truCido
-
Posts
32 -
Joined
-
Last visited
-
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
Lovely I haven't been able to find my windows install disc so I guess this is a good excuse for an upgrade! Thanks for your help! -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
Exactly. I had loads of programs installed, started up my computer one day and went to use a bit of software and got shortcut not found when trying to launch from the start menu. Upon further investigation it looks like most folders and programs have been removed. But all the uninstall entries are there in Add/Remove Programs but fail to uninstall (because they seem to have physically gone?) and all the entries are still in the Start Menu. Windows updates seem to have been removed. It's almost as if a System Restore to a really old state had been applied, apart from I didn't! My Start Menu: http://i246.photobucket.com/albums/gg106/truCido1/start_menu_zpse66c052f.jpg My Program Files: http://i246.photobucket.com/albums/gg106/truCido1/program_files_zps827e07bf.jpg -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
Sorry I didn't say the Programs folder had disappeared. I said most things in Program Files had disappeared. I've tried enabling all that but nothing else has appeared. -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
Actually I take that back. A few folders have appeared, but there all empty -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
I've just restarted and no nothing has come back -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
Ah thats for some testing that I do. It's not an issue,I just forget to remove it after my last test cycle -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
And ComboFix log attached! log.txt -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
Thanks for the reply Advanced. I've ran JavaRa and attached JavaRa. I'll do ComboFix now. JavaRa.log -
Most files from Program Files disppeared
truCido replied to truCido's topic in Resolved Malware Removal Logs
If you look at the installed programs in the attached log. They aren't in Program Files anymore. I've ran malwarebytes (after re-installing) and it didn't find anything FRST.txt Addition.txt -
I'm not sure when this happened however I went to launch a program the other day and I got the: "The item x.exe that this shortcut refers to has been changed or moved, so this shortcut will no longer work properly. Do you want to delete this shortcut?" This has happened for nearly all programs apart from things like chrome for some reason. I've had a look in Program Files directory and sure enough most things have disappeared. I'm running on Windows XP SP3. Can anyone help please?
-
Computer keeps locking up - combofix logs enclosed!
truCido replied to truCido's topic in Resolved Malware Removal Logs
And finally the PCpitstop: http://www.pcpitstop.com/betapit/sec.asp?conid=24561962 -
Computer keeps locking up - combofix logs enclosed!
truCido replied to truCido's topic in Resolved Malware Removal Logs
ComboFix 11-09-24.01 - Administrator 24/09/2011 13:19:52.15.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1427 [GMT 1:00] Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db c:\windows\system32\d3d9caps.dat . . ((((((((((((((((((((((((( Files Created from 2011-08-24 to 2011-09-24 ))))))))))))))))))))))))))))))) . . 2011-09-18 21:56 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-09-18 21:56 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2011-09-09 09:12 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll 2011-09-03 21:50 . 2011-09-03 21:51 -------- d-----w- C:\DTASwin 2011-09-03 21:50 . 2011-09-03 21:50 249856 ------w- c:\windows\Setup1.exe 2011-09-03 21:50 . 2011-09-03 21:50 73216 ----a-w- c:\windows\ST6UNST.EXE . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45 . 2010-07-02 17:58 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:45 . 2007-10-21 19:24 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-09-06 20:38 . 2011-05-22 21:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-09-06 20:37 . 2008-03-30 11:22 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-09-06 20:36 . 2007-10-21 19:24 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-09-06 20:36 . 2007-10-21 19:24 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-09-06 20:36 . 2007-10-21 19:24 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-09-06 20:36 . 2007-10-21 19:24 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-09-06 20:36 . 2008-03-30 11:22 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-09-06 20:33 . 2007-10-21 19:24 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-08-31 16:00 . 2009-12-10 00:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-11 20:49 . 2011-06-09 18:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2006-05-06 16:42 . 2006-11-09 21:55 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll 2008-12-29 21:26 . 2007-12-23 19:52 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-15_22.51.32 ))))))))))))))))))))))))))))))))))))))))) . + 2011-09-24 12:09 . 2011-09-24 12:09 16384 c:\windows\temp\Perflib_Perfdata_648.dat + 2009-11-29 01:34 . 2011-09-17 01:22 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2009-11-29 01:34 . 2011-08-15 23:09 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2009-11-29 01:34 . 2011-08-15 23:09 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2009-11-29 01:34 . 2011-09-17 01:22 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2009-11-29 01:34 . 2011-08-15 23:09 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-11-29 01:34 . 2011-09-17 01:22 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2009-11-29 01:34 . 2011-09-17 01:22 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2009-11-29 01:34 . 2011-08-15 23:09 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2009-11-29 01:34 . 2011-08-15 23:09 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2009-11-29 01:34 . 2011-09-17 01:22 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2009-11-29 01:34 . 2011-08-15 23:09 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2009-11-29 01:34 . 2011-09-17 01:22 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2009-11-29 01:34 . 2011-08-15 23:09 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-11-29 01:34 . 2011-09-17 01:22 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2009-11-29 01:34 . 2011-09-17 01:22 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2009-11-29 01:34 . 2011-08-15 23:09 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2009-11-29 01:34 . 2011-08-15 23:09 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2009-11-29 01:34 . 2011-09-17 01:22 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2009-11-29 01:34 . 2011-09-17 01:22 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2009-11-29 01:34 . 2011-08-15 23:09 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2011-01-14 06:10 . 2011-01-14 06:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL + 2011-01-14 06:10 . 2011-01-14 06:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL + 2009-11-16 12:54 . 2009-11-16 12:54 459480 c:\windows\Downloaded Program Files\PCPitstop.dll + 2011-08-10 16:43 . 2011-08-10 16:43 3795968 c:\windows\Installer\1800ab0.msp + 2011-09-06 20:46 . 2011-09-06 20:46 9006080 c:\windows\Installer\1800a99.msp + 2011-06-21 10:59 . 2011-06-21 10:59 1764352 c:\windows\Installer\1800a82.msp + 2011-08-24 05:37 . 2011-08-24 05:37 4985856 c:\windows\Installer\1800a6a.msp + 2011-08-10 16:42 . 2011-08-10 16:42 7070208 c:\windows\Installer\1800a53.msp + 2011-07-21 11:34 . 2011-07-21 11:34 3456000 c:\windows\Installer\1800a3d.msp + 2011-09-06 20:48 . 2011-09-06 20:48 8181248 c:\windows\Installer\1800a31.msp + 2011-07-27 06:39 . 2011-07-27 06:39 9892352 c:\windows\Installer\18009fc.msp + 2009-11-29 01:34 . 2011-09-17 01:22 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2009-11-29 01:34 . 2011-08-15 23:09 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2009-11-29 01:34 . 2011-09-17 01:22 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2009-11-29 01:34 . 2011-08-15 23:09 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2011-01-14 06:10 . 2011-01-14 06:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL + 2011-01-14 06:10 . 2011-01-14 06:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL + 2011-01-14 06:10 . 2011-01-14 06:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL + 2009-04-03 18:21 . 2009-04-03 18:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\OARTCONV.DLL + 2009-11-16 12:53 . 2009-11-16 12:53 3081400 c:\windows\Downloaded Program Files\PCPitstop3D.dll + 2006-11-03 22:53 . 2011-09-17 01:18 46249416 c:\windows\system32\MRT.exe + 2011-07-27 06:37 . 2011-07-27 06:37 11592192 c:\windows\Installer\1800a1a.msp + 2009-04-03 18:21 . 2009-04-03 18:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6425\OART.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] 2010-12-01 11:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200] . [HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-01 30192] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ShutDown After.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\ShutDown After.lnk backup=c:\windows\pss\ShutDown After.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozy Status.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Mozy Status.lnk backup=c:\windows\pss\Mozy Status.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Rainmeter.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Rainmeter.lnk backup=c:\windows\pss\Rainmeter.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-01-28 17:48 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-01-17 16:51 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService] 2010-05-11 03:53 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DymoQuickPrint] 2010-05-11 04:06 1885512 ----a-w- c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro] 2007-07-26 14:05 20480 ----a-w- c:\program files\GIGABYTE\ET5Pro\ETcall.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward] 2008-01-29 03:20 2177576 ----a-w- c:\windows\TBPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure] 2006-06-02 08:46 385024 ------r- c:\windows\system32\JMRaidTool.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-09-01 21:47 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-23 22:44 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 13:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] 2005-06-08 14:44 196608 ----a-w- c:\program files\Logitech\Video\ManifestEngine.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2005-06-08 15:24 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2005-06-08 15:14 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2005-07-19 17:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2011-04-07 21:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] 2007-09-04 19:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2011-04-07 21:15 111208 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2011-02-24 01:57 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-07-06 14:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2008-02-13 13:31 16857600 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel] 2007-11-20 17:15 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-21 10:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2011-03-09 12:30 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\trucido@blueyonder.co.uk\\counter-strike\\hl.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Web Performance Load Tester 4.2\\webperformance.exe"= "c:\\Dieseltest\\Dieseltest.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) . R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [18/09/2011 22:56 14776] R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [03/06/2009 17:17 131584] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [22/05/2011 22:35 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/03/2008 12:22 320856] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [15/01/2009 00:53 142992] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [15/01/2009 00:53 41936] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:11];c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl [28/01/2010 18:48 87536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/03/2008 12:22 20568] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/12/2009 01:04 366152] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 19:19 50704] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/05/2011 21:51 2218600] R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 21:09 11032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/12/2009 01:04 22216] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [29/08/2009 00:55 100496] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [25/06/2010 16:01 111312] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [29/11/2010 21:08 30312] S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [30/05/2010 00:18 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [30/05/2010 00:18 8456] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [18/10/2010 21:32 36640] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/02/2009 20:40 13224] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [23/12/2007 20:52 30192] S3 MarkFun_NT;MarkFun_NT;c:\program files\GIGABYTE\@BIOS\markfun.w32 [09/02/2008 01:20 17912] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [29/11/2010 21:08 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [29/11/2010 21:08 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [29/11/2010 21:08 121576] S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [01/01/2007 20:27 202496] S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [16/11/2009 22:01 13120] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/02/2008 20:24 716272] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 32196515 *Deregistered* - 32196515 *Deregistered* - uphcleanhlp . Contents of the 'Scheduled Tasks' folder . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 22:44] . 2011-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-23 22:44] . 2011-09-24 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-09-18 09:35] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hpqen42f.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q= FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe MSConfigStartUp-SmartDefrag - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe AddRemove-Smart Defrag_is1 - c:\program files\IObit\IObit SmartDefrag\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-09-24 13:33 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MarkFun_NT] "ImagePath"="\??\c:\program files\Gigabyte\@BIOS\markfun.w32" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,45,54,a6,ea,b7,b3,4c,b2,a4,fb,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,ec,fc,fe,a1,25,ca,45,b4,1a,30,\ . [HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:83,ec,59,d4,19,76,a2,ac,66,af,5a,a6,58,e7,95,39,32,a1,a5,1b,0b,9d,61, ee,de,67,55,3b,2a,89,24,94,da,4c,8c,a2,c7,3c,cc,22,98,57,15,fb,74,f6,de,ac,\ "??"=hex:fa,77,b5,08,5b,2f,36,ca,83,ac,2b,ef,4c,e7,f2,68 . [HKEY_USERS\S-1-5-21-583907252-2000478354-839522115-500\Software\SecuROM\License information*] "datasecu"=hex:e7,59,b4,ef,c4,82,db,c5,14,a3,4d,10,32,16,d2,7d,24,26,d9,f2,b5, a3,8c,8f,e5,5a,be,bb,0c,8b,13,ae,09,5d,75,8b,4b,31,78,89,46,9e,e7,59,3f,20,\ "rkeysecu"=hex:33,68,90,f0,b9,55,8b,f6,00,b2,17,a6,32,95,44,e0 . Completion time: 2011-09-24 13:37:55 ComboFix-quarantined-files.txt 2011-09-24 12:37 ComboFix2.txt 2011-09-15 22:54 . Pre-Run: 26,273,918,976 bytes free Post-Run: 26,334,425,088 bytes free . Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 2E6E187E6B0FA73E76BB11BA74122C52 -
Computer keeps locking up - combofix logs enclosed!
truCido replied to truCido's topic in Resolved Malware Removal Logs
13:15:32.0500 2864 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37 13:15:32.0578 2864 ============================================================ 13:15:32.0578 2864 Current date / time: 2011/09/24 13:15:32.0578 13:15:32.0578 2864 SystemInfo: 13:15:32.0578 2864 13:15:32.0578 2864 OS Version: 5.1.2600 ServicePack: 3.0 13:15:32.0578 2864 Product type: Workstation 13:15:32.0578 2864 ComputerName: DAVE 13:15:32.0578 2864 UserName: Administrator 13:15:32.0578 2864 Windows directory: C:\WINDOWS 13:15:32.0578 2864 System windows directory: C:\WINDOWS 13:15:32.0578 2864 Processor architecture: Intel x86 13:15:32.0578 2864 Number of processors: 2 13:15:32.0578 2864 Page size: 0x1000 13:15:32.0578 2864 Boot type: Normal boot 13:15:32.0578 2864 ============================================================ 13:15:34.0078 2864 Initialize success 13:15:51.0703 2928 ============================================================ 13:15:51.0703 2928 Scan started 13:15:51.0703 2928 Mode: Manual; 13:15:51.0703 2928 ============================================================ 13:15:52.0062 2928 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys 13:15:52.0078 2928 Aavmker4 - ok 13:15:52.0093 2928 Abiosdsk - ok 13:15:52.0093 2928 abp480n5 - ok 13:15:52.0140 2928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:15:52.0140 2928 ACPI - ok 13:15:52.0171 2928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:15:52.0171 2928 ACPIEC - ok 13:15:52.0187 2928 adpu160m - ok 13:15:52.0218 2928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 13:15:52.0218 2928 aec - ok 13:15:52.0265 2928 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 13:15:52.0265 2928 AFD - ok 13:15:52.0265 2928 Aha154x - ok 13:15:52.0281 2928 aic78u2 - ok 13:15:52.0281 2928 aic78xx - ok 13:15:52.0296 2928 AliIde - ok 13:15:52.0296 2928 amsint - ok 13:15:52.0343 2928 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys 13:15:52.0343 2928 androidusb - ok 13:15:52.0375 2928 archlp (20da1dc31893e1ad82a9c79011f5b344) C:\WINDOWS\system32\drivers\archlp.sys 13:15:52.0375 2928 archlp - ok 13:15:52.0406 2928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 13:15:52.0406 2928 Arp1394 - ok 13:15:52.0406 2928 asc - ok 13:15:52.0421 2928 asc3350p - ok 13:15:52.0421 2928 asc3550 - ok 13:15:52.0453 2928 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys 13:15:52.0453 2928 aswFsBlk - ok 13:15:52.0500 2928 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys 13:15:52.0500 2928 aswMon2 - ok 13:15:52.0515 2928 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys 13:15:52.0515 2928 aswRdr - ok 13:15:52.0578 2928 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys 13:15:52.0578 2928 aswSnx - ok 13:15:52.0593 2928 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys 13:15:52.0609 2928 aswSP - ok 13:15:52.0609 2928 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys 13:15:52.0609 2928 aswTdi - ok 13:15:52.0625 2928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:15:52.0625 2928 AsyncMac - ok 13:15:52.0656 2928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:15:52.0656 2928 atapi - ok 13:15:52.0656 2928 Atdisk - ok 13:15:52.0703 2928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:15:52.0703 2928 Atmarpc - ok 13:15:52.0750 2928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:15:52.0750 2928 audstub - ok 13:15:52.0781 2928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:15:52.0781 2928 Beep - ok 13:15:52.0812 2928 CamDrL (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys 13:15:52.0828 2928 CamDrL - ok 13:15:52.0843 2928 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS 13:15:52.0843 2928 Cardex - ok 13:15:52.0921 2928 catchme - ok 13:15:52.0953 2928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:15:52.0953 2928 cbidf2k - ok 13:15:52.0968 2928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 13:15:52.0968 2928 CCDECODE - ok 13:15:52.0984 2928 cd20xrnt - ok 13:15:53.0000 2928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:15:53.0000 2928 Cdaudio - ok 13:15:53.0031 2928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 13:15:53.0031 2928 Cdfs - ok 13:15:53.0046 2928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:15:53.0046 2928 Cdrom - ok 13:15:53.0062 2928 Changer - ok 13:15:53.0062 2928 CmdIde - ok 13:15:53.0078 2928 Cpqarray - ok 13:15:53.0078 2928 dac2w2k - ok 13:15:53.0093 2928 dac960nt - ok 13:15:53.0109 2928 dgderdrv - ok 13:15:53.0140 2928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 13:15:53.0140 2928 Disk - ok 13:15:53.0187 2928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 13:15:53.0234 2928 dmboot - ok 13:15:53.0234 2928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 13:15:53.0234 2928 dmio - ok 13:15:53.0250 2928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:15:53.0250 2928 dmload - ok 13:15:53.0281 2928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 13:15:53.0281 2928 DMusic - ok 13:15:53.0296 2928 dpti2o - ok 13:15:53.0296 2928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 13:15:53.0296 2928 drmkaud - ok 13:15:53.0312 2928 ENTECH - ok 13:15:53.0359 2928 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys 13:15:53.0453 2928 epmntdrv - ok 13:15:53.0468 2928 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys 13:15:53.0468 2928 EuGdiDrv - ok 13:15:53.0515 2928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 13:15:53.0515 2928 Fastfat - ok 13:15:53.0515 2928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 13:15:53.0531 2928 Fdc - ok 13:15:53.0531 2928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 13:15:53.0531 2928 Fips - ok 13:15:53.0562 2928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:15:53.0562 2928 Flpydisk - ok 13:15:53.0578 2928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 13:15:53.0578 2928 FltMgr - ok 13:15:53.0609 2928 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 13:15:53.0609 2928 fssfltr - ok 13:15:53.0640 2928 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS 13:15:53.0640 2928 FsUsbExDisk - ok 13:15:53.0687 2928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:15:53.0687 2928 Fs_Rec - ok 13:15:53.0718 2928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:15:53.0718 2928 Ftdisk - ok 13:15:53.0734 2928 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 13:15:53.0734 2928 GEARAspiWDM - ok 13:15:53.0781 2928 ggflt (e43455d5445848a309e62c9a5763b68e) C:\WINDOWS\system32\DRIVERS\ggflt.sys 13:15:53.0781 2928 ggflt - ok 13:15:53.0828 2928 ggsemc (04b0167f64b21ba39b5ca1ecddf383bc) C:\WINDOWS\system32\DRIVERS\ggsemc.sys 13:15:53.0828 2928 ggsemc - ok 13:15:53.0859 2928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:15:53.0859 2928 Gpc - ok 13:15:53.0937 2928 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys 13:15:53.0953 2928 Hardlock - ok 13:15:54.0000 2928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 13:15:54.0000 2928 HDAudBus - ok 13:15:54.0015 2928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:15:54.0015 2928 HidUsb - ok 13:15:54.0015 2928 hpn - ok 13:15:54.0062 2928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 13:15:54.0062 2928 HTTP - ok 13:15:54.0062 2928 i2omgmt - ok 13:15:54.0078 2928 i2omp - ok 13:15:54.0093 2928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:15:54.0093 2928 i8042prt - ok 13:15:54.0109 2928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:15:54.0109 2928 Imapi - ok 13:15:54.0109 2928 ini910u - ok 13:15:54.0250 2928 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys 13:15:54.0265 2928 IntcAzAudAddService - ok 13:15:54.0281 2928 IntelIde - ok 13:15:54.0296 2928 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 13:15:54.0296 2928 intelppm - ok 13:15:54.0328 2928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 13:15:54.0328 2928 Ip6Fw - ok 13:15:54.0375 2928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:15:54.0375 2928 IpFilterDriver - ok 13:15:54.0390 2928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:15:54.0390 2928 IpInIp - ok 13:15:54.0421 2928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:15:54.0421 2928 IpNat - ok 13:15:54.0437 2928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:15:54.0437 2928 IPSec - ok 13:15:54.0453 2928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:15:54.0453 2928 IRENUM - ok 13:15:54.0468 2928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:15:54.0468 2928 isapnp - ok 13:15:54.0484 2928 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys 13:15:54.0484 2928 Iviaspi - ok 13:15:54.0515 2928 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys 13:15:54.0515 2928 JGOGO - ok 13:15:54.0531 2928 JRAID (06b9c22897ebdc6aba993c77f173d882) C:\WINDOWS\system32\DRIVERS\jraid.sys 13:15:54.0531 2928 JRAID - ok 13:15:54.0546 2928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:15:54.0546 2928 Kbdclass - ok 13:15:54.0578 2928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 13:15:54.0578 2928 kmixer - ok 13:15:54.0593 2928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 13:15:54.0593 2928 KSecDD - ok 13:15:54.0625 2928 lbrtfdc - ok 13:15:54.0640 2928 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys 13:15:54.0640 2928 LVUSBSta - ok 13:15:54.0718 2928 MarkFun_NT (34ca6d7580aef0fa2cb58adbbe542f29) C:\Program Files\Gigabyte\@BIOS\markfun.w32 13:15:54.0718 2928 MarkFun_NT - ok 13:15:54.0750 2928 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 13:15:54.0750 2928 MBAMProtector - ok 13:15:54.0796 2928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:15:54.0796 2928 mnmdd - ok 13:15:54.0828 2928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 13:15:54.0828 2928 Modem - ok 13:15:54.0843 2928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:15:54.0859 2928 Mouclass - ok 13:15:54.0875 2928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:15:54.0875 2928 mouhid - ok 13:15:54.0875 2928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 13:15:54.0890 2928 MountMgr - ok 13:15:54.0890 2928 mraid35x - ok 13:15:54.0906 2928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:15:54.0906 2928 MRxDAV - ok 13:15:54.0953 2928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:15:54.0968 2928 MRxSmb - ok 13:15:54.0984 2928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 13:15:54.0984 2928 Msfs - ok 13:15:55.0000 2928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:15:55.0015 2928 MSKSSRV - ok 13:15:55.0015 2928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:15:55.0015 2928 MSPCLOCK - ok 13:15:55.0046 2928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 13:15:55.0046 2928 MSPQM - ok 13:15:55.0078 2928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:15:55.0078 2928 mssmbios - ok 13:15:55.0093 2928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 13:15:55.0093 2928 MSTEE - ok 13:15:55.0125 2928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 13:15:55.0125 2928 Mup - ok 13:15:55.0156 2928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 13:15:55.0156 2928 NABTSFEC - ok 13:15:55.0187 2928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 13:15:55.0203 2928 NDIS - ok 13:15:55.0218 2928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 13:15:55.0218 2928 NdisIP - ok 13:15:55.0250 2928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:15:55.0250 2928 NdisTapi - ok 13:15:55.0281 2928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:15:55.0281 2928 Ndisuio - ok 13:15:55.0296 2928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:15:55.0296 2928 NdisWan - ok 13:15:55.0312 2928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 13:15:55.0312 2928 NDProxy - ok 13:15:55.0343 2928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:15:55.0343 2928 NetBIOS - ok 13:15:55.0375 2928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:15:55.0390 2928 NetBT - ok 13:15:55.0437 2928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 13:15:55.0437 2928 NIC1394 - ok 13:15:55.0453 2928 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 13:15:55.0468 2928 nm - ok 13:15:55.0484 2928 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys 13:15:55.0484 2928 NPF - ok 13:15:55.0500 2928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 13:15:55.0500 2928 Npfs - ok 13:15:55.0500 2928 NSNDIS5 - ok 13:15:55.0531 2928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 13:15:55.0546 2928 Ntfs - ok 13:15:55.0578 2928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:15:55.0578 2928 Null - ok 13:15:55.0890 2928 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 13:15:55.0953 2928 nv - ok 13:15:56.0015 2928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:15:56.0015 2928 NwlnkFlt - ok 13:15:56.0031 2928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:15:56.0031 2928 NwlnkFwd - ok 13:15:56.0062 2928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 13:15:56.0062 2928 ohci1394 - ok 13:15:56.0109 2928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 13:15:56.0109 2928 Parport - ok 13:15:56.0140 2928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 13:15:56.0140 2928 PartMgr - ok 13:15:56.0156 2928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 13:15:56.0156 2928 ParVdm - ok 13:15:56.0203 2928 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS 13:15:56.0203 2928 PCANDIS5 - ok 13:15:56.0234 2928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 13:15:56.0234 2928 PCI - ok 13:15:56.0234 2928 PCIDump - ok 13:15:56.0250 2928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 13:15:56.0250 2928 PCIIde - ok 13:15:56.0281 2928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:15:56.0281 2928 Pcmcia - ok 13:15:56.0281 2928 PDCOMP - ok 13:15:56.0296 2928 PDFRAME - ok 13:15:56.0296 2928 PDRELI - ok 13:15:56.0312 2928 PDRFRAME - ok 13:15:56.0312 2928 perc2 - ok 13:15:56.0328 2928 perc2hib - ok 13:15:56.0359 2928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:15:56.0359 2928 PptpMiniport - ok 13:15:56.0375 2928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 13:15:56.0375 2928 PSched - ok 13:15:56.0406 2928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:15:56.0406 2928 Ptilink - ok 13:15:56.0421 2928 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 13:15:56.0421 2928 PxHelp20 - ok 13:15:56.0421 2928 ql1080 - ok 13:15:56.0437 2928 Ql10wnt - ok 13:15:56.0437 2928 ql12160 - ok 13:15:56.0453 2928 ql1240 - ok 13:15:56.0453 2928 ql1280 - ok 13:15:56.0468 2928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:15:56.0468 2928 RasAcd - ok 13:15:56.0484 2928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:15:56.0500 2928 Rasl2tp - ok 13:15:56.0500 2928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:15:56.0500 2928 RasPppoe - ok 13:15:56.0515 2928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:15:56.0515 2928 Raspti - ok 13:15:56.0531 2928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:15:56.0531 2928 Rdbss - ok 13:15:56.0546 2928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:15:56.0546 2928 RDPCDD - ok 13:15:56.0562 2928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:15:56.0578 2928 rdpdr - ok 13:15:56.0609 2928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 13:15:56.0609 2928 RDPWD - ok 13:15:56.0640 2928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:15:56.0640 2928 redbook - ok 13:15:56.0687 2928 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys 13:15:56.0687 2928 regi - ok 13:15:56.0750 2928 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.06\RivaTuner32.sys 13:15:56.0750 2928 RivaTuner32 - ok 13:15:56.0796 2928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:15:56.0796 2928 Secdrv - ok 13:15:56.0843 2928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 13:15:56.0843 2928 serenum - ok 13:15:56.0843 2928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 13:15:56.0843 2928 Serial - ok 13:15:56.0875 2928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:15:56.0875 2928 Sfloppy - ok 13:15:56.0890 2928 Simbad - ok 13:15:56.0921 2928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 13:15:56.0921 2928 SLIP - ok 13:15:56.0953 2928 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys 13:15:56.0953 2928 SmartDefragDriver - ok 13:15:56.0953 2928 Sparrow - ok 13:15:56.0984 2928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 13:15:56.0984 2928 splitter - ok 13:15:57.0031 2928 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys 13:15:57.0062 2928 sptd - ok 13:15:57.0078 2928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 13:15:57.0078 2928 sr - ok 13:15:57.0125 2928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 13:15:57.0125 2928 Srv - ok 13:15:57.0156 2928 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 13:15:57.0171 2928 ssadbus - ok 13:15:57.0203 2928 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 13:15:57.0203 2928 ssadmdfl - ok 13:15:57.0250 2928 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 13:15:57.0250 2928 ssadmdm - ok 13:15:57.0281 2928 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 13:15:57.0281 2928 sscdbus - ok 13:15:57.0312 2928 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 13:15:57.0312 2928 sscdmdfl - ok 13:15:57.0328 2928 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 13:15:57.0343 2928 sscdmdm - ok 13:15:57.0390 2928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 13:15:57.0390 2928 streamip - ok 13:15:57.0437 2928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:15:57.0437 2928 swenum - ok 13:15:57.0468 2928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 13:15:57.0468 2928 swmidi - ok 13:15:57.0484 2928 symc810 - ok 13:15:57.0484 2928 symc8xx - ok 13:15:57.0500 2928 sym_hi - ok 13:15:57.0500 2928 sym_u3 - ok 13:15:57.0546 2928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 13:15:57.0546 2928 sysaudio - ok 13:15:57.0593 2928 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys 13:15:57.0593 2928 TBPanel - ok 13:15:57.0640 2928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:15:57.0656 2928 Tcpip - ok 13:15:57.0687 2928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:15:57.0687 2928 TDPIPE - ok 13:15:57.0734 2928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 13:15:57.0734 2928 TDTCP - ok 13:15:57.0765 2928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:15:57.0765 2928 TermDD - ok 13:15:57.0812 2928 TNET1130 (d216d418e600d53fb96802ba7edfc114) C:\WINDOWS\system32\DRIVERS\GPlus.sys 13:15:57.0812 2928 TNET1130 - ok 13:15:57.0828 2928 TosIde - ok 13:15:57.0859 2928 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\WINDOWS\system32\drivers\truecrypt.sys 13:15:57.0859 2928 truecrypt - ok 13:15:57.0906 2928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 13:15:57.0906 2928 Udfs - ok 13:15:57.0906 2928 ultra - ok 13:15:57.0953 2928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 13:15:57.0984 2928 Update - ok 13:15:58.0000 2928 USBAAPL - ok 13:15:58.0031 2928 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 13:15:58.0031 2928 usbaudio - ok 13:15:58.0062 2928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:15:58.0062 2928 usbccgp - ok 13:15:58.0078 2928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:15:58.0078 2928 usbehci - ok 13:15:58.0109 2928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:15:58.0109 2928 usbhub - ok 13:15:58.0140 2928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 13:15:58.0140 2928 usbprint - ok 13:15:58.0156 2928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 13:15:58.0156 2928 usbscan - ok 13:15:58.0156 2928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:15:58.0171 2928 USBSTOR - ok 13:15:58.0187 2928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:15:58.0203 2928 usbuhci - ok 13:15:58.0218 2928 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 13:15:58.0218 2928 usb_rndisx - ok 13:15:58.0250 2928 VBoxDrv (571449cd3d011a30b346294ec6562612) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 13:15:58.0250 2928 VBoxDrv - ok 13:15:58.0281 2928 VBoxNetAdp (b7f32b2807e475c9dc04e6847fd734a0) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 13:15:58.0281 2928 VBoxNetAdp - ok 13:15:58.0312 2928 VBoxNetFlt (2e2b14df503ee31ca0796820120cf1bc) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 13:15:58.0312 2928 VBoxNetFlt - ok 13:15:58.0343 2928 VBoxUSBMon (44de4c74fce21b915399852d5a069ff5) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 13:15:58.0343 2928 VBoxUSBMon - ok 13:15:58.0375 2928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 13:15:58.0375 2928 VgaSave - ok 13:15:58.0390 2928 ViaIde - ok 13:15:58.0406 2928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 13:15:58.0406 2928 VolSnap - ok 13:15:58.0421 2928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:15:58.0421 2928 Wanarp - ok 13:15:58.0468 2928 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 13:15:58.0484 2928 Wdf01000 - ok 13:15:58.0500 2928 WDICA - ok 13:15:58.0531 2928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 13:15:58.0531 2928 wdmaud - ok 13:15:58.0578 2928 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 13:15:58.0578 2928 WpdUsb - ok 13:15:58.0609 2928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 13:15:58.0609 2928 WSTCODEC - ok 13:15:58.0640 2928 WT6563F (c8b9288c7fb87899fa0ccbb6d32e95d0) C:\WINDOWS\system32\Drivers\WT6563F.sys 13:15:58.0640 2928 WT6563F - ok 13:15:58.0687 2928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 13:15:58.0687 2928 WudfPf - ok 13:15:58.0718 2928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 13:15:58.0734 2928 WudfRd - ok 13:15:58.0781 2928 yukonwxp (936a0e2d44adf93ce0df8e92aab29c6e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 13:15:58.0781 2928 yukonwxp - ok 13:15:58.0875 2928 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl 13:15:58.0875 2928 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok 13:15:58.0890 2928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 13:15:58.0968 2928 \Device\Harddisk0\DR0 - ok 13:15:58.0968 2928 Boot (0x1200) (70253e5535e8158482b49b08636a2446) \Device\Harddisk0\DR0\Partition0 13:15:58.0968 2928 \Device\Harddisk0\DR0\Partition0 - ok 13:15:58.0984 2928 Boot (0x1200) (d6fd69d8f0936f416987f6ebb0696282) \Device\Harddisk0\DR0\Partition1 13:15:58.0984 2928 \Device\Harddisk0\DR0\Partition1 - ok 13:15:58.0984 2928 ============================================================ 13:15:58.0984 2928 Scan finished 13:15:58.0984 2928 ============================================================ 13:15:58.0984 1780 Detected object count: 0 13:15:58.0984 1780 Actual detected object count: 0 -
Computer keeps locking up - combofix logs enclosed!
truCido replied to truCido's topic in Resolved Malware Removal Logs
Ok so MBAM log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 7743 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 18/09/2011 17:49:39 mbam-log-2011-09-18 (17-49-39).txt Scan type: Quick scan Objects scanned: 211501 Time elapsed: 11 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Run by Administrator at 18:01:37 on 2011-09-18 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1353 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\dgdersvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Mozy\MozyHomeEuropebackup.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRunOnce: [RunNarrator] Narrator.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{DD832EC3-7052-48A0-B906-C0825AE76A5B} : DhcpNameServer = 192.168.0.1 Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hpqen42f.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q= FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hpqen42f.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\hpqen42f.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: TurnTool Viewer: turntoolviewer@turntool.com - %profile%\extensions\turntoolviewer@turntool.com FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} FF - Ext: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} FF - Ext: Selenium IDE: Ruby Formatters: rubyformatters@seleniumhq.org - %profile%\extensions\rubyformatters@seleniumhq.org FF - Ext: Selenium IDE: Java Formatters: javaformatters@seleniumhq.org - %profile%\extensions\javaformatters@seleniumhq.org FF - Ext: Selenium IDE: Groovy Formatters: groovyformatters@seleniumhq.org - %profile%\extensions\groovyformatters@seleniumhq.org FF - Ext: Selenium IDE: Perl Formatter: perlformatters@seleniumhq.org - %profile%\extensions\perlformatters@seleniumhq.org FF - Ext: Selenium IDE: PHP Formatters: phpformatters@seleniumhq.org - %profile%\extensions\phpformatters@seleniumhq.org FF - Ext: Selenium IDE: {a6fd85ed-e919-4a43-a5af-8da18bda539f} - %profile%\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f} FF - Ext: Selenium IDE: Python Formatters: pythonformatters@seleniumhq.org - %profile%\extensions\pythonformatters@seleniumhq.org FF - Ext: Selenium IDE: C# Formatters: csharpformatters@seleniumhq.org - %profile%\extensions\csharpformatters@seleniumhq.org FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-6-3 131584] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-22 442200] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-3-30 320856] R1 MozyHomeEuropeFilter;MozyHomeEuropeFilter;c:\windows\system32\drivers\MozyHomeEurope.sys [2011-3-26 54776] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-1-15 142992] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-1-15 41936] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:11:32];c:\program files\cyberlink\powerdvd9\navfilter\000.fcl [2010-1-28 87536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-30 20568] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-2 44768] R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-6-9 95568] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-22 54752] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-10 366152] R2 MozyHomeEuropebackup;Mozy Backup Service;c:\program files\mozy\MozyHomeEuropebackup.exe [2011-1-19 49456] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-12 2218600] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-6-9 18120] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-10 22216] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-29 100496] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-6-25 111312] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-11-29 30312] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-5-30 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-5-30 8456] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-18 36640] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-10 13224] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-23 30192] S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\@bios\markfun.w32 [2008-2-9 17912] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-11-29 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-11-29 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-11-29 121576] S3 TNET1130;D-Link AirPlus XtremeG+ Wireless Adapter;c:\windows\system32\drivers\GPlus.sys [2007-1-1 202496] S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [2009-11-16 13120] S4 FsUsbExService;FsUsbExService;c:\windows\system32\fsusbexservice.exe --> c:\windows\system32\FsUsbExService.Exe [?] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592] . =============== Created Last 30 ================ . 2011-09-18 16:34:28 709968 ----a-w- c:\windows\isRS-000.tmp 2011-09-15 22:38:59 98816 ----a-w- c:\windows\sed.exe 2011-09-15 22:38:59 518144 ----a-w- c:\windows\SWREG.exe 2011-09-15 22:38:59 256000 ----a-w- c:\windows\PEV.exe 2011-09-15 22:38:59 208896 ----a-w- c:\windows\MBR.exe 2011-09-09 09:12:13 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll 2011-09-03 21:50:53 -------- d-----w- C:\DTASwin 2011-09-03 21:50:48 249856 ------w- c:\windows\Setup1.exe 2011-09-03 21:50:46 73216 ----a-w- c:\windows\ST6UNST.EXE . ==================== Find3M ==================== . 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr 2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-11 20:49:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 18:02:52.68 =============== PcPitStop - http://www.pcpitstop.com/betapit/sec.asp?conid=24561962 -
Computer keeps locking up - combofix logs enclosed!
truCido replied to truCido's topic in Resolved Malware Removal Logs
I've had starting up issues since a previous bit of malware however it seems to have got worse recently. I don't use this computer very often so hasn't been too much of an issue and I've just assumed its to do with previous malware not completely being removed