Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please remove the virus/trojan in my PC

Started by rhomel , Oct 29 2011 06:45 AM

This topic is locked

#1
rhomel

Posted 29 October 2011 - 06:45 AM

Member

Member
90 posts

The Avira installer was remove after download it. and Vipre antivirus will be appear in tray icon.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8039

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/28/2011 8:03:29 PM
mbam-log-2011-10-28 (20-03-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 164425
Time elapsed: 15 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\jr\local settings\application data\Google\Chrome\application\old_chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{096c749b-defd-42c4-99fa-805c5a89812a}\RP9\A0009479.exe (Trojan.Agent) -> Quarantined and deleted successfully.

OTL logfile created on: 10/28/2011 9:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jr\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.23 Mb Total Physical Memory | 628.63 Mb Available Physical Memory | 70.22% Memory free
2.12 Gb Paging File | 1.90 Gb Available in Paging File | 89.65% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.19 Gb Free Space | 83.45% Space Free | Partition Type: NTFS

Computer Name: PC2 | User Name: jr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 20:24:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jr\My Documents\Downloads\Programs\OTL.exe
PRC - [2011/10/28 20:08:35 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\jr\Local Settings\Temp\winbolisw.exe
PRC - [2011/10/28 20:05:03 | 001,122,618 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
PRC - [2011/10/05 14:56:42 | 003,425,688 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/05/25 07:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2007/10/25 06:20:58 | 000,430,080 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/28 20:08:35 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\jr\Local Settings\Temp\winbolisw.exe
MOD - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2008/09/08 10:57:14 | 000,102,400 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2008/07/31 23:48:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/10/25 06:28:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\LogonDll.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/09/08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/10/25 06:20:58 | 000,430,080 | ---- | M] (Faronics Corporation) [Auto | Running] -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/06 08:14:42 | 000,101,616 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2009/08/05 17:38:22 | 005,874,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/24 12:22:40 | 000,014,208 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/31 20:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/31 20:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/25 06:32:40 | 000,131,472 | ---- | M] (Faronics Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DeepFrz.sys -- (DeepFrz)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xinfeng.net
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/30 12:12:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\jr\Application Data\IDM\idmmzcc5 [2011/08/30 12:08:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\jr\Application Data\IDM\idmmzcc5 [2011/08/30 12:08:24 | 000,000,000 | ---D | M]

[2011/08/30 12:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jr\Application Data\Mozilla\Extensions
[2011/10/28 02:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/28 18:20:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/08/30 12:08:24 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\JR\APPLICATION DATA\IDM\IDMMZCC5
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08F46975-BE20-4679-843B-9BDD5AE0B793}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/19 01:49:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\Shell\AutoRun\command - "" = Sytvsm.exe
O33 - MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\Shell\Explore\Command - "" = Sytvsm.exe
O33 - MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\Shell\Open\Command - "" = Sytvsm.exe
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 19:28:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jr\Recent
[2011/10/28 18:54:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\vlc
[2011/10/28 18:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/10/28 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/28 18:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Start Menu\Programs\BrowserPlus
[2011/10/28 18:19:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/10/28 18:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/10/28 12:27:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/10/28 10:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Local Settings\Application Data\Yahoo
[2011/10/28 02:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/28 02:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/28 02:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/28 02:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Sun
[2011/10/28 02:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\My Documents\DriverGenius
[2011/10/28 01:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2011/10/25 00:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2011/10/25 00:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Sunbelt
[2011/10/25 00:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\ImgBurn
[2011/10/24 23:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/10/24 20:21:41 | 000,000,000 | ---D | C] -- C:\SAVE
[2011/10/24 20:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Half-Life
[2011/10/22 22:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jr\Application Data\Malwarebytes
[2011/10/22 22:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/22 22:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/22 22:13:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/22 22:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/28 20:18:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1682526488-725345543-1003UA.job
[2011/10/28 20:09:06 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/28 20:09:06 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/28 20:04:54 | 000,188,791 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/28 19:31:17 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/28 19:13:35 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\room_v3.dat
[2011/10/28 02:18:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 01:18:01 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1682526488-725345543-1003Core.job
[2011/10/24 23:56:55 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\jr\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/10/24 23:56:55 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/10/22 22:13:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/18 16:25:22 | 213,071,074 | ---- | M] () -- C:\Documents and Settings\jr\Desktop\Johnny.English.Reborn.2011.CAM.XviD-playXD.mp4
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/28 19:31:17 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/28 17:26:09 | 213,071,074 | ---- | C] () -- C:\Documents and Settings\jr\Desktop\Johnny.English.Reborn.2011.CAM.XviD-playXD.mp4
[2011/10/24 23:56:55 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/10/22 22:13:30 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/26 19:14:37 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\jr\Application Data\room_v3.dat
[2011/06/19 15:24:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2011/06/19 10:59:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 01:58:16 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/06/19 01:52:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstet.dat
[2011/06/19 01:46:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/18 18:37:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/31 23:48:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/07/31 23:48:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/31 23:48:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/31 23:48:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/07/31 23:48:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/31 23:48:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/31 23:48:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/07/31 23:48:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/07/31 23:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/28 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\DMCache
[2011/10/28 19:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\IDM
[2011/10/25 00:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\ImgBurn
[2011/08/26 21:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\PointBlank
[2011/10/28 19:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jr\Application Data\uTorrent

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/28/2011 9:06:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jr\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.23 Mb Total Physical Memory | 628.63 Mb Available Physical Memory | 70.22% Memory free
2.12 Gb Paging File | 1.90 Gb Available in Paging File | 89.65% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.19 Gb Free Space | 83.45% Space Free | Partition Type: NTFS

Computer Name: PC2 | User Name: jr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\e-Games\Pointblank\PointBlank.exe" = C:\Program Files\e-Games\Pointblank\PointBlank.exe:*:Enabled:PointBlank -- (Zepetto)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\jr\My Documents\Downloads\Programs\vipre-en-setup.exe" = C:\Documents and Settings\jr\My Documents\Downloads\Programs\vipre-en-setup.exe:*:Enabled:ipsec -- (Sunbelt Software)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\jr\LOCALS~1\Temp\winormtip.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winormtip.exe:*:Enabled:ipsec
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\DOCUME~1\jr\LOCALS~1\Temp\winxvxhwe.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winxvxhwe.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winnvbn.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winnvbn.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winftmfq.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winftmfq.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\windbxv.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\windbxv.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\wincerawi.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\wincerawi.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winugir.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winugir.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\nwiz.exe" = C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec -- ()
"C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe" = C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe:*:Enabled:ipsec -- (Google Inc.)
"C:\WINDOWS\system32\userinit.exe" = C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\jr\LOCALS~1\Temp\uhqc.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\uhqc.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winhrhh.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winhrhh.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\pamcvf.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\pamcvf.exe:*:Enabled:ipsec
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec -- (Malwarebytes Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\DOCUME~1\jr\LOCALS~1\Temp\winbolisw.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winbolisw.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\jr\LOCALS~1\Temp\winxabdbt.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winxabdbt.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\bpjoj.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\bpjoj.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winhomaah.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winhomaah.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\gphnup.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\gphnup.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winqlntb.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winqlntb.exe:*:Enabled:ipsec
"C:\DOCUME~1\jr\LOCALS~1\Temp\winqater.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winqater.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\jr\LOCALS~1\Temp\winstik.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\winstik.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\jr\LOCALS~1\Temp\windrti.exe" = C:\DOCUME~1\jr\LOCALS~1\Temp\windrti.exe:*:Enabled:ipsec -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A014690-36EF-45FC-B97F-F8081E9706B4}" = Pointblank
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Garena Classic 2011" = Garena Classic 2011
"ImgBurn" = ImgBurn
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Pointblank" = Pointblank
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.10 beta 2 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2011 1:07:20 PM | Computer Name = PC2 | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 10/28/2011 1:07:20 PM | Computer Name = PC2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/28/2011 1:07:20 PM | Computer Name = PC2 | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....1A61C7DC25.crt>
with error: The server name or address could not be resolved

Error - 10/28/2011 1:07:20 PM | Computer Name = PC2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 10/28/2011 8:28:56 PM | Computer Name = PC2 | Source = Application Error | ID = 1000
Description = Faulting application sbamui.exe, version 4.0.4280.0, faulting module
sbamui.exe, version 4.0.4280.0, fault address 0x0004bf64.

Error - 10/28/2011 9:32:01 PM | Computer Name = PC2 | Source = MsiInstaller | ID = 10005
Description = Product: VIPRE Antivirus -- Error 2318. File does not exist: C:\Documents
and Settings\All Users\Application Data\Sunbelt\Antimalware\Quarantine\{EB974503-D7E7-4FA9-86EB-1D8D74FC7AD3}_ENC2.

Error - 10/28/2011 9:35:00 PM | Computer Name = PC2 | Source = MsiInstaller | ID = 10005
Description = Product: VIPRE Antivirus -- Error 2318. File does not exist: C:\Documents
and Settings\All Users\Application Data\Sunbelt\Antimalware\Quarantine\{EB974503-D7E7-4FA9-86EB-1D8D74FC7AD3}_ENC2.

Error - 10/28/2011 11:08:21 PM | Computer Name = PC2 | Source = MsiInstaller | ID = 10005
Description = Product: VIPRE Antivirus -- Error 2318. File does not exist: C:\Documents
and Settings\All Users\Application Data\Sunbelt\Antimalware\Quarantine\{EB974503-D7E7-4FA9-86EB-1D8D74FC7AD3}_ENC2.

Error - 10/28/2011 11:17:57 PM | Computer Name = PC2 | Source = MsiInstaller | ID = 10005
Description = Product: VIPRE Antivirus -- Error 2318. File does not exist: C:\Documents
and Settings\All Users\Application Data\Sunbelt\Antimalware\Quarantine\{EB974503-D7E7-4FA9-86EB-1D8D74FC7AD3}_ENC2.

[ System Events ]
Error - 10/28/2011 8:48:13 PM | Computer Name = PC2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort3, did not respond within the timeout
period.

Error - 10/28/2011 8:48:13 PM | Computer Name = PC2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort3, did not respond within the timeout
period.

Error - 10/28/2011 8:51:13 PM | Computer Name = PC2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort3, did not respond within the timeout
period.

Error - 10/28/2011 8:51:57 PM | Computer Name = PC2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort3, did not respond within the timeout
period.

Error - 10/28/2011 8:57:20 PM | Computer Name = PC2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort3, did not respond within the timeout
period.

Error - 10/28/2011 9:07:11 PM | Computer Name = PC2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 10/28/2011 9:21:53 PM | Computer Name = PC2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 10/28/2011 9:37:18 PM | Computer Name = PC2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 10/28/2011 10:31:36 PM | Computer Name = PC2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 10/28/2011 11:05:07 PM | Computer Name = PC2 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

< End of report >

#2
Essexboy

Posted 29 October 2011 - 06:53 AM

GeekU Moderator

Retired Staff
69,964 posts

Hmm a few suspicious events there so I will need a stronger tool

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O33 - MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\Shell\AutoRun\command - "" = Sytvsm.exe
O33 - MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\Shell\Explore\Command - "" = Sytvsm.exe
O33 - MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\Shell\Open\Command - "" = Sytvsm.exe

:Files
ipconfig /flushdns /c
C:\Documents and Settings\jr\Local Settings\Temp\winbolisw.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#3
rhomel

Posted 29 October 2011 - 07:14 AM

Member

Topic Starter
Member
90 posts

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31eb641a-d33b-11e0-bc09-001966797b97}\ not found.
File Sytvsm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31eb641a-d33b-11e0-bc09-001966797b97}\ not found.
File Sytvsm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31eb641a-d33b-11e0-bc09-001966797b97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31eb641a-d33b-11e0-bc09-001966797b97}\ not found.
File Sytvsm.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\jr\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\jr\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\jr\Local Settings\Temp\winbolisw.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: jr
->Temp folder emptied: 26632671 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 59554631 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 521 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66383 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: jr
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 10282011_214626

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\jr\Local Settings\Temp\etilqs_O7vWf0Iug0WlfSP not found!
File\Folder C:\Documents and Settings\jr\Local Settings\Temp\etilqs_Thg3xziY7ynJmoy not found!
C:\WINDOWS\temp\Perflib_Perfdata_d30.dat moved successfully.
File\Folder C:\WINDOWS\temp\SBS_VE_REMD_20110928174306.984_ 942 not found!

Registry entries deleted on Reboot...

#4
rhomel

Posted 29 October 2011 - 07:30 AM

Member

Topic Starter
Member
90 posts

ComboFix 11-10-29.03 - jr 10/28/2011 21:56:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.663 [GMT -7:00]
Running from: c:\documents and settings\jr\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-29 04:46 . 2011-10-29 04:46 -------- d-----w- C:\_OTL
2011-10-29 01:54 . 2011-10-29 01:54 -------- d-----w- c:\documents and settings\jr\Application Data\vlc
2011-10-29 01:53 . 2011-10-29 01:53 -------- d-----w- c:\program files\VideoLAN
2011-10-29 01:20 . 2011-10-29 01:20 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-29 01:19 . 2011-10-29 01:19 -------- d-----w- c:\windows\system32\RTCOM
2011-10-29 01:19 . 2011-10-29 01:19 -------- d-----w- c:\program files\Realtek
2011-10-28 19:27 . 2011-10-29 02:28 -------- d-----w- c:\windows\system32\LogFiles
2011-10-28 17:06 . 2011-10-28 17:06 -------- d-----w- c:\documents and settings\jr\Local Settings\Application Data\Yahoo
2011-10-28 09:12 . 2011-10-28 09:12 -------- d-----w- c:\program files\Common Files\Java
2011-10-28 09:12 . 2011-10-28 09:12 -------- d-----w- c:\program files\Java
2011-10-28 08:48 . 2011-10-28 08:48 -------- d-----w- c:\program files\Driver-Soft
2011-10-25 07:08 . 2011-10-25 07:08 -------- d-----w- c:\documents and settings\jr\Application Data\ImgBurn
2011-10-25 07:04 . 2011-10-29 01:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-25 06:55 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-25 06:55 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-10-25 03:21 . 2011-10-25 03:21 -------- d-----w- C:\SAVE
2011-10-25 03:15 . 2011-10-25 03:16 -------- d-----w- c:\program files\Half-Life
2011-10-23 05:13 . 2011-10-23 05:13 -------- d-----w- c:\documents and settings\jr\Application Data\Malwarebytes
2011-10-23 05:13 . 2011-10-23 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-23 05:13 . 2011-10-23 05:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-23 05:13 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 06:53 . 2011-08-30 19:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-10-05 3425688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"nwiz"="nwiz.exe" [2008-08-01 1703936]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 523336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2007-10-25 13:28 65536 ----a-w- c:\windows\system32\LogonDll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 17:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\e-Games\\Pointblank\\PointBlank.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\jr\\My Documents\\Downloads\\Programs\\vipre-en-setup.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Documents and Settings\\jr\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Documents and Settings\\jr\\Local Settings\\Application Data\\Google\\Update\\1.3.21.69\\GoogleCrashHandler.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
.
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [10/25/2007 6:32 AM 131472]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/23/2010 12:00 PM 101616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/22/2011 10:13 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/22/2011 10:13 PM 22216]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/19/2011 2:02 AM 1684736]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Classic\safedrv.sys --> c:\program files\Garena Classic\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1682526488-725345543-1003Core.job
- c:\documents and settings\jr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-19 17:47]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1682526488-725345543-1003UA.job
- c:\documents and settings\jr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-19 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xinfeng.net
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\jr\Application Data\Mozilla\Firefox\Profiles\2cwflbho.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-SBAMSvc
SafeBoot-SBPIMSvc
.
.
.
**************************************************************************
.
Ok.
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-28 22:01
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0ee4a6df-bed9-4cc9-9188-ec6ae74809b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000129
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5b,2d,66,99,b6,09,e0,a5,df,23,0b,e6,14,5a,a0,7c,74,b2,b0,1b,33,
06,e7,85,56,68,db,14,5a,7d,e9,75,d5,e3,53,80,fb,d4,27,44,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\LogonDll.dll
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\nvLsp.dll
.
- - - - - - - > 'explorer.exe'(536)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
.
**************************************************************************
.
Completion time: 2011-10-28 22:04:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-29 05:04
.
Pre-Run: 66,658,082,816 bytes free
Post-Run: 66,551,889,920 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B659B67AA34E84B400430EB79F12232E

#5
rhomel

Posted 29 October 2011 - 07:33 AM

Member

Topic Starter
Member
90 posts

Task manager - disable again..

#6
Essexboy

Posted 29 October 2011 - 07:34 AM

GeekU Moderator

Retired Staff
69,964 posts

OK methinks we may be looking at a form of rootkit

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

#7
rhomel

Posted 29 October 2011 - 10:41 AM

Member

Topic Starter
Member
90 posts

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-29 00:32:22
-----------------------------
00:32:22.046 OS Version: Windows 5.1.2600 Service Pack 2
00:32:22.046 Number of processors: 1 586 0x7F01
00:32:22.046 ComputerName: PC2 UserName: jr
00:32:22.578 Initialize success
00:34:01.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7
00:34:01.953 Disk 0 Vendor: ST380215AS 3.AAD Size: 76319MB BusType: 3
00:34:03.953 Disk 0 MBR read successfully
00:34:03.953 Disk 0 MBR scan
00:34:03.953 Disk 0 Windows XP default MBR code
00:34:03.953 Disk 0 scanning sectors +156280320
00:34:04.031 Disk 0 scanning C:\WINDOWS\system32\drivers
00:34:09.046 Service scanning
00:34:09.890 Modules scanning
00:34:33.343 Disk 0 trace - called modules:
00:34:33.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:34:33.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ac8ab8]
00:34:33.343 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\00000066[0x84a5d278]
00:34:33.343 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0x84a70d98]
00:34:33.859 Scan finished successfully
00:34:52.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jr\Desktop\MBR.dat"
00:34:52.437 The log file has been saved successfully to "C:\Documents and Settings\jr\Desktop\aswMBR.txt"

#8
Essexboy

Posted 29 October 2011 - 10:58 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you disable deep freeze please as that may be affecting my tools

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

Megaupload

#9
rhomel

Posted 29 October 2011 - 11:24 AM

Member

Topic Starter
Member
90 posts

Server not found

Firefox can't find the server at devbuilds.kaspersky-labs.com.

the deep freeze - disable.
Task manager - disable

#10
Essexboy

Posted 29 October 2011 - 11:34 AM

GeekU Moderator

Retired Staff
69,964 posts

I am going to close some ports now and attach TDSSKiller for you. Download the attached zip file and extract the programme to your desktop and then follow the TDSSKiller instructions

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\jr\My Documents\Downloads\Programs\vipre-en-setup.exe"=-
"C:\WINDOWS\Explorer.EXE"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winormtip.exe"=-
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winxvxhwe.exe"-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winnvbn.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winftmfq.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\windbxv.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\wincerawi.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winugir.exe"=-
"C:\WINDOWS\system32\nwiz.exe"=-
"C:\Documents and Settings\jr\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe"=-
"C:\WINDOWS\system32\userinit.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\uhqc.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winhrhh.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\pamcvf.exe"=-
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"=-)
"C:\Program Files\Mozilla Firefox\firefox.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winbolisw.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winxabdbt.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\bpjoj.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winhomaah.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\gphnup.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winqlntb.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winqater.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\winstik.exe"=-
"C:\DOCUME~1\jr\LOCALS~1\Temp\windrti.exe"=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#11
rhomel

Posted 29 October 2011 - 12:28 PM

Member

Topic Starter
Member
90 posts

02:30:57.0984 4028 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
02:30:59.0984 4028 ============================================================
02:30:59.0984 4028 Current date / time: 2011/10/29 02:30:59.0984
02:30:59.0984 4028 SystemInfo:
02:30:59.0984 4028
02:30:59.0984 4028 OS Version: 5.1.2600 ServicePack: 2.0
02:30:59.0984 4028 Product type: Workstation
02:30:59.0984 4028 ComputerName: PC2
02:30:59.0984 4028 UserName: jr
02:30:59.0984 4028 Windows directory: C:\WINDOWS
02:30:59.0984 4028 System windows directory: C:\WINDOWS
02:30:59.0984 4028 Processor architecture: Intel x86
02:30:59.0984 4028 Number of processors: 1
02:30:59.0984 4028 Page size: 0x1000
02:30:59.0984 4028 Boot type: Normal boot
02:30:59.0984 4028 ============================================================
02:31:00.0546 4028 Initialize success
02:31:08.0468 0620 ============================================================
02:31:08.0468 0620 Scan started
02:31:08.0468 0620 Mode: Manual;
02:31:08.0468 0620 ============================================================
02:31:08.0921 0620 Abiosdsk - ok
02:31:09.0015 0620 abp470n5 - ok
02:31:09.0062 0620 abp480n5 - ok
02:31:09.0156 0620 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:31:09.0156 0620 ACPI - ok
02:31:09.0265 0620 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:31:09.0265 0620 ACPIEC - ok
02:31:09.0375 0620 adpu160m - ok
02:31:09.0500 0620 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
02:31:09.0515 0620 aec - ok
02:31:09.0656 0620 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
02:31:09.0656 0620 AFD - ok
02:31:09.0750 0620 Aha154x - ok
02:31:09.0859 0620 aic78u2 - ok
02:31:09.0953 0620 aic78xx - ok
02:31:10.0062 0620 AliIde - ok
02:31:10.0218 0620 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
02:31:10.0265 0620 Ambfilt - ok
02:31:10.0375 0620 amsint - ok
02:31:10.0468 0620 asc - ok
02:31:10.0578 0620 asc3350p - ok
02:31:10.0671 0620 asc3550 - ok
02:31:10.0812 0620 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:31:10.0812 0620 AsyncMac - ok
02:31:10.0953 0620 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:31:10.0953 0620 atapi - ok
02:31:11.0062 0620 Atdisk - ok
02:31:11.0187 0620 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:31:11.0187 0620 Atmarpc - ok
02:31:11.0328 0620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:31:11.0328 0620 audstub - ok
02:31:11.0484 0620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:31:11.0484 0620 Beep - ok
02:31:11.0500 0620 catchme - ok
02:31:11.0625 0620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:31:11.0625 0620 cbidf2k - ok
02:31:11.0734 0620 cd20xrnt - ok
02:31:11.0859 0620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:31:11.0859 0620 Cdaudio - ok
02:31:12.0015 0620 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:31:12.0031 0620 Cdfs - ok
02:31:12.0203 0620 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:31:12.0203 0620 Cdrom - ok
02:31:12.0312 0620 Changer - ok
02:31:12.0406 0620 CmdIde - ok
02:31:12.0515 0620 Cpqarray - ok
02:31:12.0609 0620 dac2w2k - ok
02:31:12.0687 0620 dac960nt - ok
02:31:12.0796 0620 DeepFrz (ebcc785ab56b262629dd74450947d466) C:\WINDOWS\system32\drivers\DeepFrz.sys
02:31:12.0796 0620 DeepFrz - ok
02:31:12.0937 0620 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:31:12.0953 0620 Disk - ok
02:31:13.0125 0620 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:31:13.0156 0620 dmboot - ok
02:31:13.0296 0620 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:31:13.0296 0620 dmio - ok
02:31:13.0437 0620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:31:13.0437 0620 dmload - ok
02:31:13.0531 0620 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:31:13.0531 0620 DMusic - ok
02:31:13.0640 0620 dpti2o - ok
02:31:13.0750 0620 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:31:13.0750 0620 drmkaud - ok
02:31:13.0859 0620 EagleXNt - ok
02:31:14.0000 0620 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:31:14.0000 0620 Fastfat - ok
02:31:14.0140 0620 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:31:14.0140 0620 Fdc - ok
02:31:14.0265 0620 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:31:14.0265 0620 Fips - ok
02:31:14.0359 0620 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:31:14.0359 0620 Flpydisk - ok
02:31:14.0484 0620 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:31:14.0500 0620 FltMgr - ok
02:31:14.0640 0620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:31:14.0640 0620 Fs_Rec - ok
02:31:14.0781 0620 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:31:14.0781 0620 Ftdisk - ok
02:31:14.0859 0620 GGSAFERDriver - ok
02:31:14.0984 0620 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:31:14.0984 0620 Gpc - ok
02:31:15.0140 0620 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:31:15.0140 0620 HDAudBus - ok
02:31:15.0281 0620 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:31:15.0281 0620 HidUsb - ok
02:31:15.0390 0620 hpn - ok
02:31:15.0500 0620 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
02:31:15.0500 0620 HTTP - ok
02:31:15.0593 0620 i2omgmt - ok
02:31:15.0671 0620 i2omp - ok
02:31:15.0812 0620 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:31:15.0812 0620 i8042prt - ok
02:31:15.0953 0620 IDMTDI (330a6a0baf4fd945bde14c7b1d88d9b9) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
02:31:15.0953 0620 IDMTDI - ok
02:31:16.0109 0620 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:31:16.0109 0620 Imapi - ok
02:31:16.0218 0620 ini910u - ok
02:31:16.0468 0620 IntcAzAudAddService (0ce2eab2ffb33b8b0ef2b8e0d8b3f026) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:31:16.0515 0620 IntcAzAudAddService - ok
02:31:16.0625 0620 IntelIde - ok
02:31:16.0734 0620 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:31:16.0750 0620 Ip6Fw - ok
02:31:16.0875 0620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:31:16.0875 0620 IpFilterDriver - ok
02:31:17.0000 0620 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:31:17.0000 0620 IpInIp - ok
02:31:17.0125 0620 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:31:17.0125 0620 IpNat - ok
02:31:17.0265 0620 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:31:17.0265 0620 IPSec - ok
02:31:17.0343 0620 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:31:17.0343 0620 IRENUM - ok
02:31:17.0468 0620 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:31:17.0468 0620 isapnp - ok
02:31:17.0593 0620 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:31:17.0593 0620 Kbdclass - ok
02:31:17.0734 0620 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:31:17.0734 0620 kbdhid - ok
02:31:17.0875 0620 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
02:31:17.0875 0620 kmixer - ok
02:31:18.0015 0620 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
02:31:18.0015 0620 KSecDD - ok
02:31:18.0125 0620 lbrtfdc - ok
02:31:18.0281 0620 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
02:31:18.0281 0620 MBAMProtector - ok
02:31:18.0390 0620 MBAMSwissArmy - ok
02:31:18.0531 0620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:31:18.0546 0620 mnmdd - ok
02:31:18.0687 0620 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:31:18.0687 0620 Modem - ok
02:31:18.0843 0620 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
02:31:18.0890 0620 Monfilt - ok
02:31:19.0031 0620 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:31:19.0031 0620 Mouclass - ok
02:31:19.0171 0620 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:31:19.0171 0620 mouhid - ok
02:31:19.0296 0620 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:31:19.0296 0620 MountMgr - ok
02:31:19.0359 0620 mraid35x - ok
02:31:19.0484 0620 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:31:19.0484 0620 MRxDAV - ok
02:31:19.0640 0620 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:31:19.0640 0620 MRxSmb - ok
02:31:19.0781 0620 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:31:19.0781 0620 Msfs - ok
02:31:19.0921 0620 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:31:19.0921 0620 MSKSSRV - ok
02:31:20.0062 0620 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:31:20.0078 0620 MSPCLOCK - ok
02:31:20.0203 0620 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:31:20.0203 0620 MSPQM - ok
02:31:20.0375 0620 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:31:20.0375 0620 mssmbios - ok
02:31:20.0515 0620 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:31:20.0531 0620 Mup - ok
02:31:20.0671 0620 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:31:20.0671 0620 NDIS - ok
02:31:20.0812 0620 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:31:20.0812 0620 NdisTapi - ok
02:31:20.0953 0620 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:31:20.0953 0620 Ndisuio - ok
02:31:21.0078 0620 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:31:21.0078 0620 NdisWan - ok
02:31:21.0218 0620 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:31:21.0218 0620 NDProxy - ok
02:31:21.0312 0620 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:31:21.0312 0620 NetBIOS - ok
02:31:21.0437 0620 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:31:21.0437 0620 NetBT - ok
02:31:21.0593 0620 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:31:21.0593 0620 Npfs - ok
02:31:21.0765 0620 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
02:31:21.0796 0620 Ntfs - ok
02:31:21.0937 0620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:31:21.0953 0620 Null - ok
02:31:22.0312 0620 nv (597a5167c509547fc691416887171079) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:31:22.0468 0620 nv - ok
02:31:22.0593 0620 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:31:22.0593 0620 NVENETFD - ok
02:31:22.0734 0620 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:31:22.0734 0620 nvnetbus - ok
02:31:22.0843 0620 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
02:31:22.0843 0620 nvsmu - ok
02:31:22.0984 0620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:31:23.0000 0620 NwlnkFlt - ok
02:31:23.0125 0620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:31:23.0125 0620 NwlnkFwd - ok
02:31:23.0265 0620 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:31:23.0265 0620 Parport - ok
02:31:23.0406 0620 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:31:23.0406 0620 PartMgr - ok
02:31:23.0546 0620 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:31:23.0546 0620 ParVdm - ok
02:31:23.0671 0620 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:31:23.0671 0620 PCI - ok
02:31:23.0843 0620 PCIDump - ok
02:31:24.0015 0620 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:31:24.0031 0620 PCIIde - ok
02:31:24.0156 0620 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:31:24.0156 0620 Pcmcia - ok
02:31:24.0265 0620 PDCOMP - ok
02:31:24.0375 0620 PDFRAME - ok
02:31:24.0453 0620 PDRELI - ok
02:31:24.0562 0620 PDRFRAME - ok
02:31:24.0656 0620 perc2 - ok
02:31:24.0718 0620 perc2hib - ok
02:31:24.0875 0620 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:31:24.0875 0620 PptpMiniport - ok
02:31:25.0015 0620 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
02:31:25.0015 0620 Processor - ok
02:31:25.0156 0620 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:31:25.0156 0620 PSched - ok
02:31:25.0312 0620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:31:25.0312 0620 Ptilink - ok
02:31:25.0421 0620 ql1080 - ok
02:31:25.0484 0620 Ql10wnt - ok
02:31:25.0562 0620 ql12160 - ok
02:31:25.0640 0620 ql1240 - ok
02:31:25.0843 0620 ql1280 - ok
02:31:26.0031 0620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:31:26.0031 0620 RasAcd - ok
02:31:26.0171 0620 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:31:26.0171 0620 Rasl2tp - ok
02:31:26.0328 0620 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:31:26.0328 0620 RasPppoe - ok
02:31:26.0453 0620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:31:26.0453 0620 Raspti - ok
02:31:26.0562 0620 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:31:26.0562 0620 Rdbss - ok
02:31:26.0703 0620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:31:26.0703 0620 RDPCDD - ok
02:31:26.0828 0620 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:31:26.0828 0620 rdpdr - ok
02:31:26.0984 0620 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
02:31:27.0000 0620 RDPWD - ok
02:31:27.0140 0620 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:31:27.0140 0620 redbook - ok
02:31:27.0312 0620 sbaphd (6627325e92595a1854cc0dead61c25b2) C:\WINDOWS\system32\drivers\sbaphd.sys
02:31:27.0312 0620 sbaphd - ok
02:31:27.0437 0620 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\WINDOWS\system32\drivers\sbapifs.sys
02:31:27.0453 0620 sbapifs - ok
02:31:27.0593 0620 SBRE (16b11c7940182163d680284ebd0b5342) C:\WINDOWS\system32\drivers\SBREdrv.sys
02:31:27.0593 0620 SBRE - ok
02:31:27.0718 0620 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
02:31:27.0718 0620 SbTis - ok
02:31:27.0859 0620 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:31:27.0875 0620 Secdrv - ok
02:31:28.0015 0620 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:31:28.0015 0620 serenum - ok
02:31:28.0140 0620 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:31:28.0140 0620 Serial - ok
02:31:28.0281 0620 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:31:28.0281 0620 Sfloppy - ok
02:31:28.0390 0620 Simbad - ok
02:31:28.0468 0620 Sparrow - ok
02:31:28.0578 0620 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
02:31:28.0578 0620 splitter - ok
02:31:28.0718 0620 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:31:28.0718 0620 sr - ok
02:31:28.0875 0620 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
02:31:28.0875 0620 Srv - ok
02:31:29.0031 0620 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:31:29.0031 0620 swenum - ok
02:31:29.0296 0620 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:31:29.0312 0620 swmidi - ok
02:31:29.0468 0620 symc810 - ok
02:31:29.0562 0620 symc8xx - ok
02:31:29.0640 0620 sym_hi - ok
02:31:29.0750 0620 sym_u3 - ok
02:31:29.0890 0620 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:31:29.0890 0620 sysaudio - ok
02:31:30.0046 0620 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:31:30.0062 0620 Tcpip - ok
02:31:30.0203 0620 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:31:30.0203 0620 TDPIPE - ok
02:31:30.0343 0620 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:31:30.0343 0620 TDTCP - ok
02:31:30.0468 0620 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:31:30.0468 0620 TermDD - ok
02:31:30.0593 0620 TosIde - ok
02:31:30.0703 0620 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:31:30.0718 0620 Udfs - ok
02:31:30.0812 0620 ultra - ok
02:31:30.0875 0620 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:31:30.0890 0620 Update - ok
02:31:31.0015 0620 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:31:31.0015 0620 usbccgp - ok
02:31:31.0140 0620 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:31:31.0140 0620 usbehci - ok
02:31:31.0296 0620 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:31:31.0296 0620 usbhub - ok
02:31:31.0437 0620 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:31:31.0437 0620 usbohci - ok
02:31:31.0546 0620 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:31:31.0546 0620 USBSTOR - ok
02:31:31.0687 0620 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:31:31.0687 0620 VgaSave - ok
02:31:31.0750 0620 ViaIde - ok
02:31:31.0859 0620 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:31:31.0859 0620 VolSnap - ok
02:31:32.0015 0620 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:31:32.0015 0620 Wanarp - ok
02:31:32.0109 0620 WDICA - ok
02:31:32.0171 0620 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
02:31:32.0171 0620 wdmaud - ok
02:31:32.0359 0620 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:31:32.0359 0620 WmiAcpi - ok
02:31:32.0500 0620 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:31:32.0500 0620 WS2IFSL - ok
02:31:32.0546 0620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:31:32.0656 0620 \Device\Harddisk0\DR0 - ok
02:31:32.0671 0620 Boot (0x1200) (c4760a833519eab4f27846482c206530) \Device\Harddisk0\DR0\Partition0
02:31:32.0671 0620 \Device\Harddisk0\DR0\Partition0 - ok
02:31:32.0671 0620 ============================================================
02:31:32.0671 0620 Scan finished
02:31:32.0671 0620 ============================================================
02:31:32.0687 1880 Detected object count: 0
02:31:32.0687 1880 Actual detected object count: 0
02:31:47.0000 4024 Deinitialize success

#12
Essexboy

Posted 29 October 2011 - 12:30 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you retry AVP please - I will work up something else if that fails

#13
rhomel

Posted 29 October 2011 - 12:36 PM

Member

Topic Starter
Member
90 posts

02:48:29.0687 3660 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
02:48:31.0687 3660 ============================================================
02:48:31.0687 3660 Current date / time: 2011/10/29 02:48:31.0687
02:48:31.0687 3660 SystemInfo:
02:48:31.0687 3660
02:48:31.0687 3660 OS Version: 5.1.2600 ServicePack: 2.0
02:48:31.0687 3660 Product type: Workstation
02:48:31.0687 3660 ComputerName: PC2
02:48:31.0687 3660 UserName: jr
02:48:31.0687 3660 Windows directory: C:\WINDOWS
02:48:31.0687 3660 System windows directory: C:\WINDOWS
02:48:31.0687 3660 Processor architecture: Intel x86
02:48:31.0687 3660 Number of processors: 1
02:48:31.0687 3660 Page size: 0x1000
02:48:31.0687 3660 Boot type: Normal boot
02:48:31.0687 3660 ============================================================
02:48:32.0156 3660 Initialize success
02:48:36.0984 3868 ============================================================
02:48:36.0984 3868 Scan started
02:48:36.0984 3868 Mode: Manual; SigCheck; TDLFS;
02:48:36.0984 3868 ============================================================
02:48:37.0843 3868 Abiosdsk - ok
02:48:37.0937 3868 abp470n5 - ok
02:48:38.0015 3868 abp480n5 - ok
02:48:38.0140 3868 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:48:39.0312 3868 ACPI - ok
02:48:39.0421 3868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:48:39.0562 3868 ACPIEC - ok
02:48:39.0656 3868 adpu160m - ok
02:48:39.0734 3868 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
02:48:39.0875 3868 aec - ok
02:48:40.0000 3868 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
02:48:40.0140 3868 AFD - ok
02:48:40.0234 3868 Aha154x - ok
02:48:40.0328 3868 aic78u2 - ok
02:48:40.0421 3868 aic78xx - ok
02:48:40.0515 3868 AliIde - ok
02:48:40.0609 3868 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
02:48:40.0718 3868 Ambfilt - ok
02:48:40.0843 3868 amsint - ok
02:48:40.0968 3868 asc - ok
02:48:41.0031 3868 asc3350p - ok
02:48:41.0109 3868 asc3550 - ok
02:48:41.0218 3868 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:48:41.0343 3868 AsyncMac - ok
02:48:41.0484 3868 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:48:41.0625 3868 atapi - ok
02:48:41.0718 3868 Atdisk - ok
02:48:41.0843 3868 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:48:41.0968 3868 Atmarpc - ok
02:48:42.0109 3868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:48:42.0250 3868 audstub - ok
02:48:42.0390 3868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:48:42.0531 3868 Beep - ok
02:48:42.0546 3868 catchme - ok
02:48:42.0671 3868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:48:42.0812 3868 cbidf2k - ok
02:48:42.0921 3868 cd20xrnt - ok
02:48:43.0062 3868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:48:43.0203 3868 Cdaudio - ok
02:48:43.0484 3868 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:48:43.0640 3868 Cdfs - ok
02:48:43.0765 3868 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:48:43.0906 3868 Cdrom - ok
02:48:44.0000 3868 Changer - ok
02:48:44.0031 3868 CmdIde - ok
02:48:44.0109 3868 Cpqarray - ok
02:48:44.0187 3868 dac2w2k - ok
02:48:44.0265 3868 dac960nt - ok
02:48:44.0375 3868 DeepFrz (ebcc785ab56b262629dd74450947d466) C:\WINDOWS\system32\drivers\DeepFrz.sys
02:48:57.0531 3868 DeepFrz - ok
02:48:57.0656 3868 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:48:57.0828 3868 Disk - ok
02:48:57.0984 3868 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:48:58.0171 3868 dmboot - ok
02:48:58.0312 3868 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:48:58.0468 3868 dmio - ok
02:48:58.0593 3868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:48:58.0765 3868 dmload - ok
02:48:58.0890 3868 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:48:59.0046 3868 DMusic - ok
02:48:59.0140 3868 dpti2o - ok
02:48:59.0250 3868 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:48:59.0437 3868 drmkaud - ok
02:48:59.0531 3868 EagleXNt - ok
02:48:59.0640 3868 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:48:59.0812 3868 Fastfat - ok
02:48:59.0937 3868 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:49:00.0109 3868 Fdc - ok
02:49:00.0281 3868 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:49:00.0453 3868 Fips - ok
02:49:00.0578 3868 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:49:00.0750 3868 Flpydisk - ok
02:49:00.0875 3868 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:49:01.0046 3868 FltMgr - ok
02:49:01.0171 3868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:49:01.0328 3868 Fs_Rec - ok
02:49:01.0453 3868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:49:01.0625 3868 Ftdisk - ok
02:49:01.0703 3868 GGSAFERDriver - ok
02:49:01.0828 3868 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:49:02.0015 3868 Gpc - ok
02:49:02.0156 3868 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:49:02.0203 3868 HDAudBus - ok
02:49:02.0359 3868 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:49:02.0578 3868 HidUsb - ok
02:49:02.0671 3868 hpn - ok
02:49:02.0859 3868 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
02:49:03.0062 3868 HTTP - ok
02:49:03.0156 3868 i2omgmt - ok
02:49:03.0250 3868 i2omp - ok
02:49:03.0375 3868 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:49:03.0546 3868 i8042prt - ok
02:49:03.0687 3868 IDMTDI (330a6a0baf4fd945bde14c7b1d88d9b9) C:\WINDOWS\system32\DRIVERS\idmtdi.sys
02:49:03.0687 3868 IDMTDI - ok
02:49:03.0828 3868 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:49:03.0984 3868 Imapi - ok
02:49:04.0093 3868 ini910u - ok
02:49:04.0437 3868 IntcAzAudAddService (0ce2eab2ffb33b8b0ef2b8e0d8b3f026) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:49:04.0734 3868 IntcAzAudAddService - ok
02:49:04.0843 3868 IntelIde - ok
02:49:04.0968 3868 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:49:05.0125 3868 Ip6Fw - ok
02:49:05.0250 3868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:49:05.0390 3868 IpFilterDriver - ok
02:49:05.0500 3868 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:49:05.0671 3868 IpInIp - ok
02:49:05.0812 3868 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:49:05.0968 3868 IpNat - ok
02:49:06.0093 3868 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:49:06.0250 3868 IPSec - ok
02:49:06.0390 3868 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:49:06.0437 3868 IRENUM - ok
02:49:06.0578 3868 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:49:06.0750 3868 isapnp - ok
02:49:06.0890 3868 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:49:07.0031 3868 Kbdclass - ok
02:49:07.0203 3868 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:49:07.0406 3868 kbdhid - ok
02:49:07.0578 3868 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
02:49:07.0734 3868 kmixer - ok
02:49:07.0859 3868 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
02:49:08.0015 3868 KSecDD - ok
02:49:08.0109 3868 lbrtfdc - ok
02:49:08.0265 3868 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
02:49:08.0265 3868 MBAMProtector - ok
02:49:08.0375 3868 MBAMSwissArmy - ok
02:49:08.0515 3868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:49:08.0656 3868 mnmdd - ok
02:49:08.0781 3868 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:49:08.0906 3868 Modem - ok
02:49:09.0062 3868 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
02:49:09.0140 3868 Monfilt - ok
02:49:09.0265 3868 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:49:09.0453 3868 Mouclass - ok
02:49:09.0578 3868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:49:09.0734 3868 mouhid - ok
02:49:09.0859 3868 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:49:10.0000 3868 MountMgr - ok
02:49:10.0109 3868 mraid35x - ok
02:49:10.0250 3868 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:49:10.0406 3868 MRxDAV - ok
02:49:10.0546 3868 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:49:10.0687 3868 MRxSmb - ok
02:49:10.0812 3868 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:49:11.0000 3868 Msfs - ok
02:49:11.0140 3868 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:49:11.0281 3868 MSKSSRV - ok
02:49:11.0421 3868 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:49:11.0578 3868 MSPCLOCK - ok
02:49:11.0703 3868 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:49:11.0859 3868 MSPQM - ok
02:49:11.0984 3868 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:49:12.0140 3868 mssmbios - ok
02:49:12.0265 3868 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:49:12.0937 3868 Mup - ok
02:49:13.0062 3868 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:49:13.0187 3868 NDIS - ok
02:49:13.0312 3868 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:49:13.0468 3868 NdisTapi - ok
02:49:13.0609 3868 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:49:13.0750 3868 Ndisuio - ok
02:49:13.0906 3868 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:49:14.0109 3868 NdisWan - ok
02:49:14.0234 3868 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:49:14.0375 3868 NDProxy - ok
02:49:14.0515 3868 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:49:14.0687 3868 NetBIOS - ok
02:49:14.0828 3868 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:49:15.0000 3868 NetBT - ok
02:49:15.0140 3868 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:49:15.0250 3868 Npfs - ok
02:49:15.0406 3868 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
02:49:15.0578 3868 Ntfs - ok
02:49:15.0703 3868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:49:15.0843 3868 Null - ok
02:49:16.0125 3868 nv (597a5167c509547fc691416887171079) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:49:16.0546 3868 nv - ok
02:49:16.0812 3868 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:49:16.0859 3868 NVENETFD - ok
02:49:16.0984 3868 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:49:17.0031 3868 nvnetbus - ok
02:49:17.0171 3868 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
02:49:17.0234 3868 nvsmu - ok
02:49:17.0359 3868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:49:17.0515 3868 NwlnkFlt - ok
02:49:17.0640 3868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:49:17.0750 3868 NwlnkFwd - ok
02:49:17.0875 3868 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:49:18.0015 3868 Parport - ok
02:49:18.0140 3868 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:49:18.0265 3868 PartMgr - ok
02:49:18.0390 3868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:49:18.0515 3868 ParVdm - ok
02:49:18.0656 3868 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:49:18.0781 3868 PCI - ok
02:49:18.0875 3868 PCIDump - ok
02:49:18.0984 3868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:49:19.0109 3868 PCIIde - ok
02:49:19.0250 3868 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:49:19.0359 3868 Pcmcia - ok
02:49:19.0437 3868 PDCOMP - ok
02:49:19.0515 3868 PDFRAME - ok
02:49:19.0609 3868 PDRELI - ok
02:49:19.0765 3868 PDRFRAME - ok
02:49:19.0859 3868 perc2 - ok
02:49:19.0968 3868 perc2hib - ok
02:49:20.0171 3868 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:49:20.0546 3868 PptpMiniport - ok
02:49:20.0796 3868 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
02:49:20.0921 3868 Processor - ok
02:49:21.0171 3868 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:49:21.0312 3868 PSched - ok
02:49:21.0578 3868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:49:21.0703 3868 Ptilink - ok
02:49:21.0890 3868 ql1080 - ok
02:49:22.0062 3868 Ql10wnt - ok
02:49:22.0250 3868 ql12160 - ok
02:49:22.0421 3868 ql1240 - ok
02:49:22.0625 3868 ql1280 - ok
02:49:22.0781 3868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:49:22.0921 3868 RasAcd - ok
02:49:23.0093 3868 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:49:23.0203 3868 Rasl2tp - ok
02:49:23.0375 3868 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:49:23.0515 3868 RasPppoe - ok
02:49:23.0671 3868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:49:24.0406 3868 Raspti - ok
02:49:24.0875 3868 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:49:25.0453 3868 Rdbss - ok
02:49:25.0578 3868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:49:25.0718 3868 RDPCDD - ok
02:49:25.0875 3868 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:49:26.0031 3868 rdpdr - ok
02:49:26.0187 3868 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
02:49:26.0296 3868 RDPWD - ok
02:49:26.0453 3868 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:49:26.0609 3868 redbook - ok
02:49:26.0750 3868 sbaphd (6627325e92595a1854cc0dead61c25b2) C:\WINDOWS\system32\drivers\sbaphd.sys
02:49:26.0765 3868 sbaphd - ok
02:49:26.0890 3868 sbapifs (6b650ed23a6677e197cdfc8a99cfcd8c) C:\WINDOWS\system32\drivers\sbapifs.sys
02:49:26.0890 3868 sbapifs - ok
02:49:27.0046 3868 SBRE (16b11c7940182163d680284ebd0b5342) C:\WINDOWS\system32\drivers\SBREdrv.sys
02:49:27.0062 3868 SBRE - ok
02:49:27.0187 3868 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
02:49:27.0203 3868 SbTis - ok
02:49:27.0359 3868 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:49:27.0421 3868 Secdrv - ok
02:49:27.0546 3868 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:49:27.0687 3868 serenum - ok
02:49:27.0812 3868 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:49:27.0937 3868 Serial - ok
02:49:28.0062 3868 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:49:28.0203 3868 Sfloppy - ok
02:49:28.0296 3868 Simbad - ok
02:49:28.0390 3868 Sparrow - ok
02:49:28.0531 3868 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
02:49:28.0671 3868 splitter - ok
02:49:28.0812 3868 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:49:28.0875 3868 sr - ok
02:49:29.0015 3868 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
02:49:29.0171 3868 Srv - ok
02:49:29.0328 3868 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:49:29.0468 3868 swenum - ok
02:49:29.0609 3868 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:49:29.0734 3868 swmidi - ok
02:49:29.0828 3868 symc810 - ok
02:49:29.0906 3868 symc8xx - ok
02:49:29.0984 3868 sym_hi - ok
02:49:30.0015 3868 sym_u3 - ok
02:49:30.0062 3868 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:49:30.0203 3868 sysaudio - ok
02:49:30.0375 3868 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:49:30.0531 3868 Tcpip - ok
02:49:30.0687 3868 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:49:30.0828 3868 TDPIPE - ok
02:49:30.0953 3868 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:49:31.0078 3868 TDTCP - ok
02:49:31.0218 3868 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:49:31.0359 3868 TermDD - ok
02:49:31.0531 3868 TosIde - ok
02:49:31.0734 3868 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:49:31.0859 3868 Udfs - ok
02:49:31.0937 3868 ultra - ok
02:49:32.0046 3868 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:49:32.0187 3868 Update - ok
02:49:32.0328 3868 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:49:32.0437 3868 usbccgp - ok
02:49:32.0578 3868 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:49:32.0703 3868 usbehci - ok
02:49:32.0828 3868 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:49:32.0953 3868 usbhub - ok
02:49:33.0093 3868 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:49:33.0218 3868 usbohci - ok
02:49:33.0359 3868 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:49:33.0468 3868 USBSTOR - ok
02:49:33.0593 3868 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:49:33.0734 3868 VgaSave - ok
02:49:33.0828 3868 ViaIde - ok
02:49:33.0937 3868 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:49:34.0046 3868 VolSnap - ok
02:49:34.0187 3868 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:49:34.0312 3868 Wanarp - ok
02:49:34.0421 3868 WDICA - ok
02:49:34.0531 3868 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
02:49:34.0656 3868 wdmaud - ok
02:49:34.0828 3868 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:49:34.0953 3868 WmiAcpi - ok
02:49:35.0093 3868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:49:35.0218 3868 WS2IFSL - ok
02:49:35.0250 3868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:49:35.0453 3868 \Device\Harddisk0\DR0 - ok
02:49:35.0468 3868 Boot (0x1200) (c4760a833519eab4f27846482c206530) \Device\Harddisk0\DR0\Partition0
02:49:35.0468 3868 \Device\Harddisk0\DR0\Partition0 - ok
02:49:35.0468 3868 ============================================================
02:49:35.0468 3868 Scan finished
02:49:35.0468 3868 ============================================================
02:49:35.0593 3856 Detected object count: 0
02:49:35.0593 3856 Actual detected object count: 0
02:49:37.0796 3628 Deinitialize success

#14
rhomel

Posted 29 October 2011 - 12:41 PM

Member

Topic Starter
Member
90 posts

AVP - not working site

#15
Essexboy

Posted 29 October 2011 - 12:47 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I now know what you have Sality

Download

to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg