:02:06.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/17 22:02:06.0656 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/17 22:02:06.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/17 22:02:07.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/17 22:02:07.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/17 22:02:07.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/17 22:02:08.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/17 22:02:08.0312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/17 22:02:08.0562 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/17 22:02:08.0828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/17 22:02:09.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/17 22:02:09.0328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/17 22:02:09.0703 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/17 22:02:09.0921 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/17 22:02:10.0171 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/17 22:02:10.0437 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/17 22:02:10.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/17 22:02:11.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/17 22:02:11.0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/17 22:02:11.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/17 22:02:11.0859 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/17 22:02:12.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/17 22:02:12.0437 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/17 22:02:12.0593 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/17 22:02:12.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/17 22:02:13.0062 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/17 22:02:13.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/17 22:02:13.0218 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/17 22:02:13.0359 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/17 22:02:13.0718 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/17 22:02:13.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/17 22:02:14.0671 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/17 22:02:14.0890 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/17 22:02:15.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/17 22:02:15.0578 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/17 22:02:15.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/17 22:02:16.0203 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/17 22:02:16.0453 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/17 22:02:16.0765 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/17 22:02:16.0968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/17 22:02:17.0187 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/17 22:02:17.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/17 22:02:17.0703 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/17 22:02:18.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/17 22:02:18.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/17 22:02:18.0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/17 22:02:19.0015 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/17 22:02:19.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/17 22:02:19.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/17 22:02:19.0656 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/11/17 22:02:19.0765 RSUSBSTOR (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2010/11/17 22:02:20.0156 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/17 22:02:20.0281 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/11/17 22:02:20.0484 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/11/17 22:02:20.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/17 22:02:21.0125 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/17 22:02:21.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/17 22:02:21.0937 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/17 22:02:22.0218 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/17 22:02:22.0500 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/11/17 22:02:23.0031 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/17 22:02:23.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/17 22:02:23.0671 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/17 22:02:24.0031 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/17 22:02:24.0359 sstDF (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\sstDF.sys
2010/11/17 22:02:24.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/17 22:02:24.0796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/17 22:02:25.0093 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/17 22:02:25.0265 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/17 22:02:25.0375 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/17 22:02:25.0640 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/17 22:02:25.0921 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/17 22:02:26.0125 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/17 22:02:26.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/17 22:02:26.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/17 22:02:26.0687 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/17 22:02:26.0812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/17 22:02:27.0000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/17 22:02:27.0125 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/17 22:02:27.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/17 22:02:27.0437 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/17 22:02:27.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/17 22:02:27.0843 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/17 22:02:28.0093 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/17 22:02:28.0203 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/17 22:02:28.0359 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/17 22:02:28.0484 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/17 22:02:28.0593 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/17 22:02:28.0703 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/17 22:02:28.0890 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/17 22:02:29.0031 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/17 22:02:29.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/17 22:02:29.0281 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/17 22:02:29.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/17 22:02:29.0500 VolSnap (31eda41f98868b92eeed6e16d7424a86) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/17 22:02:29.0765 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/17 22:02:29.0843 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/11/17 22:02:30.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/17 22:02:30.0156 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/11/17 22:02:30.0453 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/17 22:02:30.0656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/17 22:02:30.0937 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/17 22:02:32.0937 ================================================================================
2010/11/17 22:02:32.0937 Scan finished
2010/11/17 22:02:32.0937 ================================================================================
2010/11/17 22:04:58.0437 Deinitialize success
  • 0

#24
carebear100
Posted 18 November 2010 - 02:17 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5140

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/11/2010 22:26:47
mbam-log-2010-11-17 (22-26-47).txt

Scan type: Quick scan
Objects scanned: 163558
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\filx-_-p-9vyj (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fILX-_-p-9vYJ.exe (Adware.BHO) -> Quarantined and deleted successfully.
  • 0

#25
carebear100
Posted 18 November 2010 - 02:18 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Autoscan: completed 4 minutes ago (events: 74, objects: 323946, time: 01:39:27)
18/11/2010 00:16:39 Task completed
18/11/2010 00:08:55 Deleted: Trojan.Win32.Agent2.cwhz C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP134\A0057646.exe
18/11/2010 00:08:51 Deleted: Trojan-Spy.Win32.Zbot.atiy C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP134\A0057648.exe
18/11/2010 00:08:39 Deleted: Backdoor.Win32.IRCNite.bwm C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP134\A0057647.exe
18/11/2010 00:08:04 Detected: Trojan-Spy.Win32.Zbot.atiy C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP134\A0057648.exe
18/11/2010 00:08:03 Detected: Trojan.Win32.Agent2.cwhz C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP134\A0057646.exe
18/11/2010 00:08:03 Detected: Backdoor.Win32.IRCNite.bwm C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP134\A0057647.exe
17/11/2010 23:35:48 Deleted: Trojan-Spy.Win32.Zbot.atiy C:\_OTL\MovedFiles\01152010_164333\C_Documents and Settings\Kirsty\Application Data\Wipeo\isry.exe
17/11/2010 23:35:43 Deleted: Backdoor.Win32.IRCNite.bwm C:\_OTL\MovedFiles\01152010_164333\c_Program Files\Microsoft\DesktopLayer.exe
17/11/2010 23:35:43 Deleted: Trojan.Win32.Agent2.cwhz C:\_OTL\MovedFiles\01152010_164333\c_Program Files\riv87\oops.exe
17/11/2010 23:34:21 Detected: Trojan.Win32.Agent2.cwhz C:\_OTL\MovedFiles\01152010_164333\c_Program Files\riv87\oops.exe
17/11/2010 23:34:21 Detected: Backdoor.Win32.IRCNite.bwm C:\_OTL\MovedFiles\01152010_164333\c_Program Files\Microsoft\DesktopLayer.exe
17/11/2010 23:34:21 Detected: Trojan-Spy.Win32.Zbot.atiy C:\_OTL\MovedFiles\01152010_164333\C_Documents and Settings\Kirsty\Application Data\Wipeo\isry.exe
17/11/2010 23:23:20 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP125\A0055404.dll
17/11/2010 23:21:36 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052798.exe
17/11/2010 23:21:32 Deleted: Trojan-Spy.Win32.Zbot.atmd C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052797.exe
17/11/2010 23:21:22 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052796.exe
17/11/2010 23:21:22 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052798.exe/UPX
17/11/2010 23:21:21 Detected: Trojan-Spy.Win32.Zbot.atmd C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052797.exe/UPX
17/11/2010 23:21:21 Deleted: Trojan-Spy.Win32.Zbot.atmd C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052795.exe
17/11/2010 23:21:14 Deleted: Trojan-Spy.Win32.Zbot.atiy C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052794.exe
17/11/2010 23:21:05 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052796.exe/UPX
17/11/2010 23:21:05 Detected: Trojan-Spy.Win32.Zbot.atmd C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052795.exe/UPX
17/11/2010 23:21:04 Detected: Trojan-Spy.Win32.Zbot.atiy C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052794.exe
17/11/2010 23:21:01 Deleted: not-a-virus:Garbage.Win32.WebToolbar.ap C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052721.DLL
17/11/2010 23:20:57 Deleted: Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052716.DLL
17/11/2010 23:20:45 Detected: not-a-virus:Garbage.Win32.WebToolbar.ap C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052721.DLL
17/11/2010 23:20:44 Detected: Hoax.Win32.Screensaver.b C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052716.DLL
17/11/2010 23:20:44 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052686.exe
17/11/2010 23:20:40 Deleted: Trojan-Spy.Win32.Zbot.atmd C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052685.exe
17/11/2010 23:20:31 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052686.exe/UPX
17/11/2010 23:20:30 Detected: Trojan-Spy.Win32.Zbot.atmd C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP121\A0052685.exe/UPX
17/11/2010 23:20:28 Deleted: Trojan-Spy.Win32.Zbot.athj C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP118\A0049601.exe
17/11/2010 23:20:00 Detected: Trojan-Spy.Win32.Zbot.athj C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP118\A0049601.exe/UPX
17/11/2010 23:20:00 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP118\A0049600.exe
17/11/2010 23:19:30 Deleted: Trojan-Spy.Win32.Zbot.asxi C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0046202.exe
17/11/2010 23:19:20 Detected: Trojan-Spy.Win32.Zbot.asxi C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0046202.exe/UPX
17/11/2010 23:19:15 Deleted: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/urni.exe
17/11/2010 23:19:10 Detected: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/urni.exe/UPX
17/11/2010 23:19:10 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0046198.dll
17/11/2010 23:19:07 Deleted: Trojan-Spy.Win32.Zbot.atmd C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/utno.exe.1
17/11/2010 23:19:05 Detected: Trojan-Spy.Win32.Zbot.atmd C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/utno.exe.1/UPX
17/11/2010 23:19:02 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/gudo.exe.1
17/11/2010 23:18:53 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/gudo.exe.1/UPX
17/11/2010 23:18:47 Deleted: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/abkamu.exe.1
17/11/2010 23:18:43 Detected: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/abkamu.exe.1/UPX
17/11/2010 23:18:42 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/ypisti.exe
17/11/2010 23:18:36 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/ypisti.exe/UPX
17/11/2010 23:18:34 Deleted: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/uqhe.exe
17/11/2010 23:18:31 Detected: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/uqhe.exe/UPX
17/11/2010 23:18:30 Deleted: Trojan-Spy.Win32.Zbot.asse C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0045884.dll
17/11/2010 23:18:29 Deleted: Trojan.Win32.Agent2.cwhz C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0044898.exe
17/11/2010 23:18:27 Deleted: Trojan-Spy.Win32.Zbot.atmd C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/ifbe.exe
17/11/2010 23:18:13 Detected: Trojan-Spy.Win32.Zbot.atmd C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/ifbe.exe/UPX
17/11/2010 23:18:11 Deleted: Trojan-Spy.Win32.Zbot.atmd C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/utno.exe
17/11/2010 23:18:10 Detected: Trojan-Spy.Win32.Zbot.asse C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0045884.dll
17/11/2010 23:18:10 Detected: Trojan.Win32.Agent2.cwhz C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0044898.exe
17/11/2010 23:18:08 Deleted: Trojan.Win32.Agent2.cwhz C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0044805.exe
17/11/2010 23:18:07 Detected: Trojan-Spy.Win32.Zbot.atmd C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/utno.exe/UPX
17/11/2010 23:18:02 Deleted: Trojan-Spy.Win32.Zbot.asse C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0043783.dll
17/11/2010 23:17:58 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/gudo.exe
17/11/2010 23:17:36 Detected: Trojan.Win32.Agent2.cwhz C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0044805.exe
17/11/2010 23:17:35 Detected: Trojan-Spy.Win32.Zbot.asse C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0043783.dll
17/11/2010 23:17:32 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/gudo.exe/UPX
17/11/2010 23:17:32 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0041661.dll
17/11/2010 23:17:30 Deleted: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0040541.dll
17/11/2010 23:17:29 Deleted: Rootkit.Win32.TDSS.bj C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
17/11/2010 23:17:29 Deleted: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/abkamu.exe
17/11/2010 23:17:09 Deleted: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\system32\csncui.dll.vir
17/11/2010 23:16:32 Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{E6565B59-3E2B-4486-9975-AFC7A1D5BB29}\RP117\A0040541.dll
17/11/2010 23:10:32 Detected: Trojan-Spy.Win32.Zbot.athj C:\Qoobox\Quarantine\[4]-Submit_2010-11-17_10.43.40.zip/abkamu.exe/UPX
17/11/2010 23:10:26 Detected: Rootkit.Win32.TDSS.bj C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
17/11/2010 23:10:26 Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\C\WINDOWS\system32\csncui.dll.vir
17/11/2010 22:37:12 Task started
  • 0

Advertisements

#26
carebear100
Posted 18 November 2010 - 02:20 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-18 01:51:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: gmer.exe; Driver: C:\DOCUME~1\Kirsty\LOCALS~1\Temp\kwtoapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7A2F6C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF7A2F770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7A2F810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7A2F8B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd6005a9
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd6005a9@00247c7bc39a 0xC2 0x20 0x0B 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd6005a9@33597d0d0e6c 0xEB 0xAA 0x5F 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd6005a9@0022fc459d8e 0x86 0x98 0xF4 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd6005a9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd6005a9@00247c7bc39a 0xC2 0x20 0x0B 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd6005a9@33597d0d0e6c 0xEB 0xAA 0x5F 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd6005a9@0022fc459d8e 0x86 0x98 0xF4 0xA9 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

---- EOF - GMER 1.0.15 ----
  • 0

#27
Salagubang
Posted 18 November 2010 - 02:25 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi carebear100,

Logs are looking good. How is the computer running?

Just one more scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

  • 0

#28
carebear100
Posted 18 November 2010 - 02:28 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
hi salagubang,

I hope that was right.
  • 0

#29
carebear100
Posted 20 November 2010 - 06:43 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 20/11/2010 12:34:32 - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Kirsty\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 482.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.05 Gb Total Space | 104.61 Gb Free Space | 73.65% Space Free | Partition Type: NTFS

Computer Name: KIRSTYSCOMP | User Name: Kirsty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/12/30 07:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 01:00:10 | 000,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/01/31 02:09:28 | 000,604,920 | ---- | M] (iExpert Software) -- C:\Program Files\Registry Clean Expert\RCHelper.exe


========== Modules (SafeList) ==========

MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/01/15 14:31:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kirsty\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\acernb\int15.sys -- (int15.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2009/03/02 05:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/25 19:17:52 | 001,344,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/24 08:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/05 10:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/02/03 06:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/08/05 12:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/15 17:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 12:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 12:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 12:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 12:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 12:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 12:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 12:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 12:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 12:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 12:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 12:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 12:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 12:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 12:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 12:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 12:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 12:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/14 23:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 13:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/02 13:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/01/04 07:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/08 06:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2001/08/17 12:11:30 | 000,096,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 4B 6B AD 4C D0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/17 14:04:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/14 01:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/14 01:51:19 | 000,000,000 | ---D | M]

[2010/01/14 01:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla\Extensions
[2010/01/14 01:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Mozilla\Firefox\Profiles\z2ztpp00.default\extensions
[2010/11/17 15:32:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/12 08:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/17 10:53:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.DLL ( )
O4 - HKCU..\Run: [RegClean Expert Scheduler] C:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/...ader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kirsty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/11 18:34:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 12:30:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/18 11:20:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/17 22:31:40 | 083,439,664 | ---- | C] ( ) -- C:\Documents and Settings\Kirsty\Desktop\setup_9.0.0.722_18.11.2010_00-11.exe
[2010/11/17 22:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\Malwarebytes
[2010/11/17 22:12:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/17 22:12:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/17 22:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/17 22:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/17 22:11:02 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kirsty\Desktop\mbam-setup-1.46.exe
[2010/11/17 14:04:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/11/17 11:09:34 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kirsty\Desktop\TDSSKiller.exe
[2010/11/17 10:50:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/17 10:39:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/16 10:37:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/11/14 19:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/14 19:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kirsty\Application Data\AVG10
[2010/11/14 19:34:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/14 19:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/14 18:37:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/07 22:27:57 | 000,000,000 | ---D | C] -- C:\Adobe
[2010/11/07 22:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1B1D4
[2010/11/07 22:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2010/11/07 22:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/11/07 22:17:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
[2010/11/07 21:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/02 23:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/10/28 21:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/28 21:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/10/26 10:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/21 20:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2009/05/30 03:26:56 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/05/30 03:26:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/03/11 10:19:58 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/11/20 12:33:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job
[2010/11/20 12:25:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\prvlcl.dat
[2010/11/20 12:22:23 | 099,708,865 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/20 12:17:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/20 12:17:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/20 12:17:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/20 12:16:59 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/18 15:25:59 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/11/18 14:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/18 00:27:08 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\gmer.zip
[2010/11/17 22:12:36 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/17 22:07:44 | 083,439,664 | ---- | M] ( ) -- C:\Documents and Settings\Kirsty\Desktop\setup_9.0.0.722_18.11.2010_00-11.exe
[2010/11/17 22:02:32 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kirsty\Desktop\mbam-setup-1.46.exe
[2010/11/17 14:05:07 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/17 11:09:34 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\tdsskiller.zip
[2010/11/17 10:53:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/17 10:44:02 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2010/11/17 10:39:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/17 07:24:00 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kirsty\Desktop\TDSSKiller.exe
[2010/11/16 10:37:16 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/15 18:52:58 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2010/11/15 17:41:36 | 003,909,976 | R--- | M] () -- C:\Documents and Settings\Kirsty\Desktop\ComboFix.exe
[2010/11/13 00:28:24 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Kirsty\Desktop\spybotsd162.exe
[2010/11/12 23:57:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Kirsty\Desktop\HijackThis.exe
[2010/11/08 10:32:00 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Kirsty\Desktop\gmer.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 22:31:17 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2481634561.dat
[2010/11/07 22:19:40 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/11/07 22:10:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/03 17:17:15 | 000,003,581 | ---- | M] () -- C:\Documents and Settings\Kirsty\My Documents\recipes.rtf
[2010/10/31 01:28:52 | 000,434,266 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 01:28:52 | 000,068,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/27 23:23:22 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Kirsty\Desktop\avg_free_stb_all_2011_1153_upgrade.exe
[2010/10/26 10:28:54 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/11/20 12:22:23 | 099,708,865 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/18 00:27:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\gmer.exe
[2010/11/18 00:26:44 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\gmer.zip
[2010/11/18 00:24:02 | 1063,198,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/17 22:12:36 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/17 14:05:07 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/17 11:09:07 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kirsty\Desktop\tdsskiller.zip
[2010/11/17 10:44:02 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2010/11/16 10:37:16 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/15 18:52:58 | 000,000,327 | ---- | C] () -- C:\Boot.bak
[2010/11/15 18:52:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/15 18:44:56 | 003,909,976 | R--- | C] () -- C:\Documents and Settings\Kirsty\Desktop\ComboFix.exe
[2010/11/07 22:31:17 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2481634561.dat
[2010/11/07 22:19:40 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emoticons for your messenger!.url
[2010/11/03 17:17:15 | 000,003,581 | ---- | C] () -- C:\Documents and Settings\Kirsty\My Documents\recipes.rtf
[2010/10/29 22:22:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/26 10:28:54 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/31 07:14:38 | 000,001,408 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/18 11:24:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\prvlcl.dat
[2009/12/20 16:55:07 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Kirsty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/30 03:26:56 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/05/30 03:26:56 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/05/30 03:26:56 | 000,000,245 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/03/11 20:13:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/11 19:22:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/03/11 18:37:01 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/03/11 18:32:09 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/11 18:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/11 10:19:52 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys

========== LOP Check ==========

[2010/11/07 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1B1D4
[2009/03/11 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console
[2010/11/17 14:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/07 22:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/14 19:34:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/18 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2010/11/07 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2010/11/07 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/02 13:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/09/19 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/19 11:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/09/18 17:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/07 22:19:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74E513D3-4879-4E42-A0B8-F85EE8C789EA}
[2009/03/11 19:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Acer
[2009/03/11 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Acer GameZone Console
[2010/11/14 19:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\AVG10
[2010/04/12 17:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Facebook
[2010/04/29 18:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\SulusGames
[2009/03/11 19:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Super-Cow
[2010/01/14 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kirsty\Application Data\Uniblue
[2010/11/20 12:33:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6E8ED68A-DFB9-468F-AE1B-0DDC1B66C577}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/03/11 18:34:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/15 18:52:58 | 000,000,327 | ---- | M] () -- C:\Boot.bak
[2010/11/17 10:39:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/17 10:44:02 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/17 10:57:40 | 000,019,514 | ---- | M] () -- C:\ComboFix.txt
[2009/03/11 18:34:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/20 12:16:59 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/11 18:34:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/18 09:26:30 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000K.enc
[2008/08/07 01:16:21 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02ENP20001.enc
[2009/03/11 18:34:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/20 12:16:58 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/03/11 19:23:42 | 000,001,883 | ---- | M] () -- C:\RHDSetup.log
[2010/07/31 07:14:40 | 000,005,867 | ---- | M] () -- C:\scramble.log
[2009/05/30 03:26:16 | 000,000,190 | ---- | M] () -- C:\Setup.log
[2010/11/17 11:11:25 | 000,048,914 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_17.11.2010_11.09.43_log.txt
[2010/11/17 22:04:58 | 000,050,120 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_17.11.2010_22.01.28_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/03/11 18:29:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/11 18:29:15 | 001,064,960 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/11 18:29:15 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-16 10:38:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379

< End of report >
  • 0

#30
carebear100
Posted 20 November 2010 - 06:48 AM

carebear100

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Salagubang,

otl didn't create an extra.txt, only an otl.txt which is pasted above.

The netbook seems to be running really well, no glitches or errors that i have noticed.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP