Jump to content

Dom

Honorary Members
 View Profile  See their activity

  • Posts

    48

  • Joined

  • Last visited

 Content Type 

Everything posted by Dom

  1. Dom
    That came up clean.
  2. Dom
    It rebooted after combofix and seems to be running ok. It's not connected to the internet yet but we're just running a quick MBAM scan.
  3. Dom
    Good news the icons have reappeared. ComboFix 10-10-02.02 - Will 03/10/2010 15:55:24.1.8 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2587 [GMT 1:00] Running from: d:\combofix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of i:\windows\system32\winlogon.exe was found and disinfected Restored copy from - i:\windows\ServicePackFiles\i386\winlogon.exe Infected copy of i:\windows\explorer.exe was found and disinfected Restored copy from - i:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-09-03 to 2010-10-03 ))))))))))))))))))))))))))))))) . 2010-10-03 11:19 . 2010-06-10 21:34 1305306 ----a-w- i:\temp\EasyBCD 2.0 Beta - Build 100.exe 2010-10-03 10:49 . 2010-10-03 10:49 162896 ----a-w- i:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-10-03 10:41 . 2010-10-03 10:41 -------- d-----w- i:\documents and settings\Will\Application Data\Malwarebytes 2010-10-03 10:02 . 2010-09-07 14:52 165584 ----a-w- i:\windows\system32\drivers\aswSP.sys 2010-10-03 10:02 . 2010-09-07 14:47 17744 ----a-w- i:\windows\system32\drivers\aswFsBlk.sys 2010-10-03 10:02 . 2010-09-07 14:47 23376 ----a-w- i:\windows\system32\drivers\aswRdr.sys 2010-10-03 10:02 . 2010-09-07 14:52 46672 ----a-w- i:\windows\system32\drivers\aswTdi.sys 2010-10-03 10:02 . 2010-09-07 14:47 100176 ----a-w- i:\windows\system32\drivers\aswmon2.sys 2010-10-03 10:02 . 2010-09-07 14:47 94544 ----a-w- i:\windows\system32\drivers\aswmon.sys 2010-10-03 10:02 . 2010-09-07 14:46 28880 ----a-w- i:\windows\system32\drivers\aavmker4.sys 2010-10-03 10:02 . 2010-09-07 15:12 38848 ----a-w- i:\windows\avastSS.scr 2010-10-03 10:02 . 2010-09-07 15:11 167592 ----a-w- i:\windows\system32\aswBoot.exe 2010-10-03 10:02 . 2010-10-03 10:02 -------- d-----w- i:\documents and settings\All Users\Application Data\Alwil Software 2010-10-03 09:57 . 2010-10-03 09:57 503808 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6460f87c-n\msvcp71.dll 2010-10-03 09:57 . 2010-10-03 09:57 499712 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6460f87c-n\jmc.dll 2010-10-03 09:57 . 2010-10-03 09:57 348160 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6460f87c-n\msvcr71.dll 2010-10-03 09:57 . 2010-10-03 09:57 61440 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d66adb7-n\decora-sse.dll 2010-10-03 09:57 . 2010-10-03 09:57 12800 ----a-w- i:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3d66adb7-n\decora-d3d.dll 2010-10-01 23:46 . 2010-10-01 23:46 -------- d-----w- i:\documents and settings\Dom\Application Data\1F8710F0DC232493BB0CB8F4CCE551A4 2010-09-29 16:25 . 2010-09-29 16:25 664 ----a-w- i:\windows\system32\d3d9caps.dat 2010-09-21 21:45 . 2010-09-21 21:45 47876 ----a-w- i:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-09-15 17:38 . 2010-10-03 10:51 -------- d-----w- i:\windows\Sun 2010-09-10 13:39 . 2010-09-10 13:40 3310 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe 2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe 2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe 2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe 2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe 2010-09-10 13:39 . 2010-09-10 13:40 1078 ----a-r- i:\documents and settings\Dom\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe 2010-09-10 13:39 . 2010-09-10 13:39 -------- d-----w- i:\program files\Power Tab Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-03 10:51 . 2010-04-03 09:29 -------- d-----w- i:\program files\Common Files\doubleTwist 2010-10-03 10:35 . 2010-01-04 13:33 -------- d-----w- i:\program files\doubleTwist 2.0 2010-10-03 10:02 . 2009-12-28 13:15 -------- d-----w- i:\program files\Alwil Software 2010-10-03 09:54 . 2010-04-05 00:38 0 ----a-w- i:\documents and settings\Dom\Local Settings\Application Data\prvlcl.dat 2010-10-03 09:51 . 2009-12-29 09:31 71152 ----a-w- i:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-10-02 23:02 . 2010-07-21 21:04 -------- d-----w- i:\documents and settings\Dom\Application Data\Skype 2010-10-02 21:29 . 2010-08-12 09:53 -------- d-----w- i:\documents and settings\Dom\Application Data\LimeWire 2010-10-02 21:29 . 2009-12-30 19:03 -------- d-----w- i:\program files\Steam 2010-10-02 19:21 . 2010-07-21 21:06 -------- d-----w- i:\documents and settings\Dom\Application Data\skypePM 2010-10-02 14:01 . 2010-01-04 12:36 -------- d-----w- i:\documents and settings\Dom\Application Data\Upxina 2010-10-01 23:50 . 2010-07-02 22:22 -------- d-----w- i:\documents and settings\Dom\Application Data\Avaf 2010-10-01 22:13 . 2009-12-30 17:41 -------- d-----w- i:\documents and settings\Dom\Application Data\Spotify 2010-10-01 12:55 . 2010-01-05 22:27 -------- d-----w- i:\documents and settings\Dom\Application Data\vlc 2010-09-30 23:31 . 2010-07-22 19:39 -------- d-----w- i:\documents and settings\Dom\Application Data\dvdcss 2010-09-29 23:15 . 2010-07-28 22:17 -------- d-----w- i:\program files\StarCraft II 2010-09-12 19:33 . 2010-01-05 12:09 71152 ----a-w- i:\documents and settings\Dom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-29 16:42 . 2010-08-29 16:42 -------- d-----w- i:\program files\Free WMA to MP3 Converter 2010-08-19 16:19 . 2010-08-19 16:19 -------- d-----w- i:\documents and settings\Dom\Application Data\Malwarebytes 2010-08-19 16:19 . 2010-08-19 16:19 -------- d-----w- i:\program files\Malwarebytes' Anti-Malware 2010-08-19 16:19 . 2010-08-19 16:19 -------- d-----w- i:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-17 13:17 . 2008-04-14 05:42 58880 ----a-w- i:\windows\system32\spoolsv.exe 2010-08-14 00:08 . 2010-08-14 00:08 503808 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-210d5e36-n\msvcp71.dll 2010-08-14 00:08 . 2010-08-14 00:08 499712 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-210d5e36-n\jmc.dll 2010-08-14 00:08 . 2010-08-14 00:08 348160 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-210d5e36-n\msvcr71.dll 2010-08-14 00:08 . 2010-08-14 00:08 61440 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e318e18-n\decora-sse.dll 2010-08-14 00:08 . 2010-08-14 00:08 12800 ----a-w- i:\documents and settings\Dom\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e318e18-n\decora-d3d.dll 2010-08-12 09:52 . 2010-08-12 09:52 -------- d-----w- i:\program files\Common Files\Java 2010-08-12 09:51 . 2010-08-12 09:52 411368 ----a-w- i:\windows\system32\deploytk.dll 2010-08-12 09:51 . 2010-08-12 09:51 -------- d-----w- i:\program files\Java 2010-08-10 00:34 . 2010-08-10 00:31 -------- d-----w- i:\program files\Lame for Audacity 2010-08-06 16:04 . 2010-07-28 22:17 -------- d-----w- i:\program files\Common Files\Blizzard Entertainment 2010-08-04 21:41 . 2010-08-04 21:41 6656 ----a-w- i:\windows\system32\drivers\iPodDrv.sys 2010-07-26 23:55 . 2010-07-26 23:55 57344 ----a-w- i:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-07-26 23:51 . 2010-07-26 23:51 144696 ----a-w- i:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe 2010-07-26 23:51 . 2010-07-26 23:52 895256 ----a-w- i:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-07-22 15:49 . 2008-04-14 05:42 590848 ----a-w- i:\windows\system32\rpcrt4.dll 2010-07-22 05:57 . 2009-12-29 12:31 5120 ----a-w- i:\windows\system32\xpsp4res.dll 2010-07-21 21:06 . 2010-07-21 21:06 56 ---ha-w- i:\windows\system32\ezsidmv.dat 2010-07-08 20:57 . 2010-07-08 20:57 655360 ----a-w- i:\documents and settings\Dom\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-07-08 20:57 . 2010-07-08 20:57 282624 ----a-w- i:\documents and settings\Dom\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-07-08 20:57 . 2010-07-08 20:57 208896 ----a-w- i:\documents and settings\Dom\Application Data\Spotify\Gracenote\gnsdk_dsp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "doubleTwist"="i:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe" [2010-09-18 24576] "OfficeSyncProcess"="i:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2009-11-03 649072] "ctfmon.exe"="i:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="i:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864] "QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "BCSSync"="i:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744] "Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "DivXUpdate"="i:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104] "SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "avast5"="i:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="i:\windows\system32\CTFMON.EXE" [2008-04-14 15360] i:\documents and settings\Dom\Start Menu\Programs\Startup\ Impulse Now.lnk - i:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-12-9 468272] LimeWire On Startup.lnk - i:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] i:\documents and settings\Will\Start Menu\Programs\Startup\ Microsoft SharePoint Workspace.lnk - i:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640] i:\documents and settings\All Users\Start Menu\Programs\Startup\ OfficeSAS.lnk - i:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "i:\\Program Files\\StarCraft II\\StarCraft II.exe"= "i:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "i:\\Program Files\\Skype\\Phone\\Skype.exe"= "i:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= R1 aswSP;aswSP;i:\windows\system32\drivers\aswSP.sys [03/10/2010 11:02 165584] R2 aswFsBlk;aswFsBlk;i:\windows\system32\drivers\aswFsBlk.sys [03/10/2010 11:02 17744] R2 iPodDrv;iPodDrv;i:\windows\system32\drivers\iPodDrv.sys [04/08/2010 22:41 6656] R3 osppsvc;Office Software Protection Platform;i:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 05:28 4639136] S0 tyteplj;tyteplj; [x] S3 Ambfilt;Ambfilt;i:\windows\system32\drivers\Ambfilt.sys [28/12/2009 13:57 1684736] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;i:\program files\Microsoft Office\Office14\GROOVE.EXE [29/10/2009 11:22 30603640] . Contents of the 'Scheduled Tasks' folder 2010-10-02 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1214440339-839522115-1003Core.job - i:\documents and settings\Dom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 21:13] 2010-10-03 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1214440339-839522115-1003UA.job - i:\documents and settings\Dom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-01 21:13] 2010-10-03 i:\windows\Tasks\User_Feed_Synchronization-{D601A4EC-A0C0-4ADB-A6F6-BB4E9DEFFF47}.job - i:\windows\system32\msfeedssync.exe [2009-03-08 04:31] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - i:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - i:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - i:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\p50ms8i9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p= FF - plugin: i:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: i:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: i:\program files\Common Files\doubleTwist\NPPodcast.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); i:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-nwiz - nwiz.exe AddRemove-Half Scale DC_is1 - c:\program files\THQ\Dawn of War - Dark Crusade\Half_Scale\uninstall\unins000.exe AddRemove-NVIDIA Display Control Panel - i:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-03 16:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3820) i:\windows\system32\WININET.dll i:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll i:\windows\system32\ieframe.dll i:\windows\system32\webcheck.dll i:\windows\system32\WPDShServiceObj.dll i:\windows\system32\PortableDeviceTypes.dll i:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . i:\windows\system32\nvsvc32.exe i:\program files\Alwil Software\Avast5\AvastSvc.exe i:\program files\Java\jre6\bin\jqs.exe i:\program files\CDBurnerXP\NMSAccessU.exe i:\windows\system32\RUNDLL32.EXE i:\windows\RTHDCPL.EXE i:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe . ************************************************************************** . Completion time: 2010-10-03 16:02:44 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-03 15:02 Pre-Run: 125,812,846,592 bytes free Post-Run: 128,154,673,152 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 811B7C84AB37BF72ED2CFA74F79E5364
  4. Dom
    A quick delay as we've managed to boot combofix off the usb stick and are trying to run it now.
  5. Dom
    When I run the command it says "it refers to a location that is unavailable. It may be on a hard drive of the computer or a network check everything is properly connected etc". Because the home hard drive for the XP partition is I:, I tried that as well but it says this time "Windows cannot access the specified path device or file. You may not have appropriate permissions"
  6. Dom
    No sorry apparently a misexplanation on my part., I havent tried Linux, because I have a lack of experience with it. Windows 7 works fine, and on XP when you log on desktop doesn't load it's just a blank background I cant access explorer or my USB drive or anything. It comes up with errors when you try to run explorer from task manager.
  7. Dom
    I tried but it wont run at all. I cant seem to force it to run. Is there some way to run it off a USB in XP as I can get the Task Manager up which has run?
  8. Dom
    Yep OS is 64bit apparently and even with different settings it wont run. It presumeably would in XP but I cant get into XP to do that.... Dang. What next?
  9. Dom
    Ok so I ran into numerous issues. Firstly I can't find a java icon in the control panel for windows 7 or any reference to it. Proceeded with ATF cleaner which worked fine. Combofix however says it's only compatible with XP and 2000 and wont run. Vista then says do you want to try again with settings that would be more compatible. Is that a good idea? Vista still seems to be working fine.
  10. Dom
    Ran this on Windows 7 as cant get into XP 010/10/03 14:48:04.0454 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54 2010/10/03 14:48:04.0454 ================================================================================ 2010/10/03 14:48:04.0454 SystemInfo: 2010/10/03 14:48:04.0454 2010/10/03 14:48:04.0454 OS Version: 6.1.7600 ServicePack: 0.0 2010/10/03 14:48:04.0454 Product type: Workstation 2010/10/03 14:48:04.0454 ComputerName: MONSTER-PC 2010/10/03 14:48:04.0455 UserName: will 2010/10/03 14:48:04.0455 Windows directory: C:\Windows 2010/10/03 14:48:04.0455 System windows directory: C:\Windows 2010/10/03 14:48:04.0455 Running under WOW64 2010/10/03 14:48:04.0455 Processor architecture: Intel x64 2010/10/03 14:48:04.0455 Number of processors: 8 2010/10/03 14:48:04.0455 Page size: 0x1000 2010/10/03 14:48:04.0455 Boot type: Normal boot 2010/10/03 14:48:04.0455 ================================================================================ 2010/10/03 14:48:04.0455 Utility is running under WOW64 2010/10/03 14:48:04.0831 Initialize success 2010/10/03 14:48:07.0332 ================================================================================ 2010/10/03 14:48:07.0332 Scan started 2010/10/03 14:48:07.0332 Mode: Manual; 2010/10/03 14:48:07.0332 ================================================================================ 2010/10/03 14:48:08.0689 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/10/03 14:48:08.0715 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2010/10/03 14:48:08.0737 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/10/03 14:48:08.0788 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys 2010/10/03 14:48:08.0837 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/10/03 14:48:08.0853 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2010/10/03 14:48:08.0866 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2010/10/03 14:48:08.0904 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2010/10/03 14:48:08.0927 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2010/10/03 14:48:08.0956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2010/10/03 14:48:08.0974 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2010/10/03 14:48:08.0984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2010/10/03 14:48:08.0995 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2010/10/03 14:48:09.0007 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2010/10/03 14:48:09.0026 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/10/03 14:48:09.0052 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2010/10/03 14:48:09.0062 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2010/10/03 14:48:09.0101 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2010/10/03 14:48:09.0122 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2010/10/03 14:48:09.0166 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys 2010/10/03 14:48:09.0192 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys 2010/10/03 14:48:09.0215 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys 2010/10/03 14:48:09.0248 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys 2010/10/03 14:48:09.0261 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys 2010/10/03 14:48:09.0277 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/10/03 14:48:09.0292 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2010/10/03 14:48:09.0332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2010/10/03 14:48:09.0359 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2010/10/03 14:48:09.0389 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2010/10/03 14:48:09.0420 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/10/03 14:48:09.0444 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2010/10/03 14:48:09.0454 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/10/03 14:48:09.0465 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/10/03 14:48:09.0482 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2010/10/03 14:48:09.0493 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/10/03 14:48:09.0510 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/10/03 14:48:09.0546 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/10/03 14:48:09.0583 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/10/03 14:48:09.0607 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/10/03 14:48:09.0677 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2010/10/03 14:48:09.0698 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2010/10/03 14:48:09.0730 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2010/10/03 14:48:09.0761 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/10/03 14:48:09.0792 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2010/10/03 14:48:09.0808 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2010/10/03 14:48:09.0823 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2010/10/03 14:48:09.0854 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/10/03 14:48:09.0880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/10/03 14:48:09.0915 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2010/10/03 14:48:09.0940 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2010/10/03 14:48:09.0960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2010/10/03 14:48:09.0990 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2010/10/03 14:48:10.0030 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2010/10/03 14:48:10.0080 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2010/10/03 14:48:10.0160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2010/10/03 14:48:10.0220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2010/10/03 14:48:10.0260 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2010/10/03 14:48:10.0280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2010/10/03 14:48:10.0300 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2010/10/03 14:48:10.0320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2010/10/03 14:48:10.0340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2010/10/03 14:48:10.0355 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2010/10/03 14:48:10.0380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/10/03 14:48:10.0400 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2010/10/03 14:48:10.0430 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2010/10/03 14:48:10.0445 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2010/10/03 14:48:10.0475 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2010/10/03 14:48:10.0500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/10/03 14:48:10.0540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/10/03 14:48:10.0590 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2010/10/03 14:48:10.0630 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2010/10/03 14:48:10.0660 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/10/03 14:48:10.0670 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/10/03 14:48:10.0680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2010/10/03 14:48:10.0690 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2010/10/03 14:48:10.0715 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2010/10/03 14:48:10.0755 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/10/03 14:48:10.0795 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2010/10/03 14:48:10.0820 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2010/10/03 14:48:10.0835 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/10/03 14:48:10.0865 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/10/03 14:48:10.0880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2010/10/03 14:48:10.0945 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 2010/10/03 14:48:10.0985 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2010/10/03 14:48:11.0010 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2010/10/03 14:48:11.0030 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/10/03 14:48:11.0040 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/10/03 14:48:11.0055 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2010/10/03 14:48:11.0090 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2010/10/03 14:48:11.0105 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2010/10/03 14:48:11.0125 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/10/03 14:48:11.0145 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/10/03 14:48:11.0165 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/10/03 14:48:11.0185 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2010/10/03 14:48:11.0215 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2010/10/03 14:48:11.0230 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2010/10/03 14:48:11.0280 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys 2010/10/03 14:48:11.0305 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys 2010/10/03 14:48:11.0320 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2010/10/03 14:48:11.0340 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2010/10/03 14:48:11.0365 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2010/10/03 14:48:11.0395 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/10/03 14:48:11.0405 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/10/03 14:48:11.0430 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/10/03 14:48:11.0440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/10/03 14:48:11.0475 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2010/10/03 14:48:11.0520 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys 2010/10/03 14:48:11.0540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2010/10/03 14:48:11.0550 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/10/03 14:48:11.0575 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2010/10/03 14:48:11.0595 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2010/10/03 14:48:11.0610 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2010/10/03 14:48:11.0630 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2010/10/03 14:48:11.0655 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2010/10/03 14:48:11.0665 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2010/10/03 14:48:11.0685 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2010/10/03 14:48:11.0705 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2010/10/03 14:48:11.0730 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/10/03 14:48:11.0750 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/10/03 14:48:11.0770 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/10/03 14:48:11.0780 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2010/10/03 14:48:11.0800 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2010/10/03 14:48:11.0835 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2010/10/03 14:48:11.0850 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2010/10/03 14:48:11.0865 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/10/03 14:48:11.0890 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2010/10/03 14:48:11.0906 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/10/03 14:48:11.0906 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2010/10/03 14:48:11.0937 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2010/10/03 14:48:11.0952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/10/03 14:48:11.0968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2010/10/03 14:48:11.0999 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/10/03 14:48:12.0062 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys 2010/10/03 14:48:12.0093 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2010/10/03 14:48:12.0140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2010/10/03 14:48:12.0171 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2010/10/03 14:48:12.0202 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/10/03 14:48:12.0249 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/10/03 14:48:12.0280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/10/03 14:48:12.0296 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/10/03 14:48:12.0296 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2010/10/03 14:48:12.0327 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2010/10/03 14:48:12.0342 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2010/10/03 14:48:12.0374 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/10/03 14:48:12.0405 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2010/10/03 14:48:12.0420 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2010/10/03 14:48:12.0467 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2010/10/03 14:48:12.0498 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2010/10/03 14:48:12.0698 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/10/03 14:48:12.0758 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/10/03 14:48:12.0768 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2010/10/03 14:48:12.0788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/10/03 14:48:12.0798 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/10/03 14:48:12.0842 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2010/10/03 14:48:12.0862 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2010/10/03 14:48:12.0883 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2010/10/03 14:48:12.0905 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2010/10/03 14:48:12.0928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/10/03 14:48:12.0950 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2010/10/03 14:48:12.0976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2010/10/03 14:48:13.0046 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2010/10/03 14:48:13.0056 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2010/10/03 14:48:13.0093 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2010/10/03 14:48:13.0128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2010/10/03 14:48:13.0151 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/10/03 14:48:13.0173 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2010/10/03 14:48:13.0262 RapportKE64 (561d88a674190d862c3e91ae82d4fc7b) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys 2010/10/03 14:48:13.0330 RapportPG64 (57a8cb1c099fc28c00216804dad03fe5) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys 2010/10/03 14:48:13.0350 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2010/10/03 14:48:13.0373 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/10/03 14:48:13.0388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/10/03 14:48:13.0408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/10/03 14:48:13.0418 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2010/10/03 14:48:13.0442 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2010/10/03 14:48:13.0461 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/10/03 14:48:13.0471 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/10/03 14:48:13.0507 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2010/10/03 14:48:13.0531 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2010/10/03 14:48:13.0552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2010/10/03 14:48:13.0572 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2010/10/03 14:48:13.0598 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2010/10/03 14:48:13.0633 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2010/10/03 14:48:13.0663 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys 2010/10/03 14:48:13.0692 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/10/03 14:48:13.0716 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/10/03 14:48:13.0729 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2010/10/03 14:48:13.0758 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2010/10/03 14:48:13.0787 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2010/10/03 14:48:13.0797 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2010/10/03 14:48:13.0807 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2010/10/03 14:48:13.0830 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/10/03 14:48:13.0841 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/10/03 14:48:13.0852 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/10/03 14:48:13.0863 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/10/03 14:48:13.0897 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/10/03 14:48:13.0907 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/10/03 14:48:13.0924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2010/10/03 14:48:13.0969 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2010/10/03 14:48:14.0016 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys 2010/10/03 14:48:14.0040 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys 2010/10/03 14:48:14.0067 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys 2010/10/03 14:48:14.0121 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys 2010/10/03 14:48:14.0145 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2010/10/03 14:48:14.0166 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/10/03 14:48:14.0191 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2010/10/03 14:48:14.0210 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2010/10/03 14:48:14.0282 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2010/10/03 14:48:14.0322 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2010/10/03 14:48:14.0348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2010/10/03 14:48:14.0370 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2010/10/03 14:48:14.0380 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2010/10/03 14:48:14.0401 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2010/10/03 14:48:14.0427 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2010/10/03 14:48:14.0456 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/10/03 14:48:14.0472 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2010/10/03 14:48:14.0483 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2010/10/03 14:48:14.0508 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2010/10/03 14:48:14.0544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/10/03 14:48:14.0562 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2010/10/03 14:48:14.0572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2010/10/03 14:48:14.0619 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 2010/10/03 14:48:14.0659 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2010/10/03 14:48:14.0680 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/10/03 14:48:14.0691 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2010/10/03 14:48:14.0711 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2010/10/03 14:48:14.0731 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2010/10/03 14:48:14.0765 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2010/10/03 14:48:14.0785 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2010/10/03 14:48:14.0814 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2010/10/03 14:48:14.0840 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/10/03 14:48:14.0854 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/10/03 14:48:14.0889 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2010/10/03 14:48:14.0944 VBoxDrv (1287ce7b6cc8fd5a9c505b2c84a400cb) C:\Windows\system32\DRIVERS\VBoxDrv.sys 2010/10/03 14:48:14.0972 VBoxNetAdp (55c13725fc3b0cac69b5744ca0d1e122) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 2010/10/03 14:48:15.0000 VBoxNetFlt (b3da4bc8f82ae0fba2374b6529af813b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 2010/10/03 14:48:15.0042 VBoxUSB (540064ae131ca9b01b96a56370b4d2cc) C:\Windows\system32\Drivers\VBoxUSB.sys 2010/10/03 14:48:15.0094 VBoxUSBMon (cb45d97364ae93308853159b7cdc7d23) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 2010/10/03 14:48:15.0111 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/10/03 14:48:15.0133 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/10/03 14:48:15.0151 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2010/10/03 14:48:15.0163 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/10/03 14:48:15.0179 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2010/10/03 14:48:15.0210 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2010/10/03 14:48:15.0221 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/10/03 14:48:15.0233 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/10/03 14:48:15.0255 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2010/10/03 14:48:15.0282 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2010/10/03 14:48:15.0321 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys 2010/10/03 14:48:15.0348 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys 2010/10/03 14:48:15.0387 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys 2010/10/03 14:48:15.0425 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys 2010/10/03 14:48:15.0451 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/10/03 14:48:15.0472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2010/10/03 14:48:15.0534 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys 2010/10/03 14:48:15.0582 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2010/10/03 14:48:15.0615 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/10/03 14:48:15.0630 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/10/03 14:48:15.0693 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2010/10/03 14:48:15.0722 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2010/10/03 14:48:15.0771 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/10/03 14:48:15.0792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2010/10/03 14:48:15.0844 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2010/10/03 14:48:15.0868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/10/03 14:48:15.0891 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2010/10/03 14:48:15.0920 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2010/10/03 14:48:15.0947 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/10/03 14:48:16.0018 ================================================================================ 2010/10/03 14:48:16.0018 Scan finished 2010/10/03 14:48:16.0018 ================================================================================
  11. Dom
    Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4733 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/2/2010 15:01:19 mbam-log-2010-10-02 (15-01-19).txt Scan type: Full scan (C:\|E:\|I:\|) Objects scanned: 685566 Time elapsed: 1 hour(s), 53 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{a79a12d4-3b9d-07af-e824-19501a3e08b9} (Spyware.Zbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smh2b46tdp (Trojan.FraudPack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecowsmrnxa.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: I:\Documents and Settings\Dom\Application Data\Upxina\niyve.exe (Spyware.Zbot) -> Quarantined and deleted successfully. I:\WINDOWS\Vmutia.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. I:\Documents and Settings\Dom\Local Settings\Temp\ecowsmrnxa.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully. I:\Documents and Settings\Dom\Local Settings\Temp\Vt2.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. I:\Documents and Settings\Dom\Local Settings\Temp\Vt3.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. I:\Documents and Settings\Dom\Local Settings\Temp\Vtz.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. I:\Documents and Settings\Dom\Local Settings\Temporary Internet Files\Content.IE5\YFY05J6I\lpkezhfmu[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully. I:\WINDOWS\system32\drivers\tyteplj.sys (Rootkit.Agent) -> Delete on reboot. I:\WINDOWS\system32\spool\prtprocs\w32x86\5yWS5.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. I:\WINDOWS\system32\spool\prtprocs\w32x86\CEIQ93c79.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. I:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. This the first scan Here are the next two which came up clean. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4733 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/2/2010 16:55:14 mbam-log-2010-10-02 (16-55-14).txt Scan type: Full scan (C:\|E:\|I:\|) Objects scanned: 685165 Time elapsed: 1 hour(s), 49 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4733 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/2/2010 22:23:50 mbam-log-2010-10-02 (22-23-50).txt Scan type: Full scan (C:\|E:\|I:\|) Objects scanned: 685495 Time elapsed: 1 hour(s), 56 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. Dom
    not sure what my lads done to the machine - its triple boot win 7 and wind xp, linux - of which the xp partition is his gaming area. the windows 7 area is reporting clean i believe, however i ran avast 5 on the win xp - and it came up with the bamital.ac warnings but was blocking the access i tried to repair it and it said it couldnt. so i got it put into into fault instead. I then got out of avast and ran up malware for a scan. it reported a tdcc root virus and couple of extra things. I told it to remove them, and rebooted. however on reboot - it logs in and there are no menu on the buttom and no icons - just the background. ctrl/alt/del shows the task manager but nothing else. bit of a pisser this - as it took many nights trying to get easybcd to setup the installs the way i wanted them. can you get the XP section back or do I have to do an XP repair or worse a reinstall?
  13. Dom
    Extra Information: My dad tried to put avast on the computer an reconnected it to the internet. He got one scan off and apparently found BAMITAL.AC but now it's got worse and the computer will no longer log on probably and none of the icons appear. However the Windows 7 partition seems to be working fine. I tried running gmer from windows 7 but it says C:\Windows\system32\config\system: cannot find the file specified (C: is the drive is the rest of the drive with 7 on.) ( The I: drive in the logs is the partitioned windows xp part of the hard drive.)
  14. Dom
    Ok so my problem is as follows. Computer got infected, I disconnected the internet and AVG says it's spotted fake trojan. I update MBAM and it finds 15 infected files which it removes (Log: 15-01-19). I reboot and run MBAM which comes up clean. I then reconnect internet having missed AVG which has the same warning. AVG suddenly brings up multiple infections which increase the longer you leave on pc. It says i:\WINDOWS\explorer.exe is infected by is Trojan horse Patched_c.JED. I disconnected internet and run MBAM twice which comes up clean again (other two logs). Followed stickied instructions but GMer locks up PC and I can't get it to work. DDs log is attached. It may also help to know the computer is running a patitioned drive with XP, 7 and Linux. I'm running all this on the XP. attach___dds.zip mbam_log_2010_10_02__22_23_50_.txt mbam_log_2010_10_02__16_55_14_.txt mbam_log_2010_10_02__15_01_19_.txt
  15. Dom
    Thanks very much, it's been a great reassurance having someone help me through everything. I've donated, and thanks again for top quality service to someone who's not to hot on this stuff!
  16. Dom
    Are the multiple avg processes (avgemc) (avgnsx) etc i have running despite not having turned on AVG, a problem? As it may be nothing but my firefox takes alot longer than normal to startup.
  17. Dom
    It whoops, it came up blank so i forgot to upload it. Here it is
  18. Dom
    Ok now i was temporarily possessed by an idiot and after running the scan, copied the viruses and then uninstalled without getting log so I had to do it again... I've posted the results of first scan and then the log of the second. Now the results of the second search:
  19. Dom
    Will removing them using control panel work ok? because if so don't worry about writing the script. And should I worry about the mass of extra svchost processes (i have 6) and ones beginning with avg? (Also will I have used up a windows code by revalidating it?)
  20. Dom
    Revalidated and here is the new log
  21. Dom
    Ah lesson learned hopefully not to late. Also any idea when it will be safe to connect to the internet on the pc in question?
  22. Dom
    First thanks very much for taking the time out to help. Ok so I've also run Combofix.exe after posting as it was suggested by friend, then I ran the second program sometime later, without rebooting the computer. When I did then reboot windows ran a scandisk which was done instantly. The windows countdown is still running and now I only have 2 days to reactivate windows. It would seem my computer is genuinely confused and still infected. Here is the log for TDSSKiller and I've attached the combofix log incase it is needed. combofix_log.zip
  23. Dom
    Hey guys I got infected while trying to watch a clip of a tv show online. Firstly my AVG popped up with a virus warning. When I told it to clean it up, the computer screen flashed blue and shut down. I booted into safemode and disabled the internet connection and ran both malware bites and spybot search and destroy one after the other. I then rebooted the computer into normal windows and got a message saying my hardware has changed significantly and I needed to revalidate windows. I ignored this and ran malware bites twice more. The first time it found nothing then the second time it found two more. Now it comes up with nothing, but I still have several suspicious processes and the windows error and I think i'm still infected. Here are is the DDS log. The other logs requested are attached and I've also attached in zip my malware bites logs and spybot search and destroy log. ark___attach.zip MBAM_logs_and_Spybot_log.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.